Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214441.roa
File:                     AS214441.roa (raw, json)
Hash identifier:          EGRbbw+U4CHpzpY2Y3AJC/v+7d+pj+P4QlyXEcyQfI4=
Subject key identifier:   59:4E:92:F0:41:DB:04:43:27:7D:30:BB:B5:48:20:79:8B:B3:7E:8A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       163187068B5C56832BAE6CD957E5EA67E6FF3E30
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214441.roa
Signing time:             Mon 08 Jun 2026 22:41:25 +0000
ROA not before:           Mon 08 Jun 2026 22:36:25 +0000
ROA not after:            Mon 07 Jun 2027 22:41:25 +0000
asID:                     214441
IP address blocks:        85.155.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:31:87:06:8b:5c:56:83:2b:ae:6c:d9:57:e5:ea:67:e6:ff:3e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  8 22:36:25 2026 GMT
            Not After : Jun  7 22:41:25 2027 GMT
        Subject: CN=594E92F041DB0443277D30BBB54820798BB37E8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:16:2e:b6:4d:ce:6f:99:cc:d4:33:69:be:ec:
                    c9:9b:5f:86:e3:88:99:05:00:43:0e:20:4a:60:5e:
                    8e:59:cc:ba:8d:5a:70:e8:73:26:24:f5:e6:f7:b6:
                    2e:f4:e7:3c:ec:7a:64:e7:c6:b2:95:70:49:a2:2c:
                    78:37:52:a5:a0:15:05:3d:b8:cb:b7:d6:ca:75:50:
                    82:f7:75:45:f7:dc:e7:36:fa:17:b0:96:1e:11:0c:
                    1b:c5:c2:2d:3b:f8:68:9e:40:b9:c1:eb:73:63:6e:
                    31:10:68:08:76:d3:bd:55:6e:ed:52:51:58:f8:34:
                    ec:4b:f5:2b:f6:d0:b9:aa:c3:22:42:65:a5:30:b3:
                    35:83:69:96:be:0e:9f:6e:13:63:fd:03:79:40:2d:
                    53:2c:c5:a2:37:4e:21:be:13:d3:b0:dc:c8:fe:db:
                    c4:f8:0f:8a:84:cd:d1:e3:5b:7c:63:2f:2c:dd:f7:
                    04:8c:2d:ef:3d:1f:6d:4e:ef:3a:84:83:42:8b:04:
                    03:e9:0d:57:81:54:27:69:39:db:76:98:0c:6d:70:
                    c2:05:f6:ea:80:41:5d:9e:ef:77:46:09:cb:ef:02:
                    df:27:10:c2:86:d4:cb:73:b4:bf:ee:f3:47:72:a9:
                    c5:59:2e:6c:6e:89:69:d1:5b:e8:02:1b:c9:09:7f:
                    a9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4E:92:F0:41:DB:04:43:27:7D:30:BB:B5:48:20:79:8B:B3:7E:8A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214441.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:5a:79:ac:78:e5:ab:8b:99:92:f4:cb:9a:bb:5a:69:84:ea:
         10:8a:e7:c2:e0:fc:ff:6a:ab:58:47:be:48:af:01:92:7c:84:
         98:66:95:92:f9:bb:65:d5:2e:73:0c:a7:4d:db:75:99:22:a4:
         ec:3e:1b:51:8d:0e:f0:74:22:8f:5c:0e:83:5b:e1:9d:f2:48:
         75:0e:4f:5f:22:9b:31:7a:19:a3:0c:74:12:fb:4f:4c:35:ca:
         92:f1:1c:4e:6f:23:4b:32:fa:32:28:ae:40:6c:c8:bf:1e:d8:
         ba:c3:24:1a:77:41:75:d0:75:81:8e:3b:b0:20:6c:e6:02:d1:
         88:78:76:b5:99:a5:b3:9a:7c:24:5f:ff:1a:02:f6:b5:ef:b3:
         0a:8c:96:c9:ef:98:07:76:ca:55:bf:7b:22:71:1c:e6:1b:19:
         67:fa:47:cd:26:fb:ce:e5:2f:68:64:ba:88:e3:d6:0c:e6:8a:
         48:f7:db:36:59:9f:1d:87:33:ec:ed:b8:05:2a:10:87:67:b5:
         8b:f6:80:d5:85:26:37:ea:d2:77:18:aa:ac:bb:2d:8b:48:a2:
         a0:d1:2f:c9:7f:c9:34:98:0c:80:c3:8a:d6:a9:f6:88:80:00:
         4d:07:a8:c5:a0:0c:b5:e1:d1:8d:03:d8:c1:d2:41:b0:d6:5d:
         00:2c:e8:cf
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUFjGHBotcVoMrrmzZV+XqZ+b/PjAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDgyMjM2MjVaFw0yNzA2MDcyMjQxMjVaMDMxMTAvBgNV
BAMTKDU5NEU5MkYwNDFEQjA0NDMyNzdEMzBCQkI1NDgyMDc5OEJCMzdFOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyFi62Tc5vmczUM2m+7MmbX4bj
iJkFAEMOIEpgXo5ZzLqNWnDocyYk9eb3ti705zzsemTnxrKVcEmiLHg3UqWgFQU9
uMu31sp1UIL3dUX33Oc2+hewlh4RDBvFwi07+GieQLnB63NjbjEQaAh2071Vbu1S
UVj4NOxL9Sv20LmqwyJCZaUwszWDaZa+Dp9uE2P9A3lALVMsxaI3TiG+E9Ow3Mj+
28T4D4qEzdHjW3xjLyzd9wSMLe89H21O7zqEg0KLBAPpDVeBVCdpOdt2mAxtcMIF
9uqAQV2e73dGCcvvAt8nEMKG1MtztL/u80dyqcVZLmxuiWnRW+gCG8kJf6k5AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUWU6S8EHbBEMnfTC7tUggeYuzfoowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NDQxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAVZvlMA0GCSqGSIb3DQEBCwUAA4IBAQBwWnmseOWr
i5mS9Muau1pphOoQiufC4Pz/aqtYR75IrwGSfISYZpWS+btl1S5zDKdN23WZIqTs
PhtRjQ7wdCKPXA6DW+Gd8kh1Dk9fIpsxehmjDHQS+09MNcqS8RxObyNLMvoyKK5A
bMi/Hti6wyQad0F10HWBjjuwIGzmAtGIeHa1maWzmnwkX/8aAva177MKjJbJ75gH
dspVv3sicRzmGxln+kfNJvvO5S9oZLqI49YM5opI99s2WZ8dhzPs7bgFKhCHZ7WL
9oDVhSY36tJ3GKqsuy2LSKKg0S/Jf8k0mAyAw4rWqfaIgABNB6jFoAy14dGNA9jB
0kGw1l0ALOjP
-----END CERTIFICATE-----