Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS399765.roa
File:                     AS399765.roa (raw, json)
Hash identifier:          rlftIMB9iaYhQy5FojGg3jcbJklf9wrv+EtVyHCvM8E=
Subject key identifier:   33:1E:46:C0:D7:B0:12:17:95:CD:A5:FB:25:9E:01:12:97:AA:D7:5A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4A2EAEFFF938D2B2BBE7AACCABA2EF23F0D8B279
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS399765.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     399765
IP address blocks:        194.58.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:2e:ae:ff:f9:38:d2:b2:bb:e7:aa:cc:ab:a2:ef:23:f0:d8:b2:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=331E46C0D7B0121795CDA5FB259E011297AAD75A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:26:6a:22:9f:95:06:cd:ea:42:2c:fa:79:48:
                    a0:f7:0f:19:71:2c:27:cd:d0:94:d2:c2:38:2a:02:
                    04:3e:e0:3c:e4:51:8e:61:e4:ba:7f:7e:9a:c2:d1:
                    2a:a6:e1:3d:66:e6:39:9c:36:15:70:13:52:dc:63:
                    df:93:00:a8:ad:c7:d5:da:b9:11:2f:9c:54:97:09:
                    58:18:18:b1:eb:1a:bd:6f:ec:2f:5b:cd:d5:c8:e2:
                    ec:5e:64:1b:7d:97:aa:40:17:78:a1:07:b8:b0:22:
                    de:99:80:49:20:2e:95:32:13:c0:cd:1a:a4:ac:1b:
                    71:1c:82:42:2b:c0:f5:bc:fe:c5:ad:2f:d3:68:8f:
                    d3:d8:11:78:75:41:47:32:e8:52:66:ad:74:a6:85:
                    e3:65:f4:57:ab:ac:e9:c6:ef:61:c0:97:cd:7b:69:
                    02:32:9e:00:d9:c1:67:70:4c:00:70:04:46:5c:43:
                    f7:9f:82:ab:7c:7a:1e:15:2a:ec:cc:82:02:a5:82:
                    8b:d0:50:16:16:73:04:8a:e5:33:6f:5a:c6:eb:ab:
                    91:fd:01:d3:e8:4e:6d:b7:4e:39:24:3f:c3:f2:f3:
                    9c:9f:69:75:9d:3d:54:d8:06:24:c5:2f:f5:91:0e:
                    2e:40:a8:0c:f0:b9:ec:3b:f9:aa:b3:3c:b8:0e:a7:
                    f0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1E:46:C0:D7:B0:12:17:95:CD:A5:FB:25:9E:01:12:97:AA:D7:5A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS399765.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:0c:b2:18:62:2b:f9:b2:e6:a7:dd:ed:fe:59:d1:dd:70:7d:
         ab:cb:7d:3b:45:6c:2a:22:c5:fc:8f:90:33:37:2d:ef:e1:d8:
         8e:83:24:3b:b5:db:91:5c:3a:fa:c1:11:0b:aa:76:ed:ec:53:
         f2:d6:45:88:01:df:f7:b6:ce:7b:d3:27:af:0e:86:d7:c9:39:
         ac:d4:5f:f5:68:c0:2b:00:0a:a5:fc:cb:e2:cd:61:dd:94:d5:
         b5:a7:48:37:fd:ac:ad:13:d0:98:a5:03:78:7a:d4:ba:ed:02:
         8e:b9:3f:81:d5:c3:07:2d:dd:72:a1:74:b0:fe:1f:69:e2:d9:
         92:f9:81:c0:0d:db:6d:a0:f0:f1:8c:b6:e9:ff:e2:b3:5e:72:
         56:28:db:01:f3:b5:8f:e6:7f:da:29:c1:80:b4:bc:18:fc:55:
         fc:9c:b6:ef:a1:96:0e:63:2e:b5:2f:10:15:0e:c9:7a:3a:69:
         32:6f:7d:fa:62:fd:1b:f1:00:bd:c0:af:80:81:27:9b:18:d3:
         4b:9e:93:92:05:5b:38:3e:6a:e7:29:68:3d:4c:a7:30:e5:af:
         62:ce:5b:3f:d0:c8:6f:16:07:5c:05:d9:0e:d6:8f:4b:9a:aa:
         d1:64:90:26:27:1f:2f:8a:bd:d8:97:1c:ed:b3:d7:d0:cb:04:
         60:dd:01:e5
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUSi6u//k40rK756rMq6LvI/DYsnkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKDMzMUU0NkMwRDdCMDEyMTc5NUNEQTVGQjI1OUUwMTEyOTdBQUQ3NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxJmoin5UGzepCLPp5SKD3Dxlx
LCfN0JTSwjgqAgQ+4DzkUY5h5Lp/fprC0Sqm4T1m5jmcNhVwE1LcY9+TAKitx9Xa
uREvnFSXCVgYGLHrGr1v7C9bzdXI4uxeZBt9l6pAF3ihB7iwIt6ZgEkgLpUyE8DN
GqSsG3EcgkIrwPW8/sWtL9Noj9PYEXh1QUcy6FJmrXSmheNl9FerrOnG72HAl817
aQIyngDZwWdwTABwBEZcQ/efgqt8eh4VKuzMggKlgovQUBYWcwSK5TNvWsbrq5H9
AdPoTm23TjkkP8Py85yfaXWdPVTYBiTFL/WRDi5AqAzwuew7+aqzPLgOp/BtAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUMx5GwNewEheVzaX7JZ4BEpeq11owHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
Mzk5NzY1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAwjpBMA0GCSqGSIb3DQEBCwUAA4IBAQC0DLIYYiv5
suan3e3+WdHdcH2ry307RWwqIsX8j5AzNy3v4diOgyQ7tduRXDr6wRELqnbt7FPy
1kWIAd/3ts570yevDobXyTms1F/1aMArAAql/MvizWHdlNW1p0g3/aytE9CYpQN4
etS67QKOuT+B1cMHLd1yoXSw/h9p4tmS+YHADdttoPDxjLbp/+KzXnJWKNsB87WP
5n/aKcGAtLwY/FX8nLbvoZYOYy61LxAVDsl6Omkyb336Yv0b8QC9wK+AgSebGNNL
npOSBVs4PmrnKWg9TKcw5a9izls/0MhvFgdcBdkO1o9LmqrRZJAmJx8vir3Ylxzt
s9fQywRg3QHl
-----END CERTIFICATE-----