Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200236.roa
File:                     AS200236.roa (raw, json)
Hash identifier:          9Vlw75xSeBJq49a9McTVFDJjORL+xX53/P+zG7t5i5I=
Subject key identifier:   AF:AF:7E:E0:B8:72:EF:84:0A:07:35:32:F6:D1:90:CD:02:6D:60:DF
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       24F713D6E1F09535AFAE6E82BA37CDAB9A8AF743
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200236.roa
Signing time:             Tue 09 Jun 2026 19:50:13 +0000
ROA not before:           Tue 09 Jun 2026 19:45:13 +0000
ROA not after:            Tue 08 Jun 2027 19:50:13 +0000
asID:                     200236
IP address blocks:        143.246.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:f7:13:d6:e1:f0:95:35:af:ae:6e:82:ba:37:cd:ab:9a:8a:f7:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  9 19:45:13 2026 GMT
            Not After : Jun  8 19:50:13 2027 GMT
        Subject: CN=AFAF7EE0B872EF840A073532F6D190CD026D60DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b1:0c:d1:1f:4d:ea:6a:21:49:d7:31:c4:0f:
                    72:5d:02:68:6a:41:9a:6a:a3:5a:9c:ca:d7:c4:c2:
                    0c:79:b6:ff:ff:51:63:d7:ad:f9:04:99:94:1c:e6:
                    c8:5c:b5:6e:4d:f7:ac:c9:1f:8e:b4:34:b6:a2:71:
                    35:cb:6c:b3:fb:d7:a4:b6:2e:fb:80:3d:b7:ed:57:
                    49:7e:da:f7:68:3e:d4:84:c3:1d:04:a9:7d:e5:e4:
                    01:e3:3f:ea:bf:11:e0:17:14:52:61:30:3c:4d:5b:
                    25:1e:c4:64:df:69:3b:da:70:e1:f6:b2:c4:aa:2c:
                    ad:6c:b3:7c:c1:3f:e0:47:a5:4c:2f:e8:c5:14:cb:
                    42:e0:b9:18:4c:3b:1a:e9:c4:96:4c:ed:c2:86:02:
                    77:90:24:9f:0c:ff:9e:8d:d4:2a:28:eb:29:ad:a8:
                    64:c5:ef:99:de:13:68:d2:d1:ed:8e:48:24:18:3a:
                    db:ee:e5:30:58:4c:44:cf:08:06:68:b5:38:24:9d:
                    57:7d:5f:55:0a:41:90:d7:1b:82:5d:35:6c:9b:1a:
                    a9:16:91:cc:54:c5:58:2c:86:b7:93:bd:0b:b6:98:
                    4a:01:f4:08:76:56:1d:fb:db:35:96:94:24:7a:d3:
                    62:4c:f0:37:24:66:92:ca:5d:26:1c:df:42:3f:9a:
                    43:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AF:7E:E0:B8:72:EF:84:0A:07:35:32:F6:D1:90:CD:02:6D:60:DF
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.246.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:fd:92:f8:cd:7b:df:c3:1f:41:a9:81:f5:c9:fd:82:59:5d:
         d9:b2:33:ac:10:03:6d:83:c5:80:30:6a:53:21:b6:c5:b8:86:
         59:4c:29:98:cc:98:2a:3b:11:cf:cd:58:37:57:9e:a0:4a:74:
         c3:f2:8a:77:5e:f9:bb:20:19:78:a0:b1:1f:98:c7:4b:65:2d:
         1f:f6:a4:73:84:a8:23:db:3c:cf:0f:8f:98:25:c1:fe:a4:59:
         89:48:94:c9:ce:af:c4:1a:3d:ab:da:fd:17:e4:fc:6d:16:bc:
         6a:5a:0f:46:d9:4a:67:8f:e7:5f:03:bf:f5:55:d8:07:37:65:
         0c:55:da:3f:96:19:e1:36:f5:49:6b:68:74:23:82:0a:6a:75:
         60:d4:1f:5e:2a:90:b3:a4:12:b9:40:7e:19:06:e1:7f:08:5c:
         42:be:bf:64:2c:f9:3a:c7:6b:50:11:07:18:b6:a5:cc:7f:10:
         64:58:b2:d5:fd:76:a3:c5:37:f4:f2:21:e4:c4:1f:6e:f3:34:
         e6:bb:55:d8:fa:91:c4:be:86:f2:86:c0:77:ea:7c:aa:02:15:
         e9:79:09:bf:b7:87:9e:ca:e6:16:c0:2e:e7:ae:dd:9d:ee:c2:
         2c:b7:46:c2:0e:5e:fd:c1:5b:ae:c2:c3:e1:f1:ac:3c:56:b0:
         8a:6c:73:a3
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUJPcT1uHwlTWvrm6CujfNq5qK90MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDkxOTQ1MTNaFw0yNzA2MDgxOTUwMTNaMDMxMTAvBgNV
BAMTKEFGQUY3RUUwQjg3MkVGODQwQTA3MzUzMkY2RDE5MENEMDI2RDYwREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVsQzRH03qaiFJ1zHED3JdAmhq
QZpqo1qcytfEwgx5tv//UWPXrfkEmZQc5shctW5N96zJH460NLaicTXLbLP716S2
LvuAPbftV0l+2vdoPtSEwx0EqX3l5AHjP+q/EeAXFFJhMDxNWyUexGTfaTvacOH2
ssSqLK1ss3zBP+BHpUwv6MUUy0LguRhMOxrpxJZM7cKGAneQJJ8M/56N1Coo6ymt
qGTF75neE2jS0e2OSCQYOtvu5TBYTETPCAZotTgknVd9X1UKQZDXG4JdNWybGqkW
kcxUxVgshreTvQu2mEoB9Ah2Vh372zWWlCR602JM8DckZpLKXSYc30I/mkNjAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUr69+4Lhy74QKBzUy9tGQzQJtYN8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwMjM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAj/aJMA0GCSqGSIb3DQEBCwUAA4IBAQBB/ZL4zXvf
wx9BqYH1yf2CWV3ZsjOsEANtg8WAMGpTIbbFuIZZTCmYzJgqOxHPzVg3V56gSnTD
8op3Xvm7IBl4oLEfmMdLZS0f9qRzhKgj2zzPD4+YJcH+pFmJSJTJzq/EGj2r2v0X
5PxtFrxqWg9G2Upnj+dfA7/1VdgHN2UMVdo/lhnhNvVJa2h0I4IKanVg1B9eKpCz
pBK5QH4ZBuF/CFxCvr9kLPk6x2tQEQcYtqXMfxBkWLLV/XajxTf08iHkxB9u8zTm
u1XY+pHEvobyhsB36nyqAhXpeQm/t4eeyuYWwC7nrt2d7sIst0bCDl79wVuuwsPh
8aw8VrCKbHOj
-----END CERTIFICATE-----