Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200676.roa
File:                     AS200676.roa (raw, json)
Hash identifier:          yCGCmQiSWiB7VJk3F1s9zcl8XoxgU3z8u2a2+zZI+y4=
Subject key identifier:   42:6F:F2:54:8C:69:2B:AE:BB:BC:C2:36:83:46:3E:3E:C9:A4:C5:4F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6202D3642E387305391864D901BD1C2F16929EAF
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200676.roa
Signing time:             Thu 04 Jun 2026 15:58:49 +0000
ROA not before:           Thu 04 Jun 2026 15:53:49 +0000
ROA not after:            Thu 03 Jun 2027 15:58:49 +0000
asID:                     200676
IP address blocks:        94.24.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:02:d3:64:2e:38:73:05:39:18:64:d9:01:bd:1c:2f:16:92:9e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:49 2026 GMT
            Not After : Jun  3 15:58:49 2027 GMT
        Subject: CN=426FF2548C692BAEBBBCC23683463E3EC9A4C54F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8f:31:c4:49:a3:79:02:a4:0f:9b:0e:88:58:
                    b4:88:22:05:d3:80:78:46:f6:57:5a:3f:3a:fa:73:
                    21:3c:70:1f:6c:49:90:59:78:19:fc:01:6d:37:59:
                    7f:16:77:65:34:45:ca:18:dd:85:31:a7:2d:5e:d7:
                    36:36:14:ca:f2:bf:97:7b:16:19:73:52:7a:c3:83:
                    07:6b:23:fc:e9:d3:f1:f3:5c:c0:32:f8:7d:13:f2:
                    5b:de:ec:04:d9:88:ac:b6:e8:92:5f:0a:28:bd:83:
                    a9:cd:c8:37:67:a7:f6:66:38:dc:6f:03:77:b7:5f:
                    2f:0f:1f:a5:90:4c:d2:62:c6:83:02:9c:0c:d4:cf:
                    6d:3c:14:94:16:00:08:8c:bb:7f:73:ff:b6:1d:4f:
                    3f:9c:e9:88:65:39:02:35:57:d6:07:c7:f8:26:7c:
                    0e:4c:e7:c6:15:7e:66:fd:ac:0e:c8:d5:57:3f:81:
                    14:83:22:ce:e2:ae:a2:76:dc:bd:80:c2:58:de:a2:
                    92:12:c9:cd:c2:fd:76:82:f3:a3:de:30:8c:15:37:
                    29:46:5c:ab:e2:d1:d2:58:ca:7c:12:83:10:e7:89:
                    d1:08:6a:6c:e5:09:b1:96:21:97:42:38:9f:37:cb:
                    17:43:f6:3e:06:60:f3:ee:2e:61:5a:e7:4b:95:cb:
                    23:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:6F:F2:54:8C:69:2B:AE:BB:BC:C2:36:83:46:3E:3E:C9:A4:C5:4F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.24.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:19:dc:65:01:95:88:91:16:90:dc:73:c5:37:b3:7e:1f:6c:
         16:d4:c2:b0:51:2c:31:40:5e:f4:f7:57:14:b7:47:1c:b7:14:
         a0:e1:f4:5a:2e:37:97:6f:55:91:26:6d:02:55:af:c8:bb:06:
         8b:68:b0:86:07:60:ca:a5:8a:80:3f:46:a4:5a:d1:5b:a5:ee:
         a4:4c:39:e6:f9:6a:0e:54:c0:69:26:d1:e0:7f:ed:ef:1f:6e:
         af:ba:3a:cc:c0:1c:fa:17:99:b2:fc:ba:13:9b:95:51:53:c6:
         1c:41:b2:72:ec:f5:68:76:aa:93:0a:48:de:af:9e:14:9f:5d:
         5c:0a:69:4e:0d:40:3d:7a:4d:c1:30:49:ad:d1:bc:58:1f:da:
         b9:65:b7:64:10:73:60:01:7f:3a:6a:39:70:a4:93:0e:a9:67:
         01:83:3d:e1:78:84:b5:9b:d1:31:0a:e9:ea:d9:a8:f0:52:86:
         45:21:56:fa:cf:f2:81:82:b3:12:1e:34:36:57:b6:44:fc:1c:
         48:92:c2:46:05:fa:1b:ec:4d:24:5b:0c:a1:0c:4c:90:13:9c:
         25:33:ff:a7:ad:5c:3e:3c:0a:4e:e9:34:b5:62:57:28:6a:09:
         a5:0c:d3:62:ba:64:3a:92:4f:c2:b6:6b:bf:68:fa:f8:27:d9:
         80:eb:da:24
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUYgLTZC44cwU5GGTZAb0cLxaSnq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDlaFw0yNzA2MDMxNTU4NDlaMDMxMTAvBgNV
BAMTKDQyNkZGMjU0OEM2OTJCQUVCQkJDQzIzNjgzNDYzRTNFQzlBNEM1NEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzjzHESaN5AqQPmw6IWLSIIgXT
gHhG9ldaPzr6cyE8cB9sSZBZeBn8AW03WX8Wd2U0RcoY3YUxpy1e1zY2FMryv5d7
FhlzUnrDgwdrI/zp0/HzXMAy+H0T8lve7ATZiKy26JJfCii9g6nNyDdnp/ZmONxv
A3e3Xy8PH6WQTNJixoMCnAzUz208FJQWAAiMu39z/7YdTz+c6YhlOQI1V9YHx/gm
fA5M58YVfmb9rA7I1Vc/gRSDIs7irqJ23L2AwljeopISyc3C/XaC86PeMIwVNylG
XKvi0dJYynwSgxDnidEIamzlCbGWIZdCOJ83yxdD9j4GYPPuLmFa50uVyyOPAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUQm/yVIxpK667vMI2g0Y+PsmkxU8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwNjc2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAXhhsMA0GCSqGSIb3DQEBCwUAA4IBAQBLGdxlAZWI
kRaQ3HPFN7N+H2wW1MKwUSwxQF7091cUt0cctxSg4fRaLjeXb1WRJm0CVa/IuwaL
aLCGB2DKpYqAP0akWtFbpe6kTDnm+WoOVMBpJtHgf+3vH26vujrMwBz6F5my/LoT
m5VRU8YcQbJy7PVodqqTCkjer54Un11cCmlODUA9ek3BMEmt0bxYH9q5ZbdkEHNg
AX86ajlwpJMOqWcBgz3heIS1m9ExCunq2ajwUoZFIVb6z/KBgrMSHjQ2V7ZE/BxI
ksJGBfob7E0kWwyhDEyQE5wlM/+nrVw+PApO6TS1YlcoagmlDNNiumQ6kk/Ctmu/
aPr4J9mA69ok
-----END CERTIFICATE-----