Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203098.roa
File:                     AS203098.roa (raw, json)
Hash identifier:          xfLmKbBimypgzgYzOIVlRHTY8AeOJpHRPwawCGn3HaE=
Subject key identifier:   EE:D0:D3:09:E8:4C:F2:26:88:CC:BB:FD:49:99:66:9A:34:E2:3C:8B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0FA8E370927369773CF6DC73E6B4005C51B1BF37
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203098.roa
Signing time:             Thu 04 Jun 2026 15:58:49 +0000
ROA not before:           Thu 04 Jun 2026 15:53:49 +0000
ROA not after:            Thu 03 Jun 2027 15:58:49 +0000
asID:                     203098
IP address blocks:        103.230.143.0/24 maxlen: 24
                          185.90.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a8:e3:70:92:73:69:77:3c:f6:dc:73:e6:b4:00:5c:51:b1:bf:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:49 2026 GMT
            Not After : Jun  3 15:58:49 2027 GMT
        Subject: CN=EED0D309E84CF22688CCBBFD4999669A34E23C8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:01:31:57:a5:f3:74:a7:fc:e0:08:b8:23:7d:
                    b1:a7:1e:52:8c:98:09:6e:8b:60:86:a5:b4:31:d0:
                    73:4e:a5:e7:44:eb:69:fe:77:2a:fa:4c:b2:22:e0:
                    1e:f4:6b:14:6b:31:54:b4:7e:e6:7e:e9:c4:03:bc:
                    5c:51:2c:2c:e9:da:19:c0:e0:26:62:f0:ae:66:6b:
                    c1:a6:48:c6:4b:9b:ef:7d:03:11:28:b1:09:76:0a:
                    27:a1:50:5b:f5:9d:bd:27:ef:c3:18:24:ab:bb:a6:
                    8f:7f:0c:e8:62:33:28:6f:38:f7:fb:4b:bd:12:12:
                    b3:95:22:e7:a7:53:c8:bb:8e:f2:0a:fa:99:2e:33:
                    68:c0:96:80:0b:2b:35:ec:7e:0c:b4:75:05:ff:11:
                    da:09:dd:92:ef:92:51:ae:11:4d:4a:1f:1a:dc:11:
                    d9:4f:3b:70:5b:28:f5:56:48:60:1a:da:10:dc:d8:
                    b6:63:6e:20:9d:de:29:14:1f:44:97:4f:a2:55:36:
                    e1:25:52:d3:77:7b:68:37:d8:17:37:24:03:2b:56:
                    d2:28:b1:db:84:18:89:62:43:27:d2:67:c0:03:05:
                    38:6e:1e:2c:f8:50:5e:2b:57:4c:fd:85:6a:b7:9c:
                    8b:ac:bd:5c:93:d3:d7:b7:2b:bb:ed:e2:00:f6:64:
                    2b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:D0:D3:09:E8:4C:F2:26:88:CC:BB:FD:49:99:66:9A:34:E2:3C:8B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS203098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.230.143.0/24
                  185.90.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:73:65:43:05:e7:82:1b:ee:56:61:e4:16:11:f4:87:82:52:
         59:7c:3e:2e:8f:e9:df:4a:9f:21:84:94:1b:49:0f:7d:fd:d0:
         25:66:c2:1a:10:a7:91:0e:fa:d3:29:93:78:be:17:0f:d9:14:
         58:55:50:a8:bf:6f:19:34:cb:7d:5a:cb:a5:38:72:24:41:fc:
         93:d7:98:28:84:52:df:b6:ff:b5:db:66:4b:1a:85:cd:f8:4e:
         5d:93:82:0c:ba:82:a8:7e:c7:2c:75:d4:61:14:8b:78:53:a9:
         62:49:b2:ad:68:04:20:41:4e:b2:a4:1d:6d:05:34:12:21:5a:
         f2:4f:f8:f4:31:c5:a4:e3:cb:7b:f8:a7:b3:14:3e:9e:66:60:
         08:ef:4c:2f:05:29:77:50:34:5e:17:50:dd:01:4e:b7:e4:ee:
         a7:42:65:0e:f5:9d:58:2f:b9:66:02:1d:d7:d3:29:f9:7a:ad:
         dd:e7:ed:25:60:3b:14:2d:88:5e:40:56:29:96:b5:62:45:45:
         9d:94:d3:a7:10:d0:5b:4a:10:25:dc:be:e2:a6:b8:07:ae:8e:
         51:7a:c7:6e:32:51:0c:46:24:cf:41:90:3a:42:ca:15:64:5b:
         dd:cc:57:61:3d:dc:fd:b2:0e:0a:43:fb:43:90:94:54:29:95:
         15:9a:72:ad
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUD6jjcJJzaXc89txz5rQAXFGxvzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDlaFw0yNzA2MDMxNTU4NDlaMDMxMTAvBgNV
BAMTKEVFRDBEMzA5RTg0Q0YyMjY4OENDQkJGRDQ5OTk2NjlBMzRFMjNDOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwATFXpfN0p/zgCLgjfbGnHlKM
mAlui2CGpbQx0HNOpedE62n+dyr6TLIi4B70axRrMVS0fuZ+6cQDvFxRLCzp2hnA
4CZi8K5ma8GmSMZLm+99AxEosQl2CiehUFv1nb0n78MYJKu7po9/DOhiMyhvOPf7
S70SErOVIuenU8i7jvIK+pkuM2jAloALKzXsfgy0dQX/EdoJ3ZLvklGuEU1KHxrc
EdlPO3BbKPVWSGAa2hDc2LZjbiCd3ikUH0SXT6JVNuElUtN3e2g32Bc3JAMrVtIo
sduEGIliQyfSZ8ADBThuHiz4UF4rV0z9hWq3nIusvVyT09e3K7vt4gD2ZCs3AgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQU7tDTCehM8iaIzLv9SZlmmjTiPIswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAzMDk4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAZ+aPAwQAuVo/MA0GCSqGSIb3DQEBCwUAA4IBAQCI
c2VDBeeCG+5WYeQWEfSHglJZfD4uj+nfSp8hhJQbSQ99/dAlZsIaEKeRDvrTKZN4
vhcP2RRYVVCov28ZNMt9WsulOHIkQfyT15gohFLftv+122ZLGoXN+E5dk4IMuoKo
fscsddRhFIt4U6liSbKtaAQgQU6ypB1tBTQSIVryT/j0McWk48t7+KezFD6eZmAI
70wvBSl3UDReF1DdAU635O6nQmUO9Z1YL7lmAh3X0yn5eq3d5+0lYDsULYheQFYp
lrViRUWdlNOnENBbShAl3L7iprgHro5ResduMlEMRiTPQZA6QsoVZFvdzFdhPdz9
sg4KQ/tDkJRUKZUVmnKt
-----END CERTIFICATE-----