Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214441.roa
File:                     AS214441.roa (raw, json)
Hash identifier:          8FH5go5r8TqBkeXczPULLpRIQjJwY/6QRQyPBpbyGC0=
Subject key identifier:   65:C7:C3:5F:FB:D3:16:56:08:52:8A:C6:68:BC:E3:6E:63:52:1F:97
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       576FE480100D1850C6F9F5C123B1E93C620170DF
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214441.roa
Signing time:             Fri 31 Oct 2025 17:25:51 +0000
ROA not before:           Fri 31 Oct 2025 17:20:51 +0000
ROA not after:            Fri 30 Oct 2026 17:25:51 +0000
asID:                     214441
IP address blocks:        85.155.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:6f:e4:80:10:0d:18:50:c6:f9:f5:c1:23:b1:e9:3c:62:01:70:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Oct 31 17:20:51 2025 GMT
            Not After : Oct 30 17:25:51 2026 GMT
        Subject: CN=65C7C35FFBD3165608528AC668BCE36E63521F97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:3f:b3:5c:33:42:32:5b:f8:2c:25:3d:93:7a:
                    b6:5e:a8:9f:5d:5c:40:f5:0a:d1:4a:40:39:90:c5:
                    50:6b:1f:6a:0e:a2:ba:26:90:50:3b:52:c6:bf:a5:
                    c2:e6:13:98:ab:d3:2f:99:3b:ed:f8:65:e9:df:bc:
                    31:85:41:8a:e1:d5:39:eb:5b:7a:1f:d6:c5:59:b1:
                    22:83:00:40:d3:4a:79:69:c6:94:bb:c0:69:ec:99:
                    d8:e5:ef:44:31:23:05:f2:e0:a3:fd:1f:f1:53:9e:
                    39:e8:43:b8:74:93:6d:7b:07:ca:32:a9:d4:39:ed:
                    34:78:4c:35:61:10:0d:bc:8d:35:d7:bf:58:8d:af:
                    e2:9c:de:10:82:1d:58:b1:73:00:8b:30:49:8e:9a:
                    8f:71:fe:c5:d7:5b:55:9d:3b:65:76:6f:1c:7b:d0:
                    7e:2d:9e:0a:cd:d0:20:1e:45:51:19:ad:e8:be:8d:
                    14:d2:5b:a6:b8:43:60:14:c2:05:b1:32:97:ff:96:
                    19:6e:7d:99:58:4f:22:0e:cd:c6:69:96:ce:99:2e:
                    11:e3:b9:a2:4e:a9:96:42:7d:35:3f:75:ae:d0:ab:
                    04:f6:17:52:e5:c2:6f:2e:76:25:d5:56:d7:dc:9a:
                    db:3f:44:bc:1c:b5:12:8a:e6:76:81:f5:9a:ba:88:
                    98:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C7:C3:5F:FB:D3:16:56:08:52:8A:C6:68:BC:E3:6E:63:52:1F:97
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214441.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:16:75:7c:f8:f7:bf:47:21:76:58:a2:d4:6e:3a:be:59:42:
         66:83:0b:31:c7:2c:14:54:7a:12:fd:7a:ab:87:a9:65:7b:2a:
         09:83:6f:f2:e4:e2:05:95:53:49:d1:a3:9b:e1:3a:f9:83:4b:
         65:24:f6:43:c7:94:7a:44:29:d9:0c:a4:ee:f6:61:90:90:0e:
         e5:e9:39:df:01:88:45:df:9b:c4:a3:cf:a1:e3:ef:55:34:60:
         34:4a:d0:f1:3e:08:8f:7c:50:a2:77:24:3c:ae:bb:e5:23:30:
         c4:ca:b5:56:0e:79:b5:8f:1c:0a:43:4c:67:aa:ad:5d:87:7e:
         64:d0:21:4f:01:5f:2f:13:14:58:67:85:b6:0c:80:50:ba:34:
         37:99:cb:60:b7:c1:15:fa:bc:89:63:75:4f:79:a9:40:98:87:
         e0:0e:96:62:22:13:b4:ec:bd:c1:e1:0a:6f:82:05:cc:b8:c2:
         d1:a9:43:1a:a0:59:78:bb:83:ce:5e:71:3b:9f:16:f2:a4:9a:
         d3:1f:12:d4:94:91:42:7a:d4:57:2c:ea:51:ca:5a:10:b7:c6:
         a8:67:9e:ac:68:a7:60:4d:de:34:4b:da:49:ac:38:33:c7:f5:
         a6:e5:45:de:56:00:df:5e:83:74:50:94:c0:0a:d5:be:9d:33:
         a1:bf:86:58
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUV2/kgBANGFDG+fXBI7HpPGIBcN8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTEwMzExNzIwNTFaFw0yNjEwMzAxNzI1NTFaMDMxMTAvBgNV
BAMTKDY1QzdDMzVGRkJEMzE2NTYwODUyOEFDNjY4QkNFMzZFNjM1MjFGOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7P7NcM0IyW/gsJT2TerZeqJ9d
XED1CtFKQDmQxVBrH2oOoromkFA7Usa/pcLmE5ir0y+ZO+34ZenfvDGFQYrh1Tnr
W3of1sVZsSKDAEDTSnlpxpS7wGnsmdjl70QxIwXy4KP9H/FTnjnoQ7h0k217B8oy
qdQ57TR4TDVhEA28jTXXv1iNr+Kc3hCCHVixcwCLMEmOmo9x/sXXW1WdO2V2bxx7
0H4tngrN0CAeRVEZrei+jRTSW6a4Q2AUwgWxMpf/lhlufZlYTyIOzcZpls6ZLhHj
uaJOqZZCfTU/da7QqwT2F1Llwm8udiXVVtfcmts/RLwctRKK5naB9Zq6iJh5AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUZcfDX/vTFlYIUorGaLzjbmNSH5cwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NDQxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAVZvlMA0GCSqGSIb3DQEBCwUAA4IBAQA+FnV8+Pe/
RyF2WKLUbjq+WUJmgwsxxywUVHoS/Xqrh6lleyoJg2/y5OIFlVNJ0aOb4Tr5g0tl
JPZDx5R6RCnZDKTu9mGQkA7l6TnfAYhF35vEo8+h4+9VNGA0StDxPgiPfFCidyQ8
rrvlIzDEyrVWDnm1jxwKQ0xnqq1dh35k0CFPAV8vExRYZ4W2DIBQujQ3mctgt8EV
+ryJY3VPealAmIfgDpZiIhO07L3B4QpvggXMuMLRqUMaoFl4u4POXnE7nxbypJrT
HxLUlJFCetRXLOpRyloQt8aoZ56saKdgTd40S9pJrDgzx/Wm5UXeVgDfXoN0UJTA
CtW+nTOhv4ZY
-----END CERTIFICATE-----