Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215312.roa
File:                     AS215312.roa (raw, json)
Hash identifier:          j+5I8t80IERFhOPxPgIJOpznZAbqM19AOvv8A7phoYI=
Subject key identifier:   5E:0A:D2:1F:52:9C:FF:9A:69:32:98:C9:1E:C5:74:FD:28:91:D7:C8
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       25C69C60919A3A2478D358BFA39E63984EBDBF49
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215312.roa
Signing time:             Thu 03 Jul 2025 15:52:33 +0000
ROA not before:           Thu 03 Jul 2025 15:47:33 +0000
ROA not after:            Thu 02 Jul 2026 15:52:33 +0000
asID:                     215312
IP address blocks:        202.50.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:c6:9c:60:91:9a:3a:24:78:d3:58:bf:a3:9e:63:98:4e:bd:bf:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:33 2025 GMT
            Not After : Jul  2 15:52:33 2026 GMT
        Subject: CN=5E0AD21F529CFF9A693298C91EC574FD2891D7C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:90:6a:31:6d:54:f1:e0:ad:9b:94:48:01:dd:
                    9e:e0:59:d5:79:f1:a6:77:25:1d:95:7b:9e:37:0a:
                    c6:ab:a2:21:62:ef:d6:ae:ed:7b:cd:03:d6:cc:9f:
                    17:43:48:4e:4d:8b:1d:02:78:a4:07:d1:27:c6:e0:
                    34:09:4b:28:71:e4:a4:5b:e9:57:9d:dc:f5:76:4d:
                    8c:09:9b:e1:67:90:1d:c5:01:ec:ec:18:05:34:cb:
                    f4:50:24:49:08:db:23:49:ea:d5:af:8e:29:3c:e7:
                    82:dd:50:82:8d:66:cb:e9:d4:59:62:82:84:07:bb:
                    ed:9d:17:f9:45:2d:05:2b:74:a5:36:1d:bc:61:f0:
                    7e:11:3d:85:f5:8b:54:8a:19:29:ca:74:8a:46:2f:
                    7b:7a:0b:3c:f8:35:4d:fb:72:18:ca:39:0e:ed:5a:
                    90:b0:e2:b2:fe:9a:74:3a:8f:df:78:f4:fe:54:23:
                    f3:ae:04:77:d2:c9:fc:02:99:81:c7:58:5d:aa:1f:
                    fc:32:ae:2d:80:8c:e3:73:38:79:3f:ec:b6:91:cc:
                    9c:f8:a3:dc:cd:99:b1:85:53:e6:b0:7b:01:35:bf:
                    4d:81:63:fe:3b:af:c1:23:b6:58:c9:4b:2f:d3:9c:
                    07:c4:b1:d0:4d:a6:9b:46:5e:65:07:69:c2:cb:48:
                    c4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:0A:D2:1F:52:9C:FF:9A:69:32:98:C9:1E:C5:74:FD:28:91:D7:C8
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215312.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.50.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:d3:25:f9:0d:ce:f9:fb:66:69:07:d3:e7:9b:76:6f:72:e9:
         af:4d:3f:f1:fd:8a:e8:79:d1:b1:bd:d6:7d:7b:b7:25:bf:de:
         02:ae:13:d8:7d:d7:d6:ab:a7:78:a0:57:bc:c1:04:e1:46:49:
         36:0c:ff:fe:af:e7:65:0e:49:42:21:70:a7:cf:89:d1:5b:ff:
         04:9b:2a:1d:ff:17:8c:07:f2:1a:eb:0a:5c:2f:ea:3e:81:fe:
         1c:09:8c:91:ae:fc:4d:f9:64:48:4f:3c:de:7f:bc:0d:f0:c8:
         83:6d:c8:61:ff:ca:c7:b7:87:92:43:dc:8f:e7:e9:36:cf:90:
         d1:a9:4a:61:ea:44:cc:fe:70:fd:38:11:4b:69:62:de:6b:70:
         78:02:76:eb:c4:8d:59:32:a1:fd:0a:0d:30:10:c5:cb:75:b5:
         e8:36:ab:6a:ee:4e:40:c8:52:fe:33:60:60:ac:15:bb:9a:35:
         8d:4b:ec:d2:2b:d2:84:82:ea:c9:c4:7c:69:ac:aa:dd:be:15:
         16:3b:f4:47:cb:9f:4f:59:ca:57:93:7d:94:90:f2:87:39:9a:
         a1:76:ba:86:33:b9:7f:62:fc:97:fe:c0:24:18:ed:93:c1:e3:
         61:46:e7:ef:96:2f:46:38:ad:0f:d2:df:16:66:ce:89:4e:30:
         05:17:97:e0
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUJcacYJGaOiR401i/o55jmE69v0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MzNaFw0yNjA3MDIxNTUyMzNaMDMxMTAvBgNV
BAMTKDVFMEFEMjFGNTI5Q0ZGOUE2OTMyOThDOTFFQzU3NEZEMjg5MUQ3QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvkGoxbVTx4K2blEgB3Z7gWdV5
8aZ3JR2Ve543CsaroiFi79au7XvNA9bMnxdDSE5Nix0CeKQH0SfG4DQJSyhx5KRb
6Ved3PV2TYwJm+FnkB3FAezsGAU0y/RQJEkI2yNJ6tWvjik854LdUIKNZsvp1Fli
goQHu+2dF/lFLQUrdKU2Hbxh8H4RPYX1i1SKGSnKdIpGL3t6Czz4NU37chjKOQ7t
WpCw4rL+mnQ6j9949P5UI/OuBHfSyfwCmYHHWF2qH/wyri2AjONzOHk/7LaRzJz4
o9zNmbGFU+awewE1v02BY/47r8EjtljJSy/TnAfEsdBNpptGXmUHacLLSMSHAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUXgrSH1Kc/5ppMpjJHsV0/SiR18gwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MzEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAyjI2MA0GCSqGSIb3DQEBCwUAA4IBAQAT0yX5Dc75
+2ZpB9Pnm3ZvcumvTT/x/YroedGxvdZ9e7clv94CrhPYfdfWq6d4oFe8wQThRkk2
DP/+r+dlDklCIXCnz4nRW/8Emyod/xeMB/Ia6wpcL+o+gf4cCYyRrvxN+WRITzze
f7wN8MiDbchh/8rHt4eSQ9yP5+k2z5DRqUph6kTM/nD9OBFLaWLea3B4AnbrxI1Z
MqH9Cg0wEMXLdbXoNqtq7k5AyFL+M2BgrBW7mjWNS+zSK9KEgurJxHxprKrdvhUW
O/RHy59PWcpXk32UkPKHOZqhdrqGM7l/YvyX/sAkGO2TweNhRufvli9GOK0P0t8W
Zs6JTjAFF5fg
-----END CERTIFICATE-----