Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS3320.roa
File:                     AS3320.roa (raw, json)
Hash identifier:          eviofl/oUWE4c9rQi+dWJW3VEe0SeVoh1CdUIsBHkxw=
Subject key identifier:   92:CE:12:97:6D:74:D7:CE:B9:EB:A0:A1:0B:09:61:E9:99:1C:5D:43
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       29CF90C457D0F3F58209CABEFCEDD0D81673F32D
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS3320.roa
Signing time:             Sun 17 May 2026 08:27:20 +0000
ROA not before:           Sun 17 May 2026 08:22:20 +0000
ROA not after:            Sun 16 May 2027 08:27:20 +0000
asID:                     3320
IP address blocks:        81.31.210.0/23 maxlen: 24
                          185.195.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 16:09:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:cf:90:c4:57:d0:f3:f5:82:09:ca:be:fc:ed:d0:d8:16:73:f3:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: May 17 08:22:20 2026 GMT
            Not After : May 16 08:27:20 2027 GMT
        Subject: CN=92CE12976D74D7CEB9EBA0A10B0961E9991C5D43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a4:48:32:24:c7:8a:46:7f:6b:ea:72:49:2a:
                    bf:98:9d:76:a9:c4:34:74:5f:1d:7e:e7:0f:c4:4e:
                    f2:03:91:ef:e5:23:f4:b8:7e:d3:1d:09:68:45:7e:
                    c0:1b:53:cf:9f:7d:f3:0e:73:b6:55:29:a5:ef:18:
                    d1:85:6d:9e:40:7e:57:7f:7e:aa:60:89:db:7f:c7:
                    27:e3:b8:a9:29:10:ea:48:94:5b:a2:f9:92:0f:4b:
                    ee:41:df:29:4c:89:59:24:11:26:d7:f8:d7:d6:a4:
                    b6:a2:3d:7a:76:fa:3b:71:22:2d:60:79:db:ea:ae:
                    53:f7:fd:a6:38:f7:4c:cd:b3:f8:1f:fa:25:21:e0:
                    db:73:b9:72:f7:c3:94:2b:af:19:40:eb:2a:4e:58:
                    5d:d9:4f:68:08:f1:d6:b2:1a:f3:a6:88:d9:2b:be:
                    16:ec:5b:f5:af:88:79:c5:e9:bb:a6:37:80:9b:70:
                    51:28:2d:76:2a:0c:da:5e:21:13:0d:e4:6d:70:73:
                    88:4f:5d:ce:58:01:f0:ac:9e:58:51:95:5e:2d:c3:
                    57:53:90:ea:b0:62:63:d9:5f:03:64:8c:e6:69:2c:
                    be:00:66:c9:7e:c3:e3:a5:9c:ad:f7:82:29:40:8d:
                    c9:44:6d:61:60:12:e8:56:a9:02:66:da:57:33:e8:
                    b8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CE:12:97:6D:74:D7:CE:B9:EB:A0:A1:0B:09:61:E9:99:1C:5D:43
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS3320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.210.0/23
                  185.195.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:cd:fb:a4:74:a1:6b:fb:cd:a2:75:2f:dc:8b:db:de:7a:3e:
         3b:da:9d:2e:41:65:d2:1f:55:99:fa:2b:ef:8d:b2:93:76:a0:
         87:f0:86:fd:53:37:a3:82:10:23:d7:57:3c:c8:70:df:87:13:
         e9:ca:b7:bb:a7:c8:a8:22:2b:12:5e:c4:9d:b1:54:37:d8:39:
         0e:c9:7a:35:05:31:53:2c:b9:71:ef:7f:48:da:5f:04:fd:6a:
         ee:50:c8:95:f9:1c:aa:b9:66:9e:a2:d1:40:ce:a5:4c:51:07:
         86:b5:b5:35:b5:77:fa:9e:de:2b:e9:ad:63:e0:6a:61:d1:3d:
         da:21:3c:55:f0:81:36:f1:de:4a:02:d9:dc:bc:7f:7d:6a:bb:
         d6:90:36:12:08:8b:8a:55:36:30:7c:8b:08:32:b0:eb:89:fe:
         1a:49:77:80:5b:fe:ab:01:9c:22:ae:0a:77:f0:87:08:ba:e5:
         d4:f5:87:c5:c7:68:ed:94:d8:95:75:ea:1d:d4:51:38:5d:19:
         cc:f8:7e:23:dd:e2:8a:7d:b6:4e:62:37:6d:25:ca:a7:76:f8:
         0b:b5:5a:46:0b:33:3a:25:79:86:e3:55:2e:d4:c2:1f:fb:47:
         61:3a:3e:e0:23:f7:2c:2d:b2:ea:07:f9:1d:33:5f:4f:c1:12:
         fb:65:af:4c
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUKc+QxFfQ8/WCCcq+/O3Q2BZz8y0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA1MTcwODIyMjBaFw0yNzA1MTYwODI3MjBaMDMxMTAvBgNV
BAMTKDkyQ0UxMjk3NkQ3NEQ3Q0VCOUVCQTBBMTBCMDk2MUU5OTkxQzVENDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFpEgyJMeKRn9r6nJJKr+YnXap
xDR0Xx1+5w/ETvIDke/lI/S4ftMdCWhFfsAbU8+fffMOc7ZVKaXvGNGFbZ5Afld/
fqpgidt/xyfjuKkpEOpIlFui+ZIPS+5B3ylMiVkkESbX+NfWpLaiPXp2+jtxIi1g
edvqrlP3/aY490zNs/gf+iUh4NtzuXL3w5QrrxlA6ypOWF3ZT2gI8dayGvOmiNkr
vhbsW/WviHnF6bumN4CbcFEoLXYqDNpeIRMN5G1wc4hPXc5YAfCsnlhRlV4tw1dT
kOqwYmPZXwNkjOZpLL4AZsl+w+OlnK33gilAjclEbWFgEuhWqQJm2lcz6LiXAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUks4Sl210186566ChCwlh6ZkcXUMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MzMyMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB
/wQWMBQwEgQCAAEwDAMEAVEf0gMEALnD7zANBgkqhkiG9w0BAQsFAAOCAQEAiM37
pHSha/vNonUv3Ivb3no+O9qdLkFl0h9Vmfor742yk3agh/CG/VM3o4IQI9dXPMhw
34cT6cq3u6fIqCIrEl7EnbFUN9g5Dsl6NQUxUyy5ce9/SNpfBP1q7lDIlfkcqrlm
nqLRQM6lTFEHhrW1NbV3+p7eK+mtY+BqYdE92iE8VfCBNvHeSgLZ3Lx/fWq71pA2
EgiLilU2MHyLCDKw64n+Gkl3gFv+qwGcIq4Kd/CHCLrl1PWHxcdo7ZTYlXXqHdRR
OF0ZzPh+I93iin22TmI3bSXKp3b4C7VaRgszOiV5huNVLtTCH/tHYTo+4CP3LC2y
6gf5HTNfT8ES+2WvTA==
-----END CERTIFICATE-----