Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214451.roa
File:                     AS214451.roa (raw, json)
Hash identifier:          avcg6w5dtALumUCwfNOO5jCxwwExx0xablWrEPQqv0w=
Subject key identifier:   63:47:BA:65:0E:0F:29:78:A2:82:91:64:C7:76:3A:6E:88:37:9C:E6
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6CC3A3AA9DF5C093F9EC301BBB709F300941A941
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214451.roa
Signing time:             Thu 03 Jul 2025 15:51:26 +0000
ROA not before:           Thu 03 Jul 2025 15:46:26 +0000
ROA not after:            Thu 02 Jul 2026 15:51:26 +0000
asID:                     214451
IP address blocks:        195.184.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:c3:a3:aa:9d:f5:c0:93:f9:ec:30:1b:bb:70:9f:30:09:41:a9:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:26 2025 GMT
            Not After : Jul  2 15:51:26 2026 GMT
        Subject: CN=6347BA650E0F2978A2829164C7763A6E88379CE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1a:dd:ff:94:70:f6:25:34:82:0d:95:05:7c:
                    0c:6c:5d:55:dd:d7:6e:1e:15:07:ff:98:e6:ca:51:
                    62:06:47:4c:e7:60:da:75:16:83:ac:7f:f1:3b:2e:
                    27:31:27:73:f6:a8:e8:92:58:4e:78:33:63:7d:79:
                    d7:69:25:ce:c5:f8:ec:31:d2:89:dd:58:12:ed:ef:
                    f9:15:26:d8:bf:dd:be:0b:c7:21:44:58:84:ca:df:
                    c5:26:3a:ab:32:a9:28:57:87:9c:d3:33:61:61:cf:
                    83:6c:9a:b3:7d:d0:26:20:1e:d0:87:27:6b:b1:55:
                    95:20:1c:d6:3f:9d:ca:92:cd:87:db:d3:a7:11:ac:
                    f7:1a:cf:32:ea:c6:05:ce:4a:8a:54:6a:30:78:f3:
                    d1:7f:d9:ea:2e:b4:fd:15:46:e9:c9:82:97:3b:5c:
                    a9:e1:79:2c:ce:38:3d:24:0c:79:c3:76:5b:28:7e:
                    5c:d6:00:3b:85:6b:35:3c:c3:e6:0f:99:83:ee:24:
                    16:24:39:d8:4d:8b:fe:0b:57:e3:dc:ab:e5:50:7f:
                    31:55:81:26:75:54:d4:a6:2c:d2:72:a5:89:8e:68:
                    ea:40:86:ff:d2:e6:cb:17:16:78:d0:62:8e:bb:33:
                    03:f7:41:cf:12:ec:4f:29:b3:9b:96:eb:42:af:c6:
                    36:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:47:BA:65:0E:0F:29:78:A2:82:91:64:C7:76:3A:6E:88:37:9C:E6
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214451.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:00:1f:b3:3f:70:9e:85:cd:27:a6:94:4a:9a:9d:76:10:4a:
         ba:52:df:9a:bd:f8:0c:cf:fc:d7:27:3b:44:75:df:37:b9:de:
         4c:7d:c0:f6:29:10:bf:d6:74:f6:83:ed:f8:91:95:c8:f6:36:
         f6:6d:27:d3:7f:66:83:b5:21:7b:7b:21:a2:00:38:82:05:75:
         fc:e2:67:1f:90:f3:06:96:19:ea:10:4a:75:76:11:e4:1b:23:
         28:6f:af:38:aa:fd:79:5d:81:b1:92:a5:79:d7:f5:a1:7b:86:
         01:c4:23:65:47:7f:0e:7d:aa:c7:91:72:55:68:93:c3:79:ed:
         92:2b:02:9c:1b:39:ed:4b:6c:43:08:5f:e9:c0:5b:e5:cc:f0:
         6b:80:22:f0:fc:22:51:15:46:ed:61:88:3f:4f:94:2d:3a:9d:
         6f:e5:b8:ab:e7:db:2c:6c:3c:76:20:c1:4f:de:23:cb:84:e0:
         13:03:7e:3f:15:ba:ff:0d:8a:91:ef:99:4c:64:50:ba:4c:34:
         48:0f:68:e4:ae:49:64:06:37:4b:2f:f7:6a:53:69:8b:6a:27:
         82:ed:b3:67:4f:3c:1b:3c:a9:9f:69:96:0d:dc:54:80:97:54:
         bf:b0:df:31:e8:41:10:62:ea:79:4e:4f:10:61:0f:4f:1e:86:
         f1:5c:de:14
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUbMOjqp31wJP57DAbu3CfMAlBqUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjZaFw0yNjA3MDIxNTUxMjZaMDMxMTAvBgNV
BAMTKDYzNDdCQTY1MEUwRjI5NzhBMjgyOTE2NEM3NzYzQTZFODgzNzlDRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Gt3/lHD2JTSCDZUFfAxsXVXd
124eFQf/mObKUWIGR0znYNp1FoOsf/E7LicxJ3P2qOiSWE54M2N9eddpJc7F+Owx
0ondWBLt7/kVJti/3b4LxyFEWITK38UmOqsyqShXh5zTM2Fhz4NsmrN90CYgHtCH
J2uxVZUgHNY/ncqSzYfb06cRrPcazzLqxgXOSopUajB489F/2eoutP0VRunJgpc7
XKnheSzOOD0kDHnDdlsoflzWADuFazU8w+YPmYPuJBYkOdhNi/4LV+Pcq+VQfzFV
gSZ1VNSmLNJypYmOaOpAhv/S5ssXFnjQYo67MwP3Qc8S7E8ps5uW60KvxjZfAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUY0e6ZQ4PKXiigpFkx3Y6bog3nOYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NDUxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAw7j3MA0GCSqGSIb3DQEBCwUAA4IBAQBwAB+zP3Ce
hc0nppRKmp12EEq6Ut+avfgMz/zXJztEdd83ud5MfcD2KRC/1nT2g+34kZXI9jb2
bSfTf2aDtSF7eyGiADiCBXX84mcfkPMGlhnqEEp1dhHkGyMob684qv15XYGxkqV5
1/Whe4YBxCNlR38OfarHkXJVaJPDee2SKwKcGzntS2xDCF/pwFvlzPBrgCLw/CJR
FUbtYYg/T5QtOp1v5bir59ssbDx2IMFP3iPLhOATA34/Fbr/DYqR75lMZFC6TDRI
D2jkrklkBjdLL/dqU2mLaieC7bNnTzwbPKmfaZYN3FSAl1S/sN8x6EEQYup5Tk8Q
YQ9PHobxXN4U
-----END CERTIFICATE-----