Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS47152.roa
File:                     AS47152.roa (raw, json)
Hash identifier:          IWOd2pvJILhbiuEo4Vo/afqPA4VXlgLxoDv034p4JEA=
Subject key identifier:   94:F4:08:4C:0D:A4:68:DC:D0:40:C9:1F:A3:D7:2B:6C:04:61:1A:26
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7AD22A9D3B68C9DCF01B8A27386C1828480674BC
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS47152.roa
Signing time:             Thu 03 Jul 2025 15:51:38 +0000
ROA not before:           Thu 03 Jul 2025 15:46:38 +0000
ROA not after:            Thu 02 Jul 2026 15:51:38 +0000
asID:                     47152
IP address blocks:        103.230.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d2:2a:9d:3b:68:c9:dc:f0:1b:8a:27:38:6c:18:28:48:06:74:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:38 2025 GMT
            Not After : Jul  2 15:51:38 2026 GMT
        Subject: CN=94F4084C0DA468DCD040C91FA3D72B6C04611A26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:08:3d:a9:c3:4d:c3:c4:9b:9e:4b:39:53:36:
                    58:b7:8e:9b:b6:6f:b5:bb:0b:6e:02:cf:d9:74:26:
                    e5:67:62:d3:f8:27:98:51:b3:ca:a1:6f:e8:fa:f5:
                    78:01:a6:d9:05:6d:47:1b:17:2a:52:dd:19:e0:2f:
                    9c:5c:be:79:0e:53:2e:79:7a:46:da:0f:10:de:3f:
                    50:97:95:21:5f:7f:04:be:58:87:64:e6:b5:e8:74:
                    9b:1f:2c:63:76:c9:5b:57:90:44:70:4e:45:88:ff:
                    48:81:6e:14:1a:68:20:64:d8:07:d0:cd:c9:eb:1d:
                    14:dc:c5:c9:29:80:48:1d:10:55:1e:ad:e0:ab:fe:
                    34:59:5b:39:18:a4:d5:14:e2:bd:3e:d9:33:63:dd:
                    a6:40:4d:8e:0d:99:76:4e:24:6e:f7:cc:ea:ad:f0:
                    bb:c7:f7:91:33:f1:ce:03:15:61:b4:ac:6a:7c:76:
                    4a:ed:eb:e8:ed:a2:13:35:83:1b:91:ae:65:b8:6b:
                    a7:44:49:40:8f:b9:7d:31:e9:89:5b:fd:17:c3:92:
                    23:3f:82:16:9a:56:c1:dc:ef:46:ec:86:cc:3d:c0:
                    a9:ce:c7:be:94:49:63:8a:33:8d:b1:00:5c:fb:df:
                    88:62:cf:8a:97:51:d3:26:25:b8:2b:11:f3:b0:1e:
                    54:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F4:08:4C:0D:A4:68:DC:D0:40:C9:1F:A3:D7:2B:6C:04:61:1A:26
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS47152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.230.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:46:7d:9f:93:c8:f8:b0:66:b9:61:03:db:2b:a6:06:8e:40:
         94:ec:84:51:eb:9e:d3:f2:7f:54:94:d5:db:5e:91:28:c0:e5:
         22:9a:4d:93:7a:4b:32:a7:3a:4a:cf:62:50:46:4e:46:8d:3e:
         13:96:cb:19:5d:42:9e:f4:66:da:de:1b:03:97:0f:69:a8:d3:
         c4:67:3f:4e:9f:ca:24:2c:e7:9c:85:2e:99:df:74:3b:3f:9a:
         f8:7f:83:9c:4b:94:d9:57:84:5a:33:1b:78:48:92:ad:85:e2:
         e9:d8:85:84:f2:ad:5e:66:7d:a2:30:29:c3:fd:86:f1:af:38:
         9e:fb:9c:b5:84:ae:ba:86:70:f5:a5:e0:32:f1:29:2b:47:fb:
         af:90:a8:9a:7b:3d:13:6c:96:43:3a:2e:77:96:71:4f:62:f2:
         2a:34:83:a3:3a:e6:f3:02:f6:d0:ff:3b:4c:b6:5f:ea:c0:55:
         30:a6:c0:cd:17:5d:0e:62:da:dd:81:09:21:93:80:35:16:53:
         a8:4a:20:b2:e5:89:10:0c:56:6c:e0:c3:c8:61:75:6e:14:90:
         ea:a5:4d:51:91:53:bc:e1:5f:2e:d4:14:dd:6c:cc:c9:3e:3f:
         c4:9e:e5:13:bd:b3:9d:eb:96:31:c6:08:b7:cc:95:b5:93:8b:
         e8:c0:ba:92
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUetIqnTtoydzwG4onOGwYKEgGdLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2MzhaFw0yNjA3MDIxNTUxMzhaMDMxMTAvBgNV
BAMTKDk0RjQwODRDMERBNDY4RENEMDQwQzkxRkEzRDcyQjZDMDQ2MTFBMjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0CD2pw03DxJueSzlTNli3jpu2
b7W7C24Cz9l0JuVnYtP4J5hRs8qhb+j69XgBptkFbUcbFypS3RngL5xcvnkOUy55
ekbaDxDeP1CXlSFffwS+WIdk5rXodJsfLGN2yVtXkERwTkWI/0iBbhQaaCBk2AfQ
zcnrHRTcxckpgEgdEFUereCr/jRZWzkYpNUU4r0+2TNj3aZATY4NmXZOJG73zOqt
8LvH95Ez8c4DFWG0rGp8dkrt6+jtohM1gxuRrmW4a6dESUCPuX0x6Ylb/RfDkiM/
ghaaVsHc70bshsw9wKnOx76USWOKM42xAFz734hiz4qXUdMmJbgrEfOwHlT5AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUlPQITA2kaNzQQMkfo9crbARhGiYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDcxNTIucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABn5owwDQYJKoZIhvcNAQELBQADggEBAGRGfZ+TyPiw
ZrlhA9srpgaOQJTshFHrntPyf1SU1dtekSjA5SKaTZN6SzKnOkrPYlBGTkaNPhOW
yxldQp70ZtreGwOXD2mo08RnP06fyiQs55yFLpnfdDs/mvh/g5xLlNlXhFozG3hI
kq2F4unYhYTyrV5mfaIwKcP9hvGvOJ77nLWErrqGcPWl4DLxKStH+6+QqJp7PRNs
lkM6LneWcU9i8io0g6M65vMC9tD/O0y2X+rAVTCmwM0XXQ5i2t2BCSGTgDUWU6hK
ILLliRAMVmzgw8hhdW4UkOqlTVGRU7zhXy7UFN1szMk+P8Se5RO9s53rljHGCLfM
lbWTi+jAupI=
-----END CERTIFICATE-----