Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214371.roa
File:                     AS214371.roa (raw, json)
Hash identifier:          2yVQMbIlMJUdSEGEMPVk40tCdWWvPW6LUAYp5Qd8a9o=
Subject key identifier:   D6:0B:87:C0:A5:2A:CA:B7:AB:E3:15:6A:FE:22:43:3F:0F:5E:CA:4B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6DFC569BCDA791FD929B35B72089B2249D04E431
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214371.roa
Signing time:             Wed 23 Jul 2025 20:05:32 +0000
ROA not before:           Wed 23 Jul 2025 20:00:32 +0000
ROA not after:            Wed 22 Jul 2026 20:05:32 +0000
asID:                     214371
IP address blocks:        103.109.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 23:12:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:fc:56:9b:cd:a7:91:fd:92:9b:35:b7:20:89:b2:24:9d:04:e4:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul 23 20:00:32 2025 GMT
            Not After : Jul 22 20:05:32 2026 GMT
        Subject: CN=D60B87C0A52ACAB7ABE3156AFE22433F0F5ECA4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0f:1a:60:06:3e:af:ec:11:6e:1b:a8:4a:d6:
                    d7:76:a4:67:79:29:cc:c1:26:21:92:aa:67:67:a6:
                    5c:c1:8e:95:39:c7:15:41:fe:9d:92:6c:ab:e7:7b:
                    00:44:14:44:13:a5:68:0e:30:11:27:e3:39:e4:ac:
                    ae:a9:16:94:cd:b8:62:bb:88:d4:c0:d5:f2:99:5f:
                    8c:ba:44:b6:c0:e8:9e:3a:60:db:b5:9d:b7:31:5e:
                    3d:88:c9:f4:96:fa:26:d7:8b:af:be:8f:22:e2:27:
                    f3:65:9d:5c:32:e2:2d:de:6a:90:8d:5c:b4:d9:e6:
                    ca:ea:4e:d3:d9:87:63:e3:2a:8f:d4:25:b4:fe:31:
                    3c:79:fc:6c:d9:c9:0e:fa:e9:e8:ba:fa:65:49:31:
                    2b:53:a7:34:c0:96:2f:74:cb:25:b4:37:56:97:61:
                    68:e0:7b:d1:c9:d2:1c:58:08:c2:06:40:91:58:02:
                    10:36:09:79:6d:db:9e:0f:cc:05:40:2b:8c:b2:6c:
                    35:79:f4:d1:0a:83:08:6e:4d:9b:80:24:70:13:6b:
                    12:af:56:e6:64:2e:b2:c7:da:87:90:16:0e:7f:d0:
                    1c:d1:01:cb:05:37:b2:76:23:13:59:a6:84:cb:cf:
                    45:4e:cb:2c:ce:8c:9b:c3:73:3c:19:98:aa:b2:44:
                    0a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:0B:87:C0:A5:2A:CA:B7:AB:E3:15:6A:FE:22:43:3F:0F:5E:CA:4B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214371.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.109.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:6c:a6:ff:cd:72:5a:2c:ec:21:9c:c9:f8:93:8c:d4:73:7c:
         73:34:af:00:4b:53:f9:d8:53:a2:4b:18:ea:03:19:ec:f1:fc:
         5a:90:0f:d6:28:06:31:a2:ba:27:a2:cf:17:c2:8e:db:2d:5f:
         c5:7e:ef:d1:1b:cf:28:d3:4c:f5:5e:13:23:17:9c:a6:d2:54:
         5f:79:fc:9b:83:41:25:59:79:51:e0:d0:46:f9:dc:ed:bb:f0:
         21:97:26:fb:f7:d3:af:a0:30:d3:23:4e:75:01:24:4e:3b:3a:
         f8:a1:be:e6:1a:4f:c4:3c:ec:4c:91:05:9c:7d:7b:77:fb:dc:
         29:03:dd:03:c6:e3:90:8a:d0:c1:8d:2a:42:19:1d:ef:f5:e7:
         18:54:4a:90:d0:6e:f5:4f:ff:62:55:8e:14:1a:f9:c6:34:73:
         27:97:79:cf:66:03:66:1c:42:ce:43:e9:39:f7:7e:06:99:9b:
         3e:c6:43:d5:e6:24:14:58:54:e4:27:94:94:6e:b7:67:71:f3:
         29:68:4e:81:b4:84:b5:f6:8c:32:a0:62:5d:b5:0f:29:39:14:
         b0:c7:92:16:57:6b:65:4b:94:3c:14:7c:c5:bc:79:c1:4c:ca:
         d6:35:be:f0:d3:6a:49:a9:a3:b7:7c:06:b4:eb:19:1b:d2:fa:
         ea:d6:99:21
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUbfxWm82nkf2SmzW3IImyJJ0E5DEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MjMyMDAwMzJaFw0yNjA3MjIyMDA1MzJaMDMxMTAvBgNV
BAMTKEQ2MEI4N0MwQTUyQUNBQjdBQkUzMTU2QUZFMjI0MzNGMEY1RUNBNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3DxpgBj6v7BFuG6hK1td2pGd5
KczBJiGSqmdnplzBjpU5xxVB/p2SbKvnewBEFEQTpWgOMBEn4znkrK6pFpTNuGK7
iNTA1fKZX4y6RLbA6J46YNu1nbcxXj2IyfSW+ibXi6++jyLiJ/NlnVwy4i3eapCN
XLTZ5srqTtPZh2PjKo/UJbT+MTx5/GzZyQ766ei6+mVJMStTpzTAli90yyW0N1aX
YWjge9HJ0hxYCMIGQJFYAhA2CXlt254PzAVAK4yybDV59NEKgwhuTZuAJHATaxKv
VuZkLrLH2oeQFg5/0BzRAcsFN7J2IxNZpoTLz0VOyyzOjJvDczwZmKqyRApfAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU1guHwKUqyrer4xVq/iJDPw9eykswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0MzcxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ23qMA0GCSqGSIb3DQEBCwUAA4IBAQBXbKb/zXJa
LOwhnMn4k4zUc3xzNK8AS1P52FOiSxjqAxns8fxakA/WKAYxoronos8Xwo7bLV/F
fu/RG88o00z1XhMjF5ym0lRfefybg0ElWXlR4NBG+dztu/Ahlyb799OvoDDTI051
ASROOzr4ob7mGk/EPOxMkQWcfXt3+9wpA90DxuOQitDBjSpCGR3v9ecYVEqQ0G71
T/9iVY4UGvnGNHMnl3nPZgNmHELOQ+k5934GmZs+xkPV5iQUWFTkJ5SUbrdncfMp
aE6BtIS19owyoGJdtQ8pORSwx5IWV2tlS5Q8FHzFvHnBTMrWNb7w02pJqaO3fAa0
6xkb0vrq1pkh
-----END CERTIFICATE-----