Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215046.roa
File:                     AS215046.roa (raw, json)
Hash identifier:          era9xRar3gxEzLJhLnPxhzeMS/t8DqgRTlKhuCUbEbI=
Subject key identifier:   D1:EC:31:84:5E:33:26:F7:88:DD:11:59:5C:B4:80:C6:3A:77:DB:31
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4E166EA536A0C16D4B7AE7C8EC60D7B9FEDB6245
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215046.roa
Signing time:             Thu 03 Jul 2025 15:52:01 +0000
ROA not before:           Thu 03 Jul 2025 15:47:01 +0000
ROA not after:            Thu 02 Jul 2026 15:52:01 +0000
asID:                     215046
IP address blocks:        144.48.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:16:6e:a5:36:a0:c1:6d:4b:7a:e7:c8:ec:60:d7:b9:fe:db:62:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:01 2025 GMT
            Not After : Jul  2 15:52:01 2026 GMT
        Subject: CN=D1EC31845E3326F788DD11595CB480C63A77DB31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:78:4f:26:de:86:50:d7:ca:e2:aa:5b:a0:25:
                    3d:a4:29:d1:ed:e6:79:26:07:0b:ce:7c:3e:44:5b:
                    b2:3b:05:70:6c:55:7c:c7:16:62:e5:e4:a5:71:80:
                    b0:cc:57:91:34:6b:75:b9:9a:97:3d:c9:67:9e:c2:
                    8c:70:8a:51:12:e8:86:c9:18:d9:f8:0d:f1:4b:d9:
                    9d:b2:e6:6b:58:87:e0:6c:8b:2b:13:8e:68:d7:5f:
                    1e:95:d0:dc:3c:4d:56:cd:ee:8e:40:5c:f6:aa:4d:
                    e8:01:06:16:e0:bc:f5:e7:43:de:dc:c7:97:e7:d3:
                    c8:83:d6:38:20:64:63:2b:a0:71:f8:29:d5:a4:27:
                    e0:4b:54:f9:24:38:93:f3:01:1f:49:80:4b:7e:78:
                    c4:fe:9c:01:2b:27:97:a0:02:90:01:fc:8c:c8:8d:
                    61:9b:90:60:53:53:29:f1:e6:bc:e7:6d:c1:f2:e7:
                    8f:2a:5a:7c:d0:bf:e5:db:84:75:4f:25:af:c7:b7:
                    ff:33:c1:55:53:2b:05:15:1c:b0:5e:24:67:d4:0d:
                    e9:65:2a:08:dc:c6:5d:55:fb:12:15:a4:c2:be:2d:
                    02:ae:87:f0:c1:e7:ee:cc:91:88:3c:cc:a8:4c:b8:
                    a9:fd:6e:12:62:2c:0d:db:82:8e:ff:56:d6:49:48:
                    c4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:EC:31:84:5E:33:26:F7:88:DD:11:59:5C:B4:80:C6:3A:77:DB:31
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215046.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:74:e0:99:08:5f:cf:f4:97:ca:ac:ff:85:06:f5:d8:9c:0e:
         2f:c5:1a:e0:a7:0b:78:d6:00:f4:30:18:c1:97:8c:a6:fa:de:
         08:b8:30:10:b6:f2:d7:ee:ef:5b:c9:6b:cd:3c:66:6d:d0:ce:
         6a:a7:a2:63:13:a2:f6:65:58:22:93:60:19:34:41:65:70:81:
         7f:e6:c2:e6:eb:89:bb:bc:80:c8:c1:34:40:90:ef:6b:f0:c6:
         af:39:a1:ac:34:f9:6d:8a:b2:16:95:ab:d2:aa:62:c5:9a:51:
         13:82:a0:04:80:52:95:9e:1d:7b:c8:78:0e:2d:7f:bb:ca:56:
         f4:50:0f:d6:f7:1a:eb:da:ca:34:77:81:41:2b:34:45:51:05:
         7c:90:73:09:57:38:8e:be:d9:e2:5f:e8:a6:15:9d:b0:a4:64:
         35:9d:4b:61:95:fa:97:34:11:6e:10:78:08:2f:cf:be:76:93:
         39:51:f0:81:f0:e3:0a:23:31:cb:04:b6:1c:35:55:5c:8a:cd:
         8b:31:da:de:6a:9f:9e:e1:89:f2:41:46:dd:b2:17:fb:e2:f8:
         12:ec:63:4a:45:c0:85:49:64:c2:91:25:a9:fa:08:ce:8d:2b:
         50:07:74:4a:2c:20:0d:00:7d:e9:75:fe:09:a3:6b:22:4b:ed:
         13:44:f9:0a
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUThZupTagwW1LeufI7GDXuf7bYkUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MDFaFw0yNjA3MDIxNTUyMDFaMDMxMTAvBgNV
BAMTKEQxRUMzMTg0NUUzMzI2Rjc4OEREMTE1OTVDQjQ4MEM2M0E3N0RCMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEeE8m3oZQ18riqlugJT2kKdHt
5nkmBwvOfD5EW7I7BXBsVXzHFmLl5KVxgLDMV5E0a3W5mpc9yWeewoxwilES6IbJ
GNn4DfFL2Z2y5mtYh+BsiysTjmjXXx6V0Nw8TVbN7o5AXPaqTegBBhbgvPXnQ97c
x5fn08iD1jggZGMroHH4KdWkJ+BLVPkkOJPzAR9JgEt+eMT+nAErJ5egApAB/IzI
jWGbkGBTUynx5rznbcHy548qWnzQv+XbhHVPJa/Ht/8zwVVTKwUVHLBeJGfUDell
Kgjcxl1V+xIVpMK+LQKuh/DB5+7MkYg8zKhMuKn9bhJiLA3bgo7/VtZJSMQJAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU0ewxhF4zJveI3RFZXLSAxjp32zEwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MDQ2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAkDBTMA0GCSqGSIb3DQEBCwUAA4IBAQBKdOCZCF/P
9JfKrP+FBvXYnA4vxRrgpwt41gD0MBjBl4ym+t4IuDAQtvLX7u9byWvNPGZt0M5q
p6JjE6L2ZVgik2AZNEFlcIF/5sLm64m7vIDIwTRAkO9r8MavOaGsNPltirIWlavS
qmLFmlETgqAEgFKVnh17yHgOLX+7ylb0UA/W9xrr2so0d4FBKzRFUQV8kHMJVziO
vtniX+imFZ2wpGQ1nUthlfqXNBFuEHgIL8++dpM5UfCB8OMKIzHLBLYcNVVcis2L
Mdreap+e4YnyQUbdshf74vgS7GNKRcCFSWTCkSWp+gjOjStQB3RKLCANAH3pdf4J
o2siS+0TRPkK
-----END CERTIFICATE-----