Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204136.roa
File:                     AS204136.roa (raw, json)
Hash identifier:          6ne2LXPTGFH/jHvQ0JgUeDa+E34DaySAPCEApC8jlHU=
Subject key identifier:   C6:6D:07:C0:84:F1:92:13:7B:0E:BF:C8:7E:45:F7:C5:B0:10:A5:52
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6B029504E1224D6B782E80A5518DC593C5D63691
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204136.roa
Signing time:             Thu 04 Jun 2026 15:58:53 +0000
ROA not before:           Thu 04 Jun 2026 15:53:53 +0000
ROA not after:            Thu 03 Jun 2027 15:58:53 +0000
asID:                     204136
IP address blocks:        103.230.141.0/24 maxlen: 24
                          185.121.177.0/24 maxlen: 24
                          2a0a:6043::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:02:95:04:e1:22:4d:6b:78:2e:80:a5:51:8d:c5:93:c5:d6:36:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:53 2026 GMT
            Not After : Jun  3 15:58:53 2027 GMT
        Subject: CN=C66D07C084F192137B0EBFC87E45F7C5B010A552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5f:92:ed:c8:0e:68:08:21:12:4b:68:93:ea:
                    6a:e9:8f:7f:1a:22:46:af:69:0b:92:d6:e6:8b:3a:
                    43:b4:43:4e:a3:24:6d:85:3b:e0:71:41:e6:c4:35:
                    09:07:07:5b:1f:14:72:55:8e:c6:60:92:17:81:46:
                    60:23:f2:c8:2d:25:74:2d:67:6b:80:cc:f7:1e:74:
                    7b:e1:a0:b3:78:ef:fa:54:e1:69:39:ba:53:41:8d:
                    81:eb:3b:48:a2:76:15:fb:be:a2:cf:13:f7:7f:23:
                    14:54:8f:83:19:4b:57:18:dd:30:11:2a:da:7b:6d:
                    af:3c:3f:5c:33:1d:1c:89:1f:4c:04:5c:eb:b1:77:
                    a3:d6:4d:61:97:14:fc:70:37:54:20:1b:29:2c:bf:
                    02:f5:18:a9:e5:de:3b:49:0b:c9:52:53:a7:fd:46:
                    7d:f6:90:cf:43:e4:fd:db:b9:b2:a4:95:fd:59:07:
                    4f:5a:57:44:fb:53:5b:17:6b:df:cd:81:ba:32:ee:
                    a9:23:47:a5:a5:36:af:a5:97:e5:e0:f2:1e:58:30:
                    20:a3:04:47:3d:06:f8:9b:38:25:44:72:74:84:29:
                    7d:24:8d:8b:94:b3:5b:a7:ab:62:5a:96:cc:be:f6:
                    35:6f:ac:0c:83:ca:4d:dc:ba:71:88:84:34:18:eb:
                    a3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:6D:07:C0:84:F1:92:13:7B:0E:BF:C8:7E:45:F7:C5:B0:10:A5:52
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS204136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.230.141.0/24
                  185.121.177.0/24
                IPv6:
                  2a0a:6043::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:4c:52:97:17:f8:32:6a:aa:bf:8e:8d:dc:fc:ed:ed:97:5c:
         fc:11:be:d5:5b:23:18:1a:02:73:53:e8:e7:c3:b3:c0:3f:ef:
         27:6b:99:c6:fe:15:cb:77:24:64:89:3d:35:58:7f:97:94:16:
         f9:61:d9:74:e9:42:3b:32:a0:46:c6:f9:f1:0a:0a:5c:35:df:
         cf:16:97:dc:d4:22:c8:91:e9:21:d5:02:a9:86:f5:cc:ab:ee:
         cc:70:bf:b2:ac:d1:6f:a4:26:ab:43:b8:7c:82:d7:ba:a5:4b:
         c8:95:20:c2:ce:c3:2a:10:ea:2b:e2:d9:68:fc:b1:c4:f7:8a:
         26:cc:ae:7c:6a:91:7f:80:4d:4a:48:1a:f0:b3:eb:2c:f9:ab:
         1d:60:70:95:3d:08:a0:b6:db:47:53:c8:62:6b:20:53:39:85:
         18:c6:02:c1:e1:cc:c7:5c:90:0b:0e:47:65:d6:27:82:7d:5b:
         44:b6:04:6c:34:82:de:9f:79:c8:0d:80:2c:30:15:0c:25:32:
         e1:7d:d9:85:55:a8:b4:ba:7f:1a:de:64:5e:2d:26:92:48:a2:
         44:6f:86:9c:a8:c0:15:28:64:18:ad:6f:3c:16:53:b2:81:ca:
         c1:6f:fe:48:f2:21:a4:54:73:7b:92:44:1c:ad:85:37:41:95:
         98:85:7f:ee
-----BEGIN CERTIFICATE-----
MIIE+jCCA+KgAwIBAgIUawKVBOEiTWt4LoClUY3Fk8XWNpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTNaFw0yNzA2MDMxNTU4NTNaMDMxMTAvBgNV
BAMTKEM2NkQwN0MwODRGMTkyMTM3QjBFQkZDODdFNDVGN0M1QjAxMEE1NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXX5LtyA5oCCESS2iT6mrpj38a
IkavaQuS1uaLOkO0Q06jJG2FO+BxQebENQkHB1sfFHJVjsZgkheBRmAj8sgtJXQt
Z2uAzPcedHvhoLN47/pU4Wk5ulNBjYHrO0iidhX7vqLPE/d/IxRUj4MZS1cY3TAR
Ktp7ba88P1wzHRyJH0wEXOuxd6PWTWGXFPxwN1QgGyksvwL1GKnl3jtJC8lSU6f9
Rn32kM9D5P3bubKklf1ZB09aV0T7U1sXa9/Ngboy7qkjR6WlNq+ll+Xg8h5YMCCj
BEc9BvibOCVEcnSEKX0kjYuUs1unq2Jalsy+9jVvrAyDyk3cunGIhDQY66PpAgMB
AAGjggIEMIICADAdBgNVHQ4EFgQUxm0HwITxkhN7Dr/IfkX3xbAQpVIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA0MTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEH
AQH/BCUwIzASBAIAATAMAwQAZ+aNAwQAuXmxMA0EAgACMAcDBQAqCmBDMA0GCSqG
SIb3DQEBCwUAA4IBAQC8TFKXF/gyaqq/jo3c/O3tl1z8Eb7VWyMYGgJzU+jnw7PA
P+8na5nG/hXLdyRkiT01WH+XlBb5Ydl06UI7MqBGxvnxCgpcNd/PFpfc1CLIkekh
1QKphvXMq+7McL+yrNFvpCarQ7h8gte6pUvIlSDCzsMqEOor4tlo/LHE94omzK58
apF/gE1KSBrws+ss+asdYHCVPQigtttHU8hiayBTOYUYxgLB4czHXJALDkdl1ieC
fVtEtgRsNILen3nIDYAsMBUMJTLhfdmFVai0un8a3mReLSaSSKJEb4acqMAVKGQY
rW88FlOygcrBb/5I8iGkVHN7kkQcrYU3QZWYhX/u
-----END CERTIFICATE-----