Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215196.roa
File:                     AS215196.roa (raw, json)
Hash identifier:          m0dwh0GBeYcTLS5LH/7aygwMFmY6FWbJQnE1lNDcRL0=
Subject key identifier:   64:CD:BF:77:35:35:D8:E6:BA:90:BA:EB:4D:36:CF:2A:03:78:C7:9B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       194B00462A4B26D184799D17F3C6DE6C86072380
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215196.roa
Signing time:             Tue 09 Sep 2025 05:44:52 +0000
ROA not before:           Tue 09 Sep 2025 05:39:52 +0000
ROA not after:            Tue 08 Sep 2026 05:44:52 +0000
asID:                     215196
IP address blocks:        103.254.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 13:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:4b:00:46:2a:4b:26:d1:84:79:9d:17:f3:c6:de:6c:86:07:23:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Sep  9 05:39:52 2025 GMT
            Not After : Sep  8 05:44:52 2026 GMT
        Subject: CN=64CDBF773535D8E6BA90BAEB4D36CF2A0378C79B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2c:3f:7f:b7:bf:a5:d5:95:bf:5b:92:3c:68:
                    f6:6d:80:44:8d:72:a0:e0:5a:1f:0f:be:cd:e9:38:
                    16:9c:45:8f:c5:8a:7f:76:b0:a8:17:b9:6c:69:9b:
                    4f:95:a1:a2:9c:97:4f:8b:3c:5e:ca:3b:0a:e3:45:
                    c2:6d:07:c1:50:12:7f:bc:9f:b0:f4:ef:4f:21:6b:
                    69:3e:a3:2c:df:bb:3c:ef:d2:d3:03:cd:f5:42:8c:
                    c9:e5:f8:a0:0e:b4:ff:b7:4e:e4:f7:ba:16:f3:8f:
                    77:ec:5b:dc:5e:85:85:87:bc:40:5f:ed:98:ab:26:
                    b8:90:3b:9f:db:6d:36:52:dd:c6:f9:cb:cf:16:51:
                    a4:f2:fe:ed:07:3b:55:3c:36:66:5d:78:07:ee:e5:
                    aa:62:7a:41:61:f0:65:2e:b0:b9:eb:2d:a5:67:69:
                    3c:4d:46:8b:2f:ce:a2:14:3c:ff:b9:4d:e1:ee:08:
                    2e:83:fb:d0:9e:e9:d2:08:35:7c:03:b3:03:1e:25:
                    f2:11:4d:d0:47:2b:97:71:5a:a7:27:52:79:00:f2:
                    ce:d7:cd:5b:db:fc:d6:15:41:c8:b6:12:89:0d:4c:
                    ff:33:93:62:43:dd:38:1b:51:20:0c:f7:84:2e:8b:
                    be:ea:a3:8d:ad:26:d6:ce:f7:b1:ee:75:32:34:b2:
                    1c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CD:BF:77:35:35:D8:E6:BA:90:BA:EB:4D:36:CF:2A:03:78:C7:9B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215196.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.254.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:6f:5d:45:72:2d:42:35:0d:47:ef:8d:e0:fd:b3:8d:cd:f7:
         25:3a:06:5e:cc:ea:5d:59:d9:be:9a:58:c6:91:fc:5d:ad:a6:
         c4:3d:a2:bc:f1:84:30:24:89:49:46:17:ad:9f:33:1e:6f:1a:
         79:03:77:ae:df:4d:f8:8f:af:c1:a6:9d:e8:43:42:91:67:68:
         67:d6:9f:1f:94:47:ed:16:c2:55:15:80:6c:ce:98:6b:c0:51:
         a5:33:48:f3:e3:9f:06:0a:a9:ab:69:8b:77:e0:30:f1:54:85:
         32:85:8c:96:38:a9:c5:c5:68:1b:43:c8:03:32:e9:e8:7d:2e:
         ea:c6:ea:64:76:82:40:6d:3a:39:1a:4c:42:cd:80:38:e7:e0:
         ad:5c:56:bd:99:76:67:dd:9e:b0:69:da:ba:ac:2d:4e:4b:b9:
         d8:33:ab:30:3e:c7:33:6c:5a:a3:48:4c:59:90:a1:36:e5:0e:
         11:4c:0c:10:60:cd:de:71:93:b6:50:a8:f8:f8:9d:77:23:b6:
         62:d7:f4:08:1a:7f:4d:51:28:61:6c:15:f7:e8:f1:cc:dd:d1:
         0d:4c:eb:92:b9:0a:fd:25:09:bc:7b:27:75:d2:4c:97:ba:97:
         35:d8:ad:54:52:31:7c:dd:9d:fc:19:ec:b7:4e:39:3e:37:2d:
         f0:1c:fd:ea
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUGUsARipLJtGEeZ0X88bebIYHI4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA5MDkwNTM5NTJaFw0yNjA5MDgwNTQ0NTJaMDMxMTAvBgNV
BAMTKDY0Q0RCRjc3MzUzNUQ4RTZCQTkwQkFFQjREMzZDRjJBMDM3OEM3OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LD9/t7+l1ZW/W5I8aPZtgESN
cqDgWh8Pvs3pOBacRY/Fin92sKgXuWxpm0+VoaKcl0+LPF7KOwrjRcJtB8FQEn+8
n7D0708ha2k+oyzfuzzv0tMDzfVCjMnl+KAOtP+3TuT3uhbzj3fsW9xehYWHvEBf
7ZirJriQO5/bbTZS3cb5y88WUaTy/u0HO1U8NmZdeAfu5apiekFh8GUusLnrLaVn
aTxNRosvzqIUPP+5TeHuCC6D+9Ce6dIINXwDswMeJfIRTdBHK5dxWqcnUnkA8s7X
zVvb/NYVQci2EokNTP8zk2JD3TgbUSAM94Qui77qo42tJtbO97HudTI0shxlAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUZM2/dzU12Oa6kLrrTTbPKgN4x5swHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MTk2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ/48MA0GCSqGSIb3DQEBCwUAA4IBAQCib11Fci1C
NQ1H743g/bONzfclOgZezOpdWdm+mljGkfxdrabEPaK88YQwJIlJRhetnzMebxp5
A3eu3034j6/Bpp3oQ0KRZ2hn1p8flEftFsJVFYBszphrwFGlM0jz458GCqmraYt3
4DDxVIUyhYyWOKnFxWgbQ8gDMunofS7qxupkdoJAbTo5GkxCzYA45+CtXFa9mXZn
3Z6wadq6rC1OS7nYM6swPsczbFqjSExZkKE25Q4RTAwQYM3ecZO2UKj4+J13I7Zi
1/QIGn9NUShhbBX36PHM3dENTOuSuQr9JQm8eyd10kyXupc12K1UUjF83Z38Gey3
Tjk+Ny3wHP3q
-----END CERTIFICATE-----