Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214456.roa
File:                     AS214456.roa (raw, json)
Hash identifier:          /j46GoHiwBY/Qf5SO2atq77Plq5tap/kbA7PHp9xvxA=
Subject key identifier:   38:D2:04:CF:CF:44:F3:CD:6A:0D:ED:6D:D0:3B:21:A0:2E:09:D5:9F
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       6414EB3961CFBF6A7DE810EFFF75A3B2FFE22B6F
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214456.roa
Signing time:             Tue 31 Mar 2026 22:42:56 +0000
ROA not before:           Tue 31 Mar 2026 22:37:56 +0000
ROA not after:            Tue 30 Mar 2027 22:42:56 +0000
asID:                     214456
IP address blocks:        81.31.213.0/24 maxlen: 24
                          103.230.142.0/24 maxlen: 24
                          153.76.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:14:eb:39:61:cf:bf:6a:7d:e8:10:ef:ff:75:a3:b2:ff:e2:2b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Mar 31 22:37:56 2026 GMT
            Not After : Mar 30 22:42:56 2027 GMT
        Subject: CN=38D204CFCF44F3CD6A0DED6DD03B21A02E09D59F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ce:b9:9f:f1:c2:99:1f:38:e8:e4:a9:72:3f:
                    c6:c3:7d:f0:b9:34:35:b2:ca:e6:25:77:92:d3:5f:
                    e6:6c:75:78:a9:54:5f:b5:96:d8:15:47:b9:96:d5:
                    76:19:78:23:b4:c2:96:9d:aa:d0:a7:ee:2a:95:ee:
                    5d:53:1e:3f:66:ac:bb:7f:35:d5:4f:c9:bb:f6:52:
                    0e:66:60:a0:17:5b:69:14:36:dd:2e:99:98:6b:c6:
                    60:98:9f:8b:68:1a:9c:90:a5:1f:af:52:fc:3d:52:
                    29:9e:5a:b1:e7:51:72:6e:0c:eb:e5:25:cf:f3:93:
                    38:63:a1:20:86:d0:88:39:a2:54:19:f9:8f:2f:aa:
                    ae:c9:60:20:74:85:cb:d6:87:34:60:38:0b:08:55:
                    14:0d:b7:b5:74:20:d4:cc:72:dd:dc:e3:3d:8d:45:
                    dd:fd:df:88:be:92:08:27:4c:a2:29:33:6e:a9:09:
                    d2:b6:71:dc:ff:b9:41:0a:9f:39:b6:7f:a7:de:7d:
                    2d:98:e6:bd:9e:74:bd:0c:40:44:c4:85:35:98:af:
                    25:ad:fd:a2:73:ee:f9:de:f2:6d:fd:38:8a:6b:3d:
                    6f:bc:8f:9d:d9:f6:9a:43:ab:75:d6:5a:02:39:e0:
                    86:4a:b7:fe:64:f1:87:73:62:4e:aa:4b:f8:11:9e:
                    96:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D2:04:CF:CF:44:F3:CD:6A:0D:ED:6D:D0:3B:21:A0:2E:09:D5:9F
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214456.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.213.0/24
                  103.230.142.0/24
                  153.76.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:92:f6:72:a9:59:a0:b2:fd:03:cc:cb:10:55:de:b0:68:71:
         6a:c7:9d:70:4e:51:5a:50:b4:79:fb:bb:f3:de:c6:8c:c8:5e:
         78:09:f9:25:ab:09:8f:4e:27:3c:d7:c5:6f:32:1a:60:e2:cd:
         c8:9f:d6:dc:a7:0f:67:05:60:61:1e:0b:66:4c:02:27:29:ff:
         80:20:b9:83:e1:09:c4:6b:ec:6f:6e:58:cd:6b:50:e3:79:98:
         67:87:5f:12:51:58:36:2c:5d:05:d3:e6:e1:d8:53:69:ec:51:
         48:18:8f:42:b6:de:ec:db:b9:ad:dc:25:c3:d8:5b:3d:15:0e:
         81:7a:83:a0:30:35:ae:32:25:84:20:25:cf:59:9d:91:7c:bb:
         5f:34:ca:7b:7b:ee:05:71:48:75:4f:e5:2b:ed:0f:e2:03:51:
         71:7e:62:a9:1c:f3:28:cf:c5:43:0f:82:d6:49:95:6a:07:1e:
         d6:54:71:3b:ac:53:19:3f:9b:1f:40:91:82:7f:ce:c8:12:6e:
         a8:7e:86:d4:af:42:46:28:1d:e5:2b:f7:a6:76:24:66:46:0a:
         2b:1f:31:e6:b8:07:23:14:7d:b9:f4:54:91:6c:cf:46:f2:ea:
         2e:a3:18:49:6e:01:07:b4:ff:b3:c2:4b:ef:23:c2:b1:93:35:
         40:42:4a:3d
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUZBTrOWHPv2p96BDv/3Wjsv/iK28wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAzMzEyMjM3NTZaFw0yNzAzMzAyMjQyNTZaMDMxMTAvBgNV
BAMTKDM4RDIwNENGQ0Y0NEYzQ0Q2QTBERUQ2REQwM0IyMUEwMkUwOUQ1OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjzrmf8cKZHzjo5KlyP8bDffC5
NDWyyuYld5LTX+ZsdXipVF+1ltgVR7mW1XYZeCO0wpadqtCn7iqV7l1THj9mrLt/
NdVPybv2Ug5mYKAXW2kUNt0umZhrxmCYn4toGpyQpR+vUvw9UimeWrHnUXJuDOvl
Jc/zkzhjoSCG0Ig5olQZ+Y8vqq7JYCB0hcvWhzRgOAsIVRQNt7V0INTMct3c4z2N
Rd3934i+kggnTKIpM26pCdK2cdz/uUEKnzm2f6fefS2Y5r2edL0MQETEhTWYryWt
/aJz7vne8m39OIprPW+8j53Z9ppDq3XWWgI54IZKt/5k8YdzYk6qS/gRnpZdAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUONIEz89E881qDe1t0DshoC4J1Z8wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NDU2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAATASAwQAUR/VAwQAZ+aOAwQAmUxyMA0GCSqGSIb3DQEBCwUA
A4IBAQAEkvZyqVmgsv0DzMsQVd6waHFqx51wTlFaULR5+7vz3saMyF54CfklqwmP
Tic818VvMhpg4s3In9bcpw9nBWBhHgtmTAInKf+AILmD4QnEa+xvbljNa1DjeZhn
h18SUVg2LF0F0+bh2FNp7FFIGI9Ctt7s27mt3CXD2Fs9FQ6BeoOgMDWuMiWEICXP
WZ2RfLtfNMp7e+4FcUh1T+Ur7Q/iA1FxfmKpHPMoz8VDD4LWSZVqBx7WVHE7rFMZ
P5sfQJGCf87IEm6ofobUr0JGKB3lK/emdiRmRgorHzHmuAcjFH259FSRbM9G8uou
oxhJbgEHtP+zwkvvI8KxkzVAQko9
-----END CERTIFICATE-----