Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS34927.roa
File:                     AS34927.roa (raw, json)
Hash identifier:          FSNvn9x06l8yndO6mhmjGIlmVBzkoy/jgF4Kwl4PNgQ=
Subject key identifier:   0B:E4:5F:97:09:A5:EC:10:CA:15:9E:97:1F:C0:99:BB:7D:79:AE:31
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       76D755F7EB16ECFE7A0DBB499F31A424AD16A678
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS34927.roa
Signing time:             Tue 26 May 2026 12:41:48 +0000
ROA not before:           Tue 26 May 2026 12:36:48 +0000
ROA not after:            Tue 25 May 2027 12:41:48 +0000
asID:                     34927
IP address blocks:        103.254.61.0/24 maxlen: 24
                          118.91.186.0/23 maxlen: 24
                          185.121.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d7:55:f7:eb:16:ec:fe:7a:0d:bb:49:9f:31:a4:24:ad:16:a6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: May 26 12:36:48 2026 GMT
            Not After : May 25 12:41:48 2027 GMT
        Subject: CN=0BE45F9709A5EC10CA159E971FC099BB7D79AE31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:25:57:75:b4:5a:a4:44:0a:0a:5c:b1:67:83:
                    f3:44:62:d6:cc:2e:9c:12:22:58:fb:36:67:cc:99:
                    8e:17:cc:b0:99:f6:43:d6:7b:74:0c:59:cb:ea:4e:
                    9e:f8:38:01:47:78:f7:fa:4a:bf:01:7b:fe:5c:a5:
                    24:7d:c1:90:13:3d:41:ab:d6:42:16:64:b8:a9:08:
                    0d:ed:4e:af:63:b0:90:74:d1:1b:3b:84:c4:6d:26:
                    0a:09:79:43:39:6c:45:e0:3a:1b:c8:75:55:c2:dd:
                    39:13:0b:27:43:71:3f:64:a5:8a:fe:0c:d6:80:47:
                    cc:dc:52:48:d0:6f:30:94:0e:21:d2:4a:c4:16:7d:
                    c0:28:e2:7c:ec:90:24:5b:9a:7b:27:33:25:be:5c:
                    89:fb:eb:25:68:b4:ba:e7:e5:b2:ce:82:74:a2:0f:
                    35:8e:ed:cd:4c:f6:4d:6d:7d:03:70:aa:e3:bd:ce:
                    cd:72:eb:e3:af:05:30:ca:31:6e:19:a8:55:5c:30:
                    8b:97:69:26:d6:5d:80:bf:bf:56:5d:62:2e:b8:95:
                    70:1c:60:a0:db:be:50:2b:72:77:d5:43:39:7f:24:
                    5b:16:ee:ef:7a:54:4d:52:c5:79:6d:ed:14:b4:9b:
                    18:f2:51:67:76:08:69:c8:9b:51:62:33:39:38:7c:
                    25:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E4:5F:97:09:A5:EC:10:CA:15:9E:97:1F:C0:99:BB:7D:79:AE:31
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS34927.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.254.61.0/24
                  118.91.186.0/23
                  185.121.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:fd:d5:22:25:ff:64:c7:d0:a6:47:39:92:90:83:91:3a:02:
         de:65:26:30:6b:80:c6:92:8e:fd:92:14:f1:9e:5b:79:81:c0:
         59:e4:b2:df:da:79:83:39:f7:7b:6b:72:38:e1:af:15:83:87:
         1f:a6:95:5a:dd:f2:25:1c:e0:05:69:61:f2:9a:92:0e:cf:4a:
         0e:6d:c4:69:17:fc:7f:75:a2:96:56:33:e4:75:49:85:bc:78:
         85:13:18:75:8e:55:f9:3f:75:e0:c8:60:eb:7d:d6:47:69:93:
         a0:35:3a:c0:08:f9:40:f7:4e:7b:0a:38:ac:ff:7e:3d:46:f7:
         7f:dd:82:2c:cb:38:65:9b:b3:fc:9b:40:5d:0c:c1:54:27:9e:
         17:85:3d:21:9a:3b:1b:1a:08:a6:c0:3d:e5:75:07:d8:80:58:
         c2:79:99:37:17:ab:13:dc:db:5e:99:40:82:4e:c3:72:b9:09:
         7e:40:2a:20:d7:aa:f3:e5:8c:92:b4:56:a1:59:94:a6:1d:be:
         6d:63:9e:02:d1:12:34:26:bf:ac:bd:a8:1c:ab:4f:7d:db:c5:
         30:cd:4f:62:63:28:28:38:15:c4:0a:8e:00:1b:42:71:59:1b:
         91:82:8c:6f:a9:7e:da:0a:1d:4a:0d:af:bb:6f:76:08:07:be:
         bb:7f:25:13
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgIUdtdV9+sW7P56DbtJnzGkJK0WpngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA1MjYxMjM2NDhaFw0yNzA1MjUxMjQxNDhaMDMxMTAvBgNV
BAMTKDBCRTQ1Rjk3MDlBNUVDMTBDQTE1OUU5NzFGQzA5OUJCN0Q3OUFFMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjJVd1tFqkRAoKXLFng/NEYtbM
LpwSIlj7NmfMmY4XzLCZ9kPWe3QMWcvqTp74OAFHePf6Sr8Be/5cpSR9wZATPUGr
1kIWZLipCA3tTq9jsJB00Rs7hMRtJgoJeUM5bEXgOhvIdVXC3TkTCydDcT9kpYr+
DNaAR8zcUkjQbzCUDiHSSsQWfcAo4nzskCRbmnsnMyW+XIn76yVotLrn5bLOgnSi
DzWO7c1M9k1tfQNwquO9zs1y6+OvBTDKMW4ZqFVcMIuXaSbWXYC/v1ZdYi64lXAc
YKDbvlArcnfVQzl/JFsW7u96VE1SxXlt7RS0mxjyUWd2CGnIm1FiMzk4fCUfAgMB
AAGjggH6MIIB9jAdBgNVHQ4EFgQUC+Rflwml7BDKFZ6XH8CZu315rjEwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MzQ5Mjcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcB
Af8EHDAaMBgEAgABMBIDBABn/j0DBAF2W7oDBAC5eakwDQYJKoZIhvcNAQELBQAD
ggEBAK391SIl/2TH0KZHOZKQg5E6At5lJjBrgMaSjv2SFPGeW3mBwFnkst/aeYM5
93trcjjhrxWDhx+mlVrd8iUc4AVpYfKakg7PSg5txGkX/H91opZWM+R1SYW8eIUT
GHWOVfk/deDIYOt91kdpk6A1OsAI+UD3TnsKOKz/fj1G93/dgizLOGWbs/ybQF0M
wVQnnheFPSGaOxsaCKbAPeV1B9iAWMJ5mTcXqxPc216ZQIJOw3K5CX5AKiDXqvPl
jJK0VqFZlKYdvm1jngLREjQmv6y9qByrT33bxTDNT2JjKCg4FcQKjgAbQnFZG5GC
jG+pftoKHUoNr7tvdggHvrt/JRM=
-----END CERTIFICATE-----