Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS63018.roa
File:                     AS63018.roa (raw, json)
Hash identifier:          ATZyQL2ocbGiaeFgaqg5Z9U0wTKvB6a5YkwAsR1u4gM=
Subject key identifier:   54:A6:81:30:50:AF:5B:00:B1:99:48:CF:F9:24:9E:FE:D8:30:3F:F3
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       5C9325BC3F68F4CD54F61FC17CEC0E66A88D4E85
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS63018.roa
Signing time:             Thu 04 Jun 2026 15:58:51 +0000
ROA not before:           Thu 04 Jun 2026 15:53:51 +0000
ROA not after:            Thu 03 Jun 2027 15:58:51 +0000
asID:                     63018
IP address blocks:        103.214.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:93:25:bc:3f:68:f4:cd:54:f6:1f:c1:7c:ec:0e:66:a8:8d:4e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:51 2026 GMT
            Not After : Jun  3 15:58:51 2027 GMT
        Subject: CN=54A6813050AF5B00B19948CFF9249EFED8303FF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:35:62:41:f6:23:02:b5:7a:bd:a2:37:b1:78:
                    dc:0f:b3:19:7b:37:b3:5c:36:45:de:94:c2:76:79:
                    20:51:fd:d9:4e:60:c3:e1:03:e8:da:b0:35:64:21:
                    16:99:26:a4:f0:81:14:77:f8:a7:4f:80:6e:0c:49:
                    26:96:fa:05:bd:04:92:88:2d:f8:93:f5:c6:ca:48:
                    80:e1:6b:5c:ef:c3:5f:37:8b:1f:71:78:b0:85:b2:
                    74:b7:5b:d1:82:1a:43:f1:6e:d0:56:79:b6:05:60:
                    0c:fa:2a:59:1f:3d:e0:08:bd:8d:61:44:fc:f4:8c:
                    a9:3a:4c:d1:c7:23:26:be:b7:0d:6d:83:e9:d4:20:
                    9e:b4:86:1a:fb:c1:04:6d:eb:8e:0e:a3:c3:3e:31:
                    18:9a:7e:26:e3:6f:1b:f4:4e:09:4d:5b:3c:c4:9c:
                    cd:80:7e:3e:35:b8:55:cc:e9:de:ca:a9:23:48:7c:
                    84:5d:ec:e8:c1:08:24:4a:b2:31:25:ac:45:ab:7e:
                    79:12:ca:e8:ae:42:8c:75:bd:78:e7:8c:3f:b3:bf:
                    4d:8c:00:a4:5c:b1:50:76:5c:df:14:12:45:ad:51:
                    fd:c9:d0:f4:be:37:9c:a9:bf:a7:55:3d:d8:19:07:
                    a2:d0:ab:1f:9e:dc:58:9c:05:c7:be:2b:aa:6d:04:
                    3f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A6:81:30:50:AF:5B:00:B1:99:48:CF:F9:24:9E:FE:D8:30:3F:F3
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS63018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:ce:35:c0:1d:4a:e7:6b:43:7d:06:fd:cb:45:91:91:70:f3:
         f8:6c:90:82:ed:46:48:8c:48:74:e3:25:36:d5:82:7b:fa:cc:
         22:68:04:a5:e9:51:ea:71:39:1e:ff:ad:c7:17:3e:1b:d8:a7:
         93:15:2b:de:0c:b4:ae:ee:fb:c0:c6:a2:56:e3:9a:e6:cb:f5:
         a2:45:94:e4:6c:4f:4e:91:f7:23:1b:c2:cd:7c:4a:dc:78:48:
         1c:88:a7:91:9b:1b:35:c2:08:f0:3c:79:a6:e8:ea:82:71:e3:
         5b:9c:a3:f9:61:92:57:7b:ee:b9:ea:a8:c6:09:fd:f0:aa:35:
         a2:76:5a:35:a1:83:2e:bd:97:01:6b:32:8a:b8:e6:83:b9:0e:
         3f:80:75:7f:93:98:52:a6:92:3b:52:6e:9a:cf:e4:10:10:f7:
         98:f6:8f:cf:d2:61:2e:35:c8:4f:66:5b:be:a3:37:cd:3d:64:
         3e:d0:0b:00:30:37:45:0c:26:39:ea:1a:16:e5:7a:0d:48:42:
         c9:30:ae:30:87:86:67:67:cb:e5:ae:c1:01:8d:70:ba:c8:7b:
         be:d7:a8:f4:67:1f:3e:75:63:68:2d:f7:a7:81:20:04:82:89:
         9d:2c:a1:3c:f4:39:e7:f5:ac:e9:ab:46:40:57:b2:a9:9b:a5:
         89:28:3a:5f
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUXJMlvD9o9M1U9h/BfOwOZqiNToUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTFaFw0yNzA2MDMxNTU4NTFaMDMxMTAvBgNV
BAMTKDU0QTY4MTMwNTBBRjVCMDBCMTk5NDhDRkY5MjQ5RUZFRDgzMDNGRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNWJB9iMCtXq9ojexeNwPsxl7
N7NcNkXelMJ2eSBR/dlOYMPhA+jasDVkIRaZJqTwgRR3+KdPgG4MSSaW+gW9BJKI
LfiT9cbKSIDha1zvw183ix9xeLCFsnS3W9GCGkPxbtBWebYFYAz6KlkfPeAIvY1h
RPz0jKk6TNHHIya+tw1tg+nUIJ60hhr7wQRt644Oo8M+MRiafibjbxv0TglNWzzE
nM2Afj41uFXM6d7KqSNIfIRd7OjBCCRKsjElrEWrfnkSyuiuQox1vXjnjD+zv02M
AKRcsVB2XN8UEkWtUf3J0PS+N5ypv6dVPdgZB6LQqx+e3FicBce+K6ptBD9hAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUVKaBMFCvWwCxmUjP+SSe/tgwP/MwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NjMwMTgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABn1kcwDQYJKoZIhvcNAQELBQADggEBACvONcAdSudr
Q30G/ctFkZFw8/hskILtRkiMSHTjJTbVgnv6zCJoBKXpUepxOR7/rccXPhvYp5MV
K94MtK7u+8DGolbjmubL9aJFlORsT06R9yMbws18Stx4SByIp5GbGzXCCPA8eabo
6oJx41uco/lhkld77rnqqMYJ/fCqNaJ2WjWhgy69lwFrMoq45oO5Dj+AdX+TmFKm
kjtSbprP5BAQ95j2j8/SYS41yE9mW76jN809ZD7QCwAwN0UMJjnqGhbleg1IQskw
rjCHhmdny+WuwQGNcLrIe77XqPRnHz51Y2gt96eBIASCiZ0soTz0Oef1rOmrRkBX
sqmbpYkoOl8=
-----END CERTIFICATE-----