Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS138995.roa
File:                     AS138995.roa (raw, json)
Hash identifier:          oec2xUBhu6Tr3TE+uXP90SBcZg3k3n886SjCZG0i04I=
Subject key identifier:   C0:5B:47:46:C9:3F:C0:87:D1:10:25:48:F1:78:DE:DC:DC:D3:3D:5D
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       44D4E65F1CE736B8E4E7F608D6C17C864D6076B8
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS138995.roa
Signing time:             Wed 10 Jun 2026 15:01:22 +0000
ROA not before:           Wed 10 Jun 2026 14:56:22 +0000
ROA not after:            Wed 09 Jun 2027 15:01:22 +0000
asID:                     138995
IP address blocks:        103.208.87.0/24 maxlen: 24
                          103.214.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d4:e6:5f:1c:e7:36:b8:e4:e7:f6:08:d6:c1:7c:86:4d:60:76:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun 10 14:56:22 2026 GMT
            Not After : Jun  9 15:01:22 2027 GMT
        Subject: CN=C05B4746C93FC087D1102548F178DEDCDCD33D5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:72:59:01:25:d5:69:eb:d6:5d:9e:ac:3f:ff:
                    5e:a5:be:2f:ab:57:d6:38:a4:14:c5:8c:dc:31:02:
                    ee:d6:f8:e9:08:85:88:71:3d:c8:06:5e:42:b5:64:
                    9c:74:7d:f3:9e:c7:43:82:52:4d:ea:d5:e3:51:37:
                    b2:10:d6:a1:dc:71:24:da:3e:0d:8a:6a:89:01:38:
                    cd:bb:42:22:d8:cf:5e:7c:76:92:17:06:c5:91:d0:
                    44:31:b9:30:6e:0e:0e:49:87:16:26:78:c2:e0:b0:
                    bc:f0:f3:30:d8:7d:3a:b5:d3:c0:86:a0:c0:96:61:
                    16:3a:51:9e:73:b4:27:d7:66:47:24:e4:49:1d:30:
                    43:54:ac:31:2e:9d:6a:23:5c:ce:bd:5f:77:40:d1:
                    9e:29:45:af:01:cf:62:e7:ba:ce:0e:da:db:78:51:
                    08:bb:b1:54:70:44:05:a8:c6:e8:fc:54:87:93:2d:
                    81:08:55:d6:13:5d:e1:c5:fc:ce:13:5d:64:fd:4f:
                    b8:b4:15:db:56:01:8a:2c:2f:d3:b5:b9:7b:0b:33:
                    43:cf:f4:ab:5e:98:26:19:8c:06:d2:1a:10:5c:49:
                    d6:a7:82:4a:b9:df:15:b3:8b:f2:70:c7:12:97:b1:
                    a4:66:f6:12:6e:94:ba:73:65:c2:a4:19:bd:93:7c:
                    6b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5B:47:46:C9:3F:C0:87:D1:10:25:48:F1:78:DE:DC:DC:D3:3D:5D
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS138995.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.208.87.0/24
                  103.214.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:07:bf:61:5e:80:65:aa:a7:7b:1f:b0:7f:b7:7d:30:8e:75:
         f5:1b:e3:67:71:bf:9a:fc:f5:dc:9c:f7:4e:f3:20:87:20:e0:
         3d:e4:92:b8:c2:b9:c7:b3:9b:25:a3:7e:7c:02:fa:bc:dc:f7:
         d3:0a:2d:61:fd:4e:dd:b8:63:1d:73:58:ea:e0:bb:74:eb:e5:
         53:1e:fd:72:36:94:7a:65:f1:65:ba:8b:a3:0e:04:1a:e3:66:
         9b:2a:ad:48:ed:03:1b:b7:12:0d:63:9f:6f:cd:3d:79:fe:bd:
         93:b2:42:64:ce:78:c9:bb:1e:59:b9:99:fb:0a:94:fe:e3:1f:
         b2:b8:4a:dd:30:ed:7a:de:00:2a:5c:be:b0:6a:41:cf:eb:0f:
         7b:8a:97:2b:b8:03:30:d6:9c:31:99:7a:b7:e7:66:9f:90:d8:
         c8:ac:0a:ff:a9:25:23:c5:f8:0c:4d:f3:df:63:d4:45:d0:cc:
         4a:cb:a1:72:c3:4e:a2:39:da:3b:3c:c3:17:a9:6b:26:ab:78:
         ac:14:9e:19:df:fb:c1:54:84:62:eb:f4:1a:40:ce:82:0b:71:
         6e:3d:9c:45:74:27:be:6a:e3:6a:f4:a5:d7:e3:3a:35:c0:2c:
         b7:f9:75:82:77:24:31:d1:7d:5d:6d:42:d9:5f:00:f5:d1:a8:
         a0:2b:e7:8a
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIURNTmXxznNrjk5/YI1sF8hk1gdrgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MTAxNDU2MjJaFw0yNzA2MDkxNTAxMjJaMDMxMTAvBgNV
BAMTKEMwNUI0NzQ2QzkzRkMwODdEMTEwMjU0OEYxNzhERURDRENEMzNENUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyclkBJdVp69Zdnqw//16lvi+r
V9Y4pBTFjNwxAu7W+OkIhYhxPcgGXkK1ZJx0ffOex0OCUk3q1eNRN7IQ1qHccSTa
Pg2KaokBOM27QiLYz158dpIXBsWR0EQxuTBuDg5JhxYmeMLgsLzw8zDYfTq108CG
oMCWYRY6UZ5ztCfXZkck5EkdMENUrDEunWojXM69X3dA0Z4pRa8Bz2Lnus4O2tt4
UQi7sVRwRAWoxuj8VIeTLYEIVdYTXeHF/M4TXWT9T7i0FdtWAYosL9O1uXsLM0PP
9KtemCYZjAbSGhBcSdangkq53xWzi/JwxxKXsaRm9hJulLpzZcKkGb2TfGtTAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUwFtHRsk/wIfRECVI8Xje3NzTPV0wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MTM4OTk1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAZ9BXAwQAZ9ZGMA0GCSqGSIb3DQEBCwUAA4IBAQCG
B79hXoBlqqd7H7B/t30wjnX1G+Nncb+a/PXcnPdO8yCHIOA95JK4wrnHs5slo358
Avq83PfTCi1h/U7duGMdc1jq4Lt06+VTHv1yNpR6ZfFluoujDgQa42abKq1I7QMb
txINY59vzT15/r2TskJkznjJux5ZuZn7CpT+4x+yuErdMO163gAqXL6wakHP6w97
ipcruAMw1pwxmXq352afkNjIrAr/qSUjxfgMTfPfY9RF0MxKy6Fyw06iOdo7PMMX
qWsmq3isFJ4Z3/vBVIRi6/QaQM6CC3FuPZxFdCe+auNq9KXX4zo1wCy3+XWCdyQx
0X1dbULZXwD10aigK+eK
-----END CERTIFICATE-----