Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215085.roa
File:                     AS215085.roa (raw, json)
Hash identifier:          Hb4WYMC9wyW7LwsqiYa4rKblqiEAEyuqW68KJgvJAOk=
Subject key identifier:   BD:F3:2D:B0:E6:16:A6:9A:FA:DC:24:D8:08:AF:45:6A:47:E4:81:49
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       039364631AEAD939E9691CC1E53FD31AAC3F993F
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215085.roa
Signing time:             Thu 03 Jul 2025 15:52:18 +0000
ROA not before:           Thu 03 Jul 2025 15:47:18 +0000
ROA not after:            Thu 02 Jul 2026 15:52:18 +0000
asID:                     215085
IP address blocks:        83.142.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:93:64:63:1a:ea:d9:39:e9:69:1c:c1:e5:3f:d3:1a:ac:3f:99:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:18 2025 GMT
            Not After : Jul  2 15:52:18 2026 GMT
        Subject: CN=BDF32DB0E616A69AFADC24D808AF456A47E48149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:eb:fa:45:9b:6d:f6:ee:9d:db:65:df:92:96:
                    3c:a9:cf:44:23:c5:d1:51:f7:2e:6d:39:48:15:5d:
                    5b:fd:13:ae:fb:e1:f4:ae:b7:d4:b1:45:41:c5:c2:
                    c3:b4:c4:84:81:b9:c0:71:8d:b9:3d:fa:97:71:b5:
                    f4:22:ac:00:fc:33:40:d2:e5:b9:9e:35:94:6b:7f:
                    e3:30:d6:fc:5c:70:05:51:c8:14:4e:e1:e1:03:45:
                    00:72:16:e6:d9:f0:fa:d8:d5:03:ee:dc:23:0c:b5:
                    84:db:ba:47:4f:4d:d1:10:25:2a:11:b9:81:16:58:
                    03:e2:0e:08:8f:65:e0:94:d6:88:51:0a:91:79:ca:
                    a8:db:51:10:9c:4b:87:0e:9e:6d:4f:d5:08:8e:17:
                    67:16:9f:83:b3:b5:c2:b8:b5:7b:d7:d7:d5:8a:0d:
                    ee:32:f6:68:46:a3:09:43:bc:c1:14:20:62:b8:65:
                    4a:42:41:4c:82:43:8d:45:36:b9:b0:e2:22:12:a0:
                    a3:82:11:19:1e:35:f6:4e:a4:7d:10:be:4b:dd:9e:
                    9a:46:e1:85:90:59:bf:6b:cb:e3:a0:be:5a:18:99:
                    26:71:a5:d8:68:58:b1:30:9a:22:0b:d2:f0:e9:45:
                    67:07:05:ce:7c:55:9d:3f:04:9c:02:e9:98:e3:3b:
                    45:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F3:2D:B0:E6:16:A6:9A:FA:DC:24:D8:08:AF:45:6A:47:E4:81:49
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215085.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.142.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:1a:fc:c8:c8:3f:d0:e1:28:a4:50:9e:76:91:2e:c8:f1:19:
         04:bd:8c:80:2d:f8:65:dc:84:d5:a9:46:60:7f:50:79:87:7d:
         90:0b:e8:6d:3b:29:82:e0:d2:95:53:39:22:df:d9:1f:fa:5c:
         93:05:e5:4b:3a:f5:b0:48:56:22:58:8c:8e:e8:2b:2e:3b:9f:
         99:e4:7d:89:3b:73:f4:fc:d0:1e:4a:9b:5f:c9:50:c8:e0:22:
         fc:4e:1e:30:69:53:36:67:51:79:08:41:fe:e0:8e:6a:4a:62:
         07:ed:e4:02:f9:cb:e0:bc:b2:46:08:29:ec:2e:8e:b3:d4:ab:
         2f:57:90:f7:2f:8d:8f:b1:b0:8d:30:a0:7e:d7:a5:72:06:a7:
         4d:a9:ea:49:19:84:69:9e:26:c8:8a:2a:20:69:ba:65:6e:42:
         2d:35:4b:66:97:42:00:c3:56:50:95:0f:ab:79:2e:2c:43:3e:
         b0:45:3a:fc:e7:b4:fa:94:7f:9f:de:20:fa:79:8b:fb:0f:95:
         78:e3:d8:4c:31:d7:37:64:52:f1:3a:db:3d:94:73:88:2c:df:
         0b:57:37:5f:5b:07:ab:3e:d6:cc:6b:ef:bc:29:dd:1b:93:70:
         17:7b:77:3d:4c:8a:e0:7c:b9:2c:b5:37:c3:da:c7:c8:55:a2:
         a5:8f:95:7b
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUA5NkYxrq2TnpaRzB5T/TGqw/mT8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MThaFw0yNjA3MDIxNTUyMThaMDMxMTAvBgNV
BAMTKEJERjMyREIwRTYxNkE2OUFGQURDMjREODA4QUY0NTZBNDdFNDgxNDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC76/pFm2327p3bZd+Sljypz0Qj
xdFR9y5tOUgVXVv9E6774fSut9SxRUHFwsO0xISBucBxjbk9+pdxtfQirAD8M0DS
5bmeNZRrf+Mw1vxccAVRyBRO4eEDRQByFubZ8PrY1QPu3CMMtYTbukdPTdEQJSoR
uYEWWAPiDgiPZeCU1ohRCpF5yqjbURCcS4cOnm1P1QiOF2cWn4OztcK4tXvX19WK
De4y9mhGowlDvMEUIGK4ZUpCQUyCQ41FNrmw4iISoKOCERkeNfZOpH0QvkvdnppG
4YWQWb9ry+OgvloYmSZxpdhoWLEwmiIL0vDpRWcHBc58VZ0/BJwC6ZjjO0U7AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUvfMtsOYWppr63CTYCK9FakfkgUkwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MDg1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAU44fMA0GCSqGSIb3DQEBCwUAA4IBAQApGvzIyD/Q
4SikUJ52kS7I8RkEvYyALfhl3ITVqUZgf1B5h32QC+htOymC4NKVUzki39kf+lyT
BeVLOvWwSFYiWIyO6CsuO5+Z5H2JO3P0/NAeSptfyVDI4CL8Th4waVM2Z1F5CEH+
4I5qSmIH7eQC+cvgvLJGCCnsLo6z1KsvV5D3L42PsbCNMKB+16VyBqdNqepJGYRp
nibIiiogabplbkItNUtml0IAw1ZQlQ+reS4sQz6wRTr857T6lH+f3iD6eYv7D5V4
49hMMdc3ZFLxOts9lHOILN8LVzdfWwerPtbMa++8Kd0bk3AXe3c9TIrgfLkstTfD
2sfIVaKlj5V7
-----END CERTIFICATE-----