Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS54309.roa
File:                     AS54309.roa (raw, json)
Hash identifier:          /rQjj7rVHhH1Zd2S+V1OTTUun2KHZCkiTxY9cGdE1NA=
Subject key identifier:   DA:7E:60:A1:AE:2A:EA:F6:2C:20:7F:4F:8A:67:7B:4E:AF:31:EA:43
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3CE356719E34522D4A9F0C20A322B9400B1B335C
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS54309.roa
Signing time:             Thu 03 Jul 2025 15:51:51 +0000
ROA not before:           Thu 03 Jul 2025 15:46:51 +0000
ROA not after:            Thu 02 Jul 2026 15:51:51 +0000
asID:                     54309
IP address blocks:        85.90.220.0/24 maxlen: 24
                          85.90.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:e3:56:71:9e:34:52:2d:4a:9f:0c:20:a3:22:b9:40:0b:1b:33:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:51 2025 GMT
            Not After : Jul  2 15:51:51 2026 GMT
        Subject: CN=DA7E60A1AE2AEAF62C207F4F8A677B4EAF31EA43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d5:c4:4e:97:b9:99:a0:6d:02:d5:0a:13:8c:
                    68:97:8b:46:50:1d:79:9e:8f:9f:10:7c:b0:5d:19:
                    95:11:13:8e:44:a6:b5:1e:b3:cf:6a:67:99:db:ba:
                    b7:25:58:a9:d6:33:11:cb:75:ac:6e:d6:a6:be:1f:
                    da:3a:9e:01:f7:c0:a4:07:7d:02:b6:e8:5a:3a:7c:
                    40:2a:39:3d:f1:5b:ee:09:72:be:d9:ac:d3:ad:fb:
                    ff:ff:a5:f2:c2:07:94:d4:25:da:46:77:0e:77:54:
                    75:21:ff:d1:f0:60:94:4e:7c:3d:6b:59:49:3b:76:
                    14:cb:83:f8:bb:49:01:89:df:8a:08:24:d9:4f:bf:
                    a7:80:94:3f:bc:95:0e:9f:f7:92:9f:1b:a5:8b:d3:
                    75:7d:a4:70:c8:b4:5a:26:f4:5c:84:68:b3:3b:33:
                    df:f6:44:30:93:31:66:23:fe:62:fb:d9:05:9a:9d:
                    5b:d1:6b:9d:9d:d1:c5:a1:8f:7c:59:a1:2d:4f:59:
                    2c:63:90:73:e7:4e:03:5f:88:98:e7:4c:fc:45:95:
                    b0:6c:26:c8:73:0f:1e:ed:31:c7:92:90:87:23:e2:
                    31:19:5c:67:3a:1d:56:13:93:56:95:01:84:1b:65:
                    c2:97:c5:87:39:78:c8:af:dd:13:a5:1a:f3:56:55:
                    92:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7E:60:A1:AE:2A:EA:F6:2C:20:7F:4F:8A:67:7B:4E:AF:31:EA:43
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS54309.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.90.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:1f:16:4a:3d:98:46:db:dd:59:d8:57:19:f6:43:90:fc:a8:
         81:7b:31:0a:d5:8c:74:38:e2:09:c7:69:a3:7a:ea:c8:2b:28:
         07:6f:ac:aa:98:1c:2a:df:92:be:71:8f:3e:9a:68:51:fd:16:
         d3:77:39:0c:45:d9:ce:52:23:b8:b1:e4:e3:d6:fd:d7:a1:1e:
         a0:9f:1e:a1:3d:99:cf:9c:72:d1:bd:94:52:02:fd:9b:33:b4:
         ed:aa:fe:d7:44:cd:8e:f7:02:57:3f:99:c3:41:4a:47:09:87:
         77:57:cd:5e:9c:ce:07:3a:7d:64:70:a8:34:f7:ae:c2:17:d7:
         b9:d3:66:c7:21:7a:f8:3c:0a:22:60:03:3f:eb:3e:72:84:b3:
         c5:21:ee:84:9c:47:1f:3b:ab:9e:79:68:26:4a:07:1a:99:87:
         65:36:c0:e6:ff:3e:21:54:0e:cc:32:2a:e8:28:a1:3a:58:14:
         12:3a:18:da:15:90:cf:25:a9:b9:2f:a8:dc:87:3e:7d:20:6a:
         ed:81:ee:ea:5f:93:48:2e:e9:63:6a:82:6b:1c:30:18:84:c8:
         b4:17:3b:0f:21:b3:83:4b:89:98:79:05:bc:a6:85:c6:41:43:
         28:d0:64:32:3c:96:6b:2f:29:72:9c:cf:5a:88:44:00:12:9b:
         90:29:7a:77
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUPONWcZ40Ui1KnwwgoyK5QAsbM1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTFaFw0yNjA3MDIxNTUxNTFaMDMxMTAvBgNV
BAMTKERBN0U2MEExQUUyQUVBRjYyQzIwN0Y0RjhBNjc3QjRFQUYzMUVBNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg1cROl7mZoG0C1QoTjGiXi0ZQ
HXmej58QfLBdGZURE45EprUes89qZ5nburclWKnWMxHLdaxu1qa+H9o6ngH3wKQH
fQK26Fo6fEAqOT3xW+4Jcr7ZrNOt+///pfLCB5TUJdpGdw53VHUh/9HwYJROfD1r
WUk7dhTLg/i7SQGJ34oIJNlPv6eAlD+8lQ6f95KfG6WL03V9pHDItFom9FyEaLM7
M9/2RDCTMWYj/mL72QWanVvRa52d0cWhj3xZoS1PWSxjkHPnTgNfiJjnTPxFlbBs
JshzDx7tMceSkIcj4jEZXGc6HVYTk1aVAYQbZcKXxYc5eMiv3ROlGvNWVZJ5AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQU2n5goa4q6vYsIH9Pimd7Tq8x6kMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NTQzMDkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBAFVWtwwDQYJKoZIhvcNAQELBQADggEBALUfFko9mEbb
3VnYVxn2Q5D8qIF7MQrVjHQ44gnHaaN66sgrKAdvrKqYHCrfkr5xjz6aaFH9FtN3
OQxF2c5SI7ix5OPW/dehHqCfHqE9mc+cctG9lFIC/ZsztO2q/tdEzY73Alc/mcNB
SkcJh3dXzV6czgc6fWRwqDT3rsIX17nTZschevg8CiJgAz/rPnKEs8Uh7oScRx87
q555aCZKBxqZh2U2wOb/PiFUDswyKugooTpYFBI6GNoVkM8lqbkvqNyHPn0gau2B
7upfk0gu6WNqgmscMBiEyLQXOw8hs4NLiZh5BbymhcZBQyjQZDI8lmsvKXKcz1qI
RAASm5Apenc=
-----END CERTIFICATE-----