Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS399114.roa
File:                     AS399114.roa (raw, json)
Hash identifier:          yvzVPHBwygn1Ynq/SR2ICGmBaXgH7N8XGu2eWER2N24=
Subject key identifier:   16:5B:B1:81:23:DC:02:AA:6E:38:03:36:64:67:40:C8:63:0A:7C:3C
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       089F112F0227860729C65AF5FE3C16B9858C3A46
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS399114.roa
Signing time:             Thu 03 Jul 2025 15:52:14 +0000
ROA not before:           Thu 03 Jul 2025 15:47:14 +0000
ROA not after:            Thu 02 Jul 2026 15:52:14 +0000
asID:                     399114
IP address blocks:        5.253.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:9f:11:2f:02:27:86:07:29:c6:5a:f5:fe:3c:16:b9:85:8c:3a:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:47:14 2025 GMT
            Not After : Jul  2 15:52:14 2026 GMT
        Subject: CN=165BB18123DC02AA6E380336646740C8630A7C3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d4:b1:98:39:35:ae:8f:79:e3:f3:e8:b9:29:
                    eb:26:da:f3:ae:82:10:eb:22:9f:39:cb:69:7b:67:
                    b6:b8:f6:a4:9e:a9:65:cb:2e:18:e5:61:26:3d:e7:
                    7b:77:83:b5:93:c5:46:6e:88:4a:ed:cb:27:6b:2a:
                    3f:48:a5:1d:36:a5:d2:92:bc:f7:f9:55:e7:fe:f7:
                    8e:11:73:f3:bb:65:d6:8c:c8:0d:50:88:a7:c0:2f:
                    6f:87:36:3d:e0:47:82:b9:e8:04:bc:6c:de:5a:36:
                    5d:5a:ef:41:17:64:a4:f0:71:27:98:85:f5:8f:2e:
                    27:da:87:38:ba:86:54:8e:25:d4:dd:65:f8:6d:df:
                    fb:1a:39:49:a1:bd:38:09:21:0b:3d:33:41:5d:69:
                    9e:43:3b:21:db:40:3d:9a:b9:7b:70:31:43:a2:32:
                    60:d8:ae:66:59:13:e4:79:fd:ca:f1:53:e0:8a:d7:
                    6d:00:64:e8:dd:2c:5e:c8:b7:7f:e1:8b:80:15:96:
                    3e:6f:ef:8d:eb:be:93:c4:d0:e2:23:3a:da:b1:a6:
                    e8:a1:39:ba:6d:32:2b:fc:52:8b:a4:6b:01:cd:40:
                    91:06:71:ac:54:7e:6b:ce:d7:77:fa:c0:2d:a0:ba:
                    c5:a1:0a:f0:97:88:59:7c:85:4c:5d:83:b3:9a:df:
                    a4:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:5B:B1:81:23:DC:02:AA:6E:38:03:36:64:67:40:C8:63:0A:7C:3C
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS399114.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d2:aa:43:ae:9e:a9:0e:59:aa:f1:d0:c7:d5:bd:a6:6a:2f:
         d1:1e:c5:33:94:20:c9:c8:2f:3f:43:4c:8e:be:f3:4d:e4:fd:
         37:7d:81:52:e3:fa:25:c0:06:2b:cb:09:a2:35:8a:37:be:56:
         4e:c7:b9:c9:c8:1c:da:94:da:29:3e:9c:10:4c:60:e3:89:dd:
         e5:82:12:03:82:bd:40:c8:6c:42:bc:dc:1c:3b:9d:ad:fb:b4:
         3b:78:62:e1:8f:c7:63:ea:c2:25:72:ef:e0:7c:1b:0f:3c:cc:
         8a:40:03:44:f4:91:fd:d9:3d:b8:c7:4c:d3:4a:72:43:dc:5d:
         5f:a6:fc:ea:ae:09:90:74:3e:e2:02:72:6c:7d:cf:70:c9:49:
         9a:40:91:14:aa:c1:79:58:66:38:08:c2:c6:60:94:5b:2e:12:
         eb:8a:0c:fe:7b:02:b2:2c:73:a6:4b:39:8b:c6:9b:22:e4:8f:
         a9:f0:c6:b9:3b:95:1e:12:9a:f2:37:d4:7e:45:5d:90:52:2f:
         e9:e3:bf:2f:73:35:c7:f4:30:14:be:44:7c:1e:cd:05:21:44:
         75:93:a0:52:1a:5d:23:f0:66:25:e9:29:fd:7e:3d:26:0d:73:
         81:ef:9a:a6:3a:51:2b:3c:32:54:1c:ed:1b:ee:fc:3d:61:73:
         f0:93:2c:64
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUCJ8RLwInhgcpxlr1/jwWuYWMOkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ3MTRaFw0yNjA3MDIxNTUyMTRaMDMxMTAvBgNV
BAMTKDE2NUJCMTgxMjNEQzAyQUE2RTM4MDMzNjY0Njc0MEM4NjMwQTdDM0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+1LGYOTWuj3nj8+i5Kesm2vOu
ghDrIp85y2l7Z7a49qSeqWXLLhjlYSY953t3g7WTxUZuiErtyydrKj9IpR02pdKS
vPf5Vef+944Rc/O7ZdaMyA1QiKfAL2+HNj3gR4K56AS8bN5aNl1a70EXZKTwcSeY
hfWPLifahzi6hlSOJdTdZfht3/saOUmhvTgJIQs9M0FdaZ5DOyHbQD2auXtwMUOi
MmDYrmZZE+R5/crxU+CK120AZOjdLF7It3/hi4AVlj5v743rvpPE0OIjOtqxpuih
ObptMiv8UoukawHNQJEGcaxUfmvO13f6wC2gusWhCvCXiFl8hUxdg7Oa36TDAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUFluxgSPcAqpuOAM2ZGdAyGMKfDwwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
Mzk5MTE0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQABf1XMA0GCSqGSIb3DQEBCwUAA4IBAQA40qpDrp6p
Dlmq8dDH1b2mai/RHsUzlCDJyC8/Q0yOvvNN5P03fYFS4/olwAYrywmiNYo3vlZO
x7nJyBzalNopPpwQTGDjid3lghIDgr1AyGxCvNwcO52t+7Q7eGLhj8dj6sIlcu/g
fBsPPMyKQANE9JH92T24x0zTSnJD3F1fpvzqrgmQdD7iAnJsfc9wyUmaQJEUqsF5
WGY4CMLGYJRbLhLrigz+ewKyLHOmSzmLxpsi5I+p8Ma5O5UeEpryN9R+RV2QUi/p
478vczXH9DAUvkR8Hs0FIUR1k6BSGl0j8GYl6Sn9fj0mDXOB75qmOlErPDJUHO0b
7vw9YXPwkyxk
-----END CERTIFICATE-----