Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207778.roa
File:                     AS207778.roa (raw, json)
Hash identifier:          13mzWFvEBIdPu6pWmNGFmYCmQDxBdRBCTXoYGQjaM0M=
Subject key identifier:   21:00:DA:13:32:FD:5A:F3:DD:B6:18:F4:3D:8B:5E:14:56:9E:FA:95
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       68F82B223867E5785CBC05031CA4364BB75F8BE0
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207778.roa
Signing time:             Thu 04 Jun 2026 15:58:48 +0000
ROA not before:           Thu 04 Jun 2026 15:53:48 +0000
ROA not after:            Thu 03 Jun 2027 15:58:48 +0000
asID:                     207778
IP address blocks:        103.204.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f8:2b:22:38:67:e5:78:5c:bc:05:03:1c:a4:36:4b:b7:5f:8b:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:48 2026 GMT
            Not After : Jun  3 15:58:48 2027 GMT
        Subject: CN=2100DA1332FD5AF3DDB618F43D8B5E14569EFA95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d8:95:a0:16:87:99:9e:56:5a:9d:d5:d1:dd:
                    9a:94:6f:fb:f1:23:b2:93:15:d9:23:32:55:16:b3:
                    e4:8f:25:c7:6d:91:c6:a1:c3:30:c3:0d:4e:7b:90:
                    7f:5c:41:4e:a4:c0:21:3a:fe:cb:b5:0e:5a:23:1a:
                    f7:5e:19:77:f6:a9:99:98:5f:6f:ad:26:fc:28:e9:
                    a4:91:1a:f6:80:69:36:6c:b6:16:f8:ca:d1:98:58:
                    46:a1:cc:2d:58:57:49:06:f3:c5:ad:c5:30:4d:90:
                    92:88:f9:f7:46:f0:35:3b:81:c9:36:20:1f:d3:e6:
                    6e:a9:aa:a9:9a:97:7c:b8:7c:3f:05:c5:9a:62:ff:
                    46:c5:59:23:be:38:8f:0f:c3:18:5a:06:ed:76:b7:
                    87:c6:8e:6a:40:14:23:8a:32:eb:d0:c1:19:83:47:
                    da:9e:31:2f:b5:ab:da:19:a0:74:0d:6b:99:46:c0:
                    f8:d6:c7:c1:d2:d6:6b:ab:96:cb:c3:3a:86:f2:c5:
                    6a:c4:a7:a8:9a:15:6a:32:c4:20:8c:36:fa:6b:a3:
                    6a:ad:75:4e:f9:f6:90:4f:32:92:57:1b:63:ed:6c:
                    35:08:56:78:4e:35:27:6c:33:e6:c3:da:25:96:0e:
                    c0:66:86:7a:13:d9:6f:5b:60:04:77:7c:2a:0e:a9:
                    6f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:00:DA:13:32:FD:5A:F3:DD:B6:18:F4:3D:8B:5E:14:56:9E:FA:95
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207778.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.204.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:1b:eb:dd:53:28:07:00:2c:79:48:8c:92:d3:f8:ea:c4:e2:
         2a:10:d9:ae:e7:37:f1:87:0e:39:01:69:ab:f0:b6:74:31:d1:
         9f:0d:36:0f:f2:ef:db:71:b2:e1:81:c0:a6:fd:d0:09:fe:c8:
         ef:32:cc:36:8a:62:cd:64:b2:b7:04:e7:d8:40:fb:bf:3c:ac:
         2f:11:fb:c2:a3:81:3a:9b:5a:be:a0:60:49:a3:71:23:cc:58:
         03:e3:ca:57:17:87:62:5d:92:4d:65:ad:05:ca:47:34:30:1d:
         09:3c:0d:db:4c:9b:f1:11:93:4b:9c:89:3b:bf:93:cb:e2:ed:
         08:80:48:61:7c:25:f1:12:d3:d2:20:c3:3f:1c:e1:bc:27:62:
         2e:6e:72:3e:78:4c:5b:fc:fa:22:1f:60:25:14:f2:95:ac:9b:
         e5:90:29:2c:27:59:b0:99:b7:95:6a:38:b4:b0:7a:d1:6a:b5:
         83:03:a0:08:02:c2:1e:35:e0:9f:7b:a6:69:83:4d:3f:bd:15:
         c8:d5:d4:c6:06:13:4d:08:b4:05:c5:cd:c9:71:42:e0:38:b5:
         30:b8:93:fd:a2:e5:ae:f5:49:eb:e6:7e:6f:ad:38:db:27:e1:
         fe:0a:a8:45:ce:51:6c:d5:44:e9:fe:d1:05:80:57:f0:01:87:
         d5:6a:4f:0d
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUaPgrIjhn5XhcvAUDHKQ2S7dfi+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDhaFw0yNzA2MDMxNTU4NDhaMDMxMTAvBgNV
BAMTKDIxMDBEQTEzMzJGRDVBRjNEREI2MThGNDNEOEI1RTE0NTY5RUZBOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw2JWgFoeZnlZandXR3ZqUb/vx
I7KTFdkjMlUWs+SPJcdtkcahwzDDDU57kH9cQU6kwCE6/su1DlojGvdeGXf2qZmY
X2+tJvwo6aSRGvaAaTZsthb4ytGYWEahzC1YV0kG88WtxTBNkJKI+fdG8DU7gck2
IB/T5m6pqqmal3y4fD8FxZpi/0bFWSO+OI8PwxhaBu12t4fGjmpAFCOKMuvQwRmD
R9qeMS+1q9oZoHQNa5lGwPjWx8HS1murlsvDOobyxWrEp6iaFWoyxCCMNvpro2qt
dU759pBPMpJXG2PtbDUIVnhONSdsM+bD2iWWDsBmhnoT2W9bYAR3fCoOqW9rAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUIQDaEzL9WvPdthj0PYteFFae+pUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA3Nzc4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ8zAMA0GCSqGSIb3DQEBCwUAA4IBAQCBG+vdUygH
ACx5SIyS0/jqxOIqENmu5zfxhw45AWmr8LZ0MdGfDTYP8u/bcbLhgcCm/dAJ/sjv
Msw2imLNZLK3BOfYQPu/PKwvEfvCo4E6m1q+oGBJo3EjzFgD48pXF4diXZJNZa0F
ykc0MB0JPA3bTJvxEZNLnIk7v5PL4u0IgEhhfCXxEtPSIMM/HOG8J2IubnI+eExb
/PoiH2AlFPKVrJvlkCksJ1mwmbeVaji0sHrRarWDA6AIAsIeNeCfe6Zpg00/vRXI
1dTGBhNNCLQFxc3JcULgOLUwuJP9ouWu9Unr5n5vrTjbJ+H+CqhFzlFs1UTp/tEF
gFfwAYfVak8N
-----END CERTIFICATE-----