Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215086.roa
File:                     AS215086.roa (raw, json)
Hash identifier:          BEbhUnzx3ao8J2EL28Ca5Gxre2Oy7d6jT+G8YFjhtvk=
Subject key identifier:   E9:28:BB:EF:B5:09:24:B3:07:E5:F1:EC:ED:1B:DD:A2:BD:D0:D3:D9
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5BF88DE788E683CD3CB4B66B4443D1CD7C955CFA
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215086.roa
Signing time:             Thu 03 Jul 2025 15:51:26 +0000
ROA not before:           Thu 03 Jul 2025 15:46:26 +0000
ROA not after:            Thu 02 Jul 2026 15:51:26 +0000
asID:                     215086
IP address blocks:        103.204.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:f8:8d:e7:88:e6:83:cd:3c:b4:b6:6b:44:43:d1:cd:7c:95:5c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:26 2025 GMT
            Not After : Jul  2 15:51:26 2026 GMT
        Subject: CN=E928BBEFB50924B307E5F1ECED1BDDA2BDD0D3D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a8:a8:c8:1e:17:1c:bf:07:6b:c1:80:62:92:
                    cd:e7:54:d7:ad:de:f5:1a:66:2d:a7:a0:cc:5a:a0:
                    37:9e:2e:e7:10:f2:57:8b:47:cc:af:7e:21:c4:2c:
                    fa:7a:f0:30:9b:9e:ce:47:49:16:5b:69:b4:c4:0b:
                    78:f7:c1:42:4d:80:7c:4b:86:29:21:cc:9c:e3:e5:
                    c4:a8:5d:05:44:19:c8:53:44:a0:f6:48:93:15:5c:
                    23:15:a5:0f:3b:9d:ea:6c:bf:28:53:5c:8e:ee:e7:
                    11:1d:0b:7c:1a:cc:e1:93:61:60:82:4c:cd:bf:09:
                    a0:43:e5:69:c6:44:5a:ef:48:24:42:b1:bf:c8:89:
                    94:6d:b4:18:a5:0e:fd:5c:77:e0:82:ee:8c:44:0c:
                    2e:d7:ec:b6:d4:ad:e1:d5:08:d7:92:c5:cf:0c:fe:
                    85:1b:88:9a:a2:91:b9:83:04:af:39:8f:25:26:f9:
                    e7:d1:19:c0:74:96:66:d8:7b:8c:b7:7c:d2:65:57:
                    45:25:38:41:ba:5b:77:70:b9:46:1e:7d:c6:ef:66:
                    48:02:9d:7a:17:48:35:22:9b:4e:8f:bb:7d:b5:1d:
                    9d:62:f5:e8:8c:bc:47:fc:20:34:59:4d:0c:30:97:
                    ad:24:c4:19:14:6d:54:a1:8a:47:98:fe:39:04:86:
                    0c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:28:BB:EF:B5:09:24:B3:07:E5:F1:EC:ED:1B:DD:A2:BD:D0:D3:D9
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215086.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.204.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ad:31:2a:19:c6:9b:bb:4c:a7:f1:f5:ac:e6:5b:5f:40:82:
         f7:19:1d:48:a6:94:18:58:d7:e5:09:1d:7c:cb:bd:67:25:27:
         6a:3f:f1:a4:6b:0b:87:31:60:88:90:3a:44:f3:e9:87:2c:5b:
         e2:aa:c4:c5:3b:5f:11:52:23:b7:24:5e:d1:d5:38:19:48:c0:
         05:56:9f:49:8f:dd:6a:31:47:12:d4:39:40:ca:e5:c6:d6:a4:
         15:62:c8:a7:80:12:2d:ed:33:1c:93:5e:9d:1a:70:e1:0b:0d:
         a4:7c:96:c5:21:fc:22:97:cd:34:e3:da:9a:70:b7:55:5a:40:
         19:3d:2c:4d:7b:cc:f9:eb:2a:a3:18:09:07:f0:52:be:60:f3:
         3a:cd:81:d4:54:f1:f4:47:2f:fb:aa:79:20:c6:ef:5d:72:33:
         10:68:57:c0:19:19:42:63:42:6a:27:28:97:1d:8b:66:18:b8:
         e7:ec:e1:5e:7b:4d:cc:2b:26:02:49:c9:83:de:8f:e8:e1:d4:
         4d:78:c7:e2:87:ba:8f:7b:ea:94:be:03:26:a4:4c:fe:ec:5a:
         3a:6b:05:a2:54:20:84:0e:54:9e:a0:28:44:a0:8d:be:38:33:
         30:65:15:2a:a1:0a:0b:43:c9:b7:0d:7c:0c:03:51:95:dc:63:
         42:e6:c7:93
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUW/iN54jmg808tLZrREPRzXyVXPowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MjZaFw0yNjA3MDIxNTUxMjZaMDMxMTAvBgNV
BAMTKEU5MjhCQkVGQjUwOTI0QjMwN0U1RjFFQ0VEMUJEREEyQkREMEQzRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7qKjIHhccvwdrwYBiks3nVNet
3vUaZi2noMxaoDeeLucQ8leLR8yvfiHELPp68DCbns5HSRZbabTEC3j3wUJNgHxL
hikhzJzj5cSoXQVEGchTRKD2SJMVXCMVpQ87nepsvyhTXI7u5xEdC3wazOGTYWCC
TM2/CaBD5WnGRFrvSCRCsb/IiZRttBilDv1cd+CC7oxEDC7X7LbUreHVCNeSxc8M
/oUbiJqikbmDBK85jyUm+efRGcB0lmbYe4y3fNJlV0UlOEG6W3dwuUYefcbvZkgC
nXoXSDUim06Pu321HZ1i9eiMvEf8IDRZTQwwl60kxBkUbVShikeY/jkEhgybAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU6Si777UJJLMH5fHs7Rvdor3Q09kwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MDg2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ8zDMA0GCSqGSIb3DQEBCwUAA4IBAQAbrTEqGcab
u0yn8fWs5ltfQIL3GR1IppQYWNflCR18y71nJSdqP/GkawuHMWCIkDpE8+mHLFvi
qsTFO18RUiO3JF7R1TgZSMAFVp9Jj91qMUcS1DlAyuXG1qQVYsingBIt7TMck16d
GnDhCw2kfJbFIfwil80049qacLdVWkAZPSxNe8z56yqjGAkH8FK+YPM6zYHUVPH0
Ry/7qnkgxu9dcjMQaFfAGRlCY0JqJyiXHYtmGLjn7OFee03MKyYCScmD3o/o4dRN
eMfih7qPe+qUvgMmpEz+7Fo6awWiVCCEDlSeoChEoI2+ODMwZRUqoQoLQ8m3DXwM
A1GV3GNC5seT
-----END CERTIFICATE-----