Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214323.roa
File:                     AS214323.roa (raw, json)
Hash identifier:          xA1RNKKfqH9tEkYpAMZ7ZRM6azROm+E8+k3DB4YT2fw=
Subject key identifier:   B7:15:3F:F5:C9:24:84:32:F9:74:30:7F:3D:2B:1A:2A:73:BC:57:58
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       29106D9D779581129C2017F56D80E889A13BB16E
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214323.roa
Signing time:             Thu 04 Jun 2026 15:58:52 +0000
ROA not before:           Thu 04 Jun 2026 15:53:52 +0000
ROA not after:            Thu 03 Jun 2027 15:58:52 +0000
asID:                     214323
IP address blocks:        194.58.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:10:6d:9d:77:95:81:12:9c:20:17:f5:6d:80:e8:89:a1:3b:b1:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:52 2026 GMT
            Not After : Jun  3 15:58:52 2027 GMT
        Subject: CN=B7153FF5C9248432F974307F3D2B1A2A73BC5758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:81:21:7a:74:8c:98:40:25:c5:4b:0c:16:e3:
                    a4:ba:da:09:50:c8:d6:33:40:c7:f4:02:08:24:05:
                    fd:3c:7d:b1:b1:04:f1:b8:cc:7d:31:ac:31:17:6c:
                    10:2c:f8:71:e3:6b:05:c2:3e:33:ea:38:89:3c:8c:
                    fd:73:99:5a:39:43:cb:09:59:52:72:4d:06:e4:a2:
                    a4:1e:20:fd:90:dd:5b:4e:03:7f:99:b8:15:25:28:
                    16:24:f9:80:59:32:ed:ad:74:8c:6f:07:a6:9b:e2:
                    67:61:56:23:af:63:bf:2b:76:6b:bb:0d:1f:79:b4:
                    1f:96:3d:3e:2c:b8:4c:7d:4c:c3:3a:9e:92:23:f2:
                    7b:43:65:da:54:fa:7e:fb:43:7c:a8:2e:64:aa:d9:
                    00:5c:82:f3:1b:3f:48:30:93:8c:2d:21:ad:c2:0e:
                    f5:65:de:c1:d8:ad:fa:63:de:1c:d1:46:94:75:d4:
                    c7:ef:d8:3f:29:c5:a6:c6:e0:da:c2:ba:34:2d:6c:
                    2f:46:7f:19:39:e8:51:42:24:0c:6a:1f:70:91:f6:
                    e9:a0:44:09:ae:9c:bf:69:da:91:0f:4b:db:ed:73:
                    24:31:ef:48:1a:a8:22:8b:bc:c4:8a:e1:f3:d2:5b:
                    cb:15:8a:51:73:e9:fd:3f:e2:ff:1c:f1:ab:68:fd:
                    06:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:15:3F:F5:C9:24:84:32:F9:74:30:7F:3D:2B:1A:2A:73:BC:57:58
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214323.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:a2:60:b3:3f:f5:cf:ed:b4:71:04:b7:f9:a1:9b:cb:cc:64:
         a9:f1:94:3e:29:f2:bb:d9:be:47:ae:02:2a:da:fb:b3:04:e9:
         70:f0:81:be:6d:39:a1:bf:a1:c2:03:8e:56:18:16:1d:a4:0f:
         7c:d2:2f:a3:51:39:6d:85:9f:bd:dc:07:5d:18:a7:dc:c3:6a:
         82:77:c3:20:d7:01:d6:14:38:98:5d:41:a6:5a:8f:be:5d:81:
         a4:9d:12:5b:e0:55:42:18:76:90:65:b5:a7:f1:17:34:a7:cf:
         e8:7a:09:14:d8:1b:8e:68:e9:08:15:31:a6:e6:28:2c:c7:79:
         ac:ed:23:ac:ce:be:a1:fb:9e:6c:08:2e:df:b2:1f:23:c7:ab:
         72:d6:42:4d:a9:28:34:32:78:b3:6a:3b:c0:37:dd:6b:64:43:
         0a:09:30:87:b6:62:50:2c:10:4d:41:83:9a:a1:60:d4:8d:17:
         95:17:6e:f1:91:92:78:0b:a1:bd:ff:e1:a4:b0:8d:4b:62:fc:
         9c:40:2b:9f:8d:1e:c3:98:e0:f4:90:9e:dc:6c:ce:c3:1f:81:
         e3:5f:cc:68:f9:24:d8:63:14:4a:28:b7:3d:a8:f4:2a:0e:2f:
         f7:fc:20:5b:fc:d5:c5:d6:a9:63:35:a1:b0:be:8d:9c:86:22:
         40:43:5b:7e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUKRBtnXeVgRKcIBf1bYDoiaE7sW4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTJaFw0yNzA2MDMxNTU4NTJaMDMxMTAvBgNV
BAMTKEI3MTUzRkY1QzkyNDg0MzJGOTc0MzA3RjNEMkIxQTJBNzNCQzU3NTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwgSF6dIyYQCXFSwwW46S62glQ
yNYzQMf0AggkBf08fbGxBPG4zH0xrDEXbBAs+HHjawXCPjPqOIk8jP1zmVo5Q8sJ
WVJyTQbkoqQeIP2Q3VtOA3+ZuBUlKBYk+YBZMu2tdIxvB6ab4mdhViOvY78rdmu7
DR95tB+WPT4suEx9TMM6npIj8ntDZdpU+n77Q3yoLmSq2QBcgvMbP0gwk4wtIa3C
DvVl3sHYrfpj3hzRRpR11Mfv2D8pxabG4NrCujQtbC9Gfxk56FFCJAxqH3CR9umg
RAmunL9p2pEPS9vtcyQx70gaqCKLvMSK4fPSW8sVilFz6f0/4v8c8ato/QZlAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUtxU/9ckkhDL5dDB/PSsaKnO8V1gwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0MzIzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAwjpAMA0GCSqGSIb3DQEBCwUAA4IBAQC5omCzP/XP
7bRxBLf5oZvLzGSp8ZQ+KfK72b5HrgIq2vuzBOlw8IG+bTmhv6HCA45WGBYdpA98
0i+jUTlthZ+93AddGKfcw2qCd8Mg1wHWFDiYXUGmWo++XYGknRJb4FVCGHaQZbWn
8Rc0p8/oegkU2BuOaOkIFTGm5igsx3ms7SOszr6h+55sCC7fsh8jx6ty1kJNqSg0
MnizajvAN91rZEMKCTCHtmJQLBBNQYOaoWDUjReVF27xkZJ4C6G9/+GksI1LYvyc
QCufjR7DmOD0kJ7cbM7DH4HjX8xo+STYYxRKKLc9qPQqDi/3/CBb/NXF1qljNaGw
vo2chiJAQ1t+
-----END CERTIFICATE-----