Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200229.roa
File:                     AS200229.roa (raw, json)
Hash identifier:          mMG9jOfLqVyUkEHvgqlbFJB8tDzALq6xAdJGEq6BdwU=
Subject key identifier:   02:45:C6:34:F6:9A:05:57:67:04:56:65:90:55:39:21:B5:ED:66:C7
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       4D0F233C75D869EBC20B130FED7279B72C5541CD
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200229.roa
Signing time:             Wed 01 Apr 2026 15:31:12 +0000
ROA not before:           Wed 01 Apr 2026 15:26:12 +0000
ROA not after:            Wed 31 Mar 2027 15:31:12 +0000
asID:                     200229
IP address blocks:        103.139.89.0/24 maxlen: 24
                          153.76.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:0f:23:3c:75:d8:69:eb:c2:0b:13:0f:ed:72:79:b7:2c:55:41:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Apr  1 15:26:12 2026 GMT
            Not After : Mar 31 15:31:12 2027 GMT
        Subject: CN=0245C634F69A05576704566590553921B5ED66C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6d:94:a0:b1:23:4a:37:75:67:20:0f:59:28:
                    b5:d5:ac:fd:92:27:f2:d5:a9:78:53:c2:5b:7d:f4:
                    50:8b:5e:8d:4d:35:5c:dd:a4:47:41:f3:85:69:13:
                    3e:24:a8:83:eb:e3:bb:34:b6:2f:a2:f1:99:03:d8:
                    6e:d8:6c:25:ab:02:fd:e5:35:62:fe:65:10:68:b5:
                    86:2d:4f:2e:c1:87:c1:c3:68:40:46:af:5b:57:06:
                    13:df:45:ee:ed:f5:e8:31:95:e3:66:b0:55:ec:67:
                    db:d8:4d:90:6d:4d:61:2f:fd:a6:3c:ed:26:4c:5c:
                    3d:89:2a:7c:7b:2f:b6:64:bf:2b:3e:17:2e:a0:1d:
                    02:3f:bd:36:c8:80:ed:3d:33:2d:73:9e:13:0d:fc:
                    d3:5c:1f:40:d2:08:31:2f:10:1a:67:8b:47:18:89:
                    d6:b6:b9:c1:a7:4b:8d:a3:be:fb:f4:2d:b5:58:3e:
                    59:0d:00:c3:03:ff:4d:6a:2b:25:e4:41:71:1d:b0:
                    5d:7a:ee:76:e7:b9:d1:a6:01:b9:1f:43:65:6b:8d:
                    b4:db:2c:49:c6:2f:91:b0:f5:16:c6:0e:5a:3c:c2:
                    97:29:4d:90:b1:19:2d:e7:0a:b8:41:35:95:b6:ee:
                    f6:a4:54:06:ba:8b:38:05:e0:d7:b0:e7:0e:63:8a:
                    f8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:45:C6:34:F6:9A:05:57:67:04:56:65:90:55:39:21:B5:ED:66:C7
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200229.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.89.0/24
                  153.76.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:39:47:ff:ca:ac:d4:7f:62:e7:97:6c:89:b8:87:1f:f8:b5:
         14:bb:95:80:20:45:b2:f6:c0:b4:fd:38:1c:ed:31:06:78:3d:
         64:e9:ab:30:16:db:6f:ea:b3:4d:a9:cf:a0:47:d4:9d:a9:e7:
         ab:a0:05:3f:a4:6d:7b:a9:4b:35:d1:3d:0b:26:35:11:6c:0d:
         50:4d:2c:36:3f:3c:d2:74:6e:76:78:42:50:67:44:05:1c:78:
         f9:f1:0b:78:ba:4f:67:80:86:d4:92:94:c5:9d:8c:0e:0c:3d:
         e4:68:bf:fa:9b:01:9d:93:22:7a:de:6b:f6:56:77:ac:47:59:
         10:d3:e1:a3:5f:9a:37:b4:9b:b6:40:2a:b3:dd:bb:eb:34:73:
         37:a8:6e:f5:63:6b:f7:20:4b:0e:8a:4c:fe:98:e5:f7:5b:0f:
         5d:02:48:1b:74:4a:ac:35:ef:39:0a:f5:30:1f:6b:3e:83:c9:
         55:66:b4:32:47:af:6b:36:db:c5:a3:19:7c:56:f7:57:61:43:
         b9:b5:2e:7e:6b:1e:16:6b:eb:f5:fb:fa:dd:2f:df:1d:c9:37:
         94:ac:ea:08:f9:67:38:db:e1:ea:a3:91:98:79:3b:b2:6c:ef:
         c1:32:26:a8:76:bc:75:17:97:16:3a:0a:2f:d9:b9:71:67:7b:
         bf:63:22:0a
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUTQ8jPHXYaevCCxMP7XJ5tyxVQc0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA0MDExNTI2MTJaFw0yNzAzMzExNTMxMTJaMDMxMTAvBgNV
BAMTKDAyNDVDNjM0RjY5QTA1NTc2NzA0NTY2NTkwNTUzOTIxQjVFRDY2QzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbZSgsSNKN3VnIA9ZKLXVrP2S
J/LVqXhTwlt99FCLXo1NNVzdpEdB84VpEz4kqIPr47s0ti+i8ZkD2G7YbCWrAv3l
NWL+ZRBotYYtTy7Bh8HDaEBGr1tXBhPfRe7t9egxleNmsFXsZ9vYTZBtTWEv/aY8
7SZMXD2JKnx7L7Zkvys+Fy6gHQI/vTbIgO09My1znhMN/NNcH0DSCDEvEBpni0cY
ida2ucGnS42jvvv0LbVYPlkNAMMD/01qKyXkQXEdsF167nbnudGmAbkfQ2VrjbTb
LEnGL5Gw9RbGDlo8wpcpTZCxGS3nCrhBNZW27vakVAa6izgF4New5w5jivhVAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUAkXGNPaaBVdnBFZlkFU5IbXtZscwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwMjI5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAZ4tZAwQAmUx2MA0GCSqGSIb3DQEBCwUAA4IBAQBN
OUf/yqzUf2Lnl2yJuIcf+LUUu5WAIEWy9sC0/Tgc7TEGeD1k6aswFttv6rNNqc+g
R9SdqeeroAU/pG17qUs10T0LJjURbA1QTSw2PzzSdG52eEJQZ0QFHHj58Qt4uk9n
gIbUkpTFnYwODD3kaL/6mwGdkyJ63mv2VnesR1kQ0+GjX5o3tJu2QCqz3bvrNHM3
qG71Y2v3IEsOikz+mOX3Ww9dAkgbdEqsNe85CvUwH2s+g8lVZrQyR69rNtvFoxl8
VvdXYUO5tS5+ax4Wa+v1+/rdL98dyTeUrOoI+Wc42+Hqo5GYeTuybO/BMiaodrx1
F5cWOgov2blxZ3u/YyIK
-----END CERTIFICATE-----