Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS63018.roa
File:                     AS63018.roa (raw, json)
Hash identifier:          c+G7kwA1Kv8G1wsaZD9V0K8EdgPY/3LLpBIkF73pM5I=
Subject key identifier:   97:C0:41:CC:BC:70:61:32:F4:85:F0:D3:A8:C7:F7:22:E1:D1:92:C9
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1B061D6DAAF183B23F50E3332C2CCF2237EBD5A4
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS63018.roa
Signing time:             Thu 03 Jul 2025 15:51:51 +0000
ROA not before:           Thu 03 Jul 2025 15:46:51 +0000
ROA not after:            Thu 02 Jul 2026 15:51:51 +0000
asID:                     63018
IP address blocks:        103.214.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:06:1d:6d:aa:f1:83:b2:3f:50:e3:33:2c:2c:cf:22:37:eb:d5:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:51 2025 GMT
            Not After : Jul  2 15:51:51 2026 GMT
        Subject: CN=97C041CCBC706132F485F0D3A8C7F722E1D192C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ad:aa:1a:99:cb:7e:7f:24:fd:ed:3e:49:95:
                    94:85:f8:e3:2c:f7:9e:83:de:9a:3a:3d:c7:41:f6:
                    24:ff:1a:fd:da:36:67:5b:56:4b:ea:ad:e1:a1:cb:
                    1e:95:85:0b:6f:3c:61:4a:7b:89:d9:aa:cd:84:9d:
                    b4:f8:fb:13:d9:09:28:38:34:59:ea:5e:0f:94:f9:
                    51:eb:c9:f8:d7:9e:36:35:32:15:2e:b6:6f:d4:e9:
                    bb:97:bc:cf:93:07:aa:7e:a7:23:7d:0a:30:cc:81:
                    5b:0f:61:7b:a9:f3:d1:67:35:56:f8:27:c6:b2:9e:
                    e4:c3:4b:fe:f8:22:25:6a:56:84:5c:85:1a:f7:40:
                    89:4f:f8:14:6a:b4:26:7f:d1:16:e2:98:4b:a0:ff:
                    19:4e:01:78:fc:ee:1b:2b:04:fe:1e:c5:dc:ae:a0:
                    4a:75:e9:99:1a:80:c1:75:36:d0:9d:45:78:07:aa:
                    3d:97:8a:60:36:d9:94:da:f8:a9:98:0a:d6:c5:ea:
                    b7:67:97:53:4d:bd:05:56:f9:58:b5:dc:54:4a:06:
                    20:12:6f:20:2a:d4:3c:a2:a7:3a:85:60:cd:90:4b:
                    98:8c:e5:e2:92:05:b0:27:4f:01:30:49:8d:3e:6e:
                    4d:c3:7f:0b:30:96:32:6d:39:b1:e6:03:d9:61:c8:
                    fb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C0:41:CC:BC:70:61:32:F4:85:F0:D3:A8:C7:F7:22:E1:D1:92:C9
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS63018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:98:7b:2a:d0:f8:59:35:c5:db:cc:d5:28:a1:32:3e:90:f1:
         8b:5f:87:fd:25:7d:2f:83:a8:35:01:79:bf:1c:72:35:8d:47:
         5c:06:9c:86:01:ed:e5:04:ef:3b:90:91:99:ea:fc:36:26:3d:
         cc:c2:01:80:cf:71:fa:7c:0d:c9:2d:02:e3:55:97:5e:2d:4f:
         00:59:ca:c9:30:f5:71:20:62:a0:38:0f:9a:fb:48:0f:8d:01:
         a7:28:b4:08:08:5b:be:43:5a:54:b3:fc:c3:df:57:24:2b:c1:
         fd:77:8e:d7:54:a8:b6:5d:a6:1b:b1:d4:54:dc:2a:52:bb:23:
         37:b8:71:c5:d2:62:56:d6:00:19:c3:78:85:63:bb:b9:67:0f:
         66:71:91:ec:f7:3b:81:03:71:ca:10:a4:08:b6:11:2c:fe:5a:
         3d:ef:24:c7:f0:97:6d:48:12:00:51:78:02:8e:74:58:6f:ca:
         cc:1d:6e:20:06:3d:79:3f:0d:78:31:f9:de:3c:ce:b8:01:48:
         3a:0a:09:b7:7b:98:a3:59:06:3f:fb:f3:8a:ca:22:37:c4:48:
         42:39:d3:56:04:48:98:90:d4:a6:1d:98:55:36:b1:fc:e3:ba:
         ad:47:46:0c:a1:84:91:12:f8:08:b5:2e:99:d8:30:a7:f6:4c:
         b7:0a:df:40
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUGwYdbarxg7I/UOMzLCzPIjfr1aQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTFaFw0yNjA3MDIxNTUxNTFaMDMxMTAvBgNV
BAMTKDk3QzA0MUNDQkM3MDYxMzJGNDg1RjBEM0E4QzdGNzIyRTFEMTkyQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4raoamct+fyT97T5JlZSF+OMs
956D3po6PcdB9iT/Gv3aNmdbVkvqreGhyx6VhQtvPGFKe4nZqs2EnbT4+xPZCSg4
NFnqXg+U+VHryfjXnjY1MhUutm/U6buXvM+TB6p+pyN9CjDMgVsPYXup89FnNVb4
J8aynuTDS/74IiVqVoRchRr3QIlP+BRqtCZ/0RbimEug/xlOAXj87hsrBP4exdyu
oEp16ZkagMF1NtCdRXgHqj2XimA22ZTa+KmYCtbF6rdnl1NNvQVW+Vi13FRKBiAS
byAq1DyipzqFYM2QS5iM5eKSBbAnTwEwSY0+bk3DfwswljJtObHmA9lhyPsLAgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUl8BBzLxwYTL0hfDTqMf3IuHRkskwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NjMwMTgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABn1kcwDQYJKoZIhvcNAQELBQADggEBALKYeyrQ+Fk1
xdvM1SihMj6Q8Ytfh/0lfS+DqDUBeb8ccjWNR1wGnIYB7eUE7zuQkZnq/DYmPczC
AYDPcfp8DcktAuNVl14tTwBZyskw9XEgYqA4D5r7SA+NAacotAgIW75DWlSz/MPf
VyQrwf13jtdUqLZdphux1FTcKlK7Ize4ccXSYlbWABnDeIVju7lnD2Zxkez3O4ED
ccoQpAi2ESz+Wj3vJMfwl21IEgBReAKOdFhvyswdbiAGPXk/DXgx+d48zrgBSDoK
Cbd7mKNZBj/784rKIjfESEI501YESJiQ1KYdmFU2sfzjuq1HRgyhhJES+Ai1LpnY
MKf2TLcK30A=
-----END CERTIFICATE-----