Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214710.roa
File:                     AS214710.roa (raw, json)
Hash identifier:          tNJ4k0/EkDJ1oBKBN9wfIXcEc+8WnVnPw6sTwMS5bak=
Subject key identifier:   6B:71:66:0C:E5:65:2A:CA:4A:E4:AD:F6:6D:31:80:81:6F:5D:15:02
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7F48F687B2CF10CD61C8762F9AA102E0AF3163A7
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214710.roa
Signing time:             Thu 04 Jun 2026 15:58:49 +0000
ROA not before:           Thu 04 Jun 2026 15:53:49 +0000
ROA not after:            Thu 03 Jun 2027 15:58:49 +0000
asID:                     214710
IP address blocks:        94.26.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:48:f6:87:b2:cf:10:cd:61:c8:76:2f:9a:a1:02:e0:af:31:63:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:49 2026 GMT
            Not After : Jun  3 15:58:49 2027 GMT
        Subject: CN=6B71660CE5652ACA4AE4ADF66D3180816F5D1502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:23:fa:54:1f:8f:00:86:af:44:18:b0:01:e0:
                    59:ad:4c:41:94:c3:76:98:b2:38:6d:69:b3:81:d8:
                    a8:a8:c5:53:45:e1:ad:43:51:67:d9:3d:3c:0a:50:
                    c3:77:39:6e:5b:3d:f7:00:21:de:15:9e:19:01:f1:
                    2d:50:e5:e7:81:c1:e0:77:e7:43:36:1e:0e:0c:d7:
                    ad:94:09:84:47:07:0e:17:71:b2:08:4c:f8:6c:cd:
                    1f:81:ee:6c:45:fd:ae:f4:7e:6c:f6:9f:a0:74:97:
                    97:78:a1:20:51:ea:ce:37:f9:16:6a:77:a8:0a:86:
                    c5:cd:b3:ac:19:d1:ac:c0:90:0a:cd:c3:72:b6:b3:
                    08:70:7f:c5:e6:bf:8e:a6:87:cf:ba:18:12:e2:93:
                    b8:64:43:b2:54:3e:52:4e:68:9e:c9:a0:6a:4f:d3:
                    ea:69:1b:ae:6f:1a:51:19:bd:a8:f7:f8:31:27:86:
                    a3:b1:a1:45:0a:12:9d:9f:03:27:a2:5a:85:92:7d:
                    c8:98:06:23:81:ff:5e:e0:0d:a9:d4:41:22:67:e0:
                    31:61:d9:02:42:f6:1c:e0:79:b3:92:5d:5c:95:e3:
                    98:ba:1b:a2:6f:3f:03:8d:39:69:96:9d:88:9f:08:
                    9b:63:11:f6:00:24:e5:87:43:38:7d:6d:2f:4a:7b:
                    64:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:71:66:0C:E5:65:2A:CA:4A:E4:AD:F6:6D:31:80:81:6F:5D:15:02
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214710.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:55:20:82:69:a6:17:42:1c:3e:2a:9c:64:94:0a:41:f9:1d:
         a3:3c:79:21:63:c8:68:bc:db:e0:de:57:80:a9:f1:a7:8b:42:
         27:0a:c3:05:9a:7f:84:50:8a:47:d6:ad:2c:d4:7b:9c:0f:08:
         77:5b:f7:14:99:fc:85:57:f3:aa:ea:aa:63:e2:1f:93:f4:15:
         0e:bb:1f:21:4b:6e:61:02:a5:d4:bd:93:af:5d:a5:7d:65:fc:
         6c:74:93:7b:7c:e0:62:33:03:6a:54:82:65:3e:27:9f:3c:c7:
         19:38:d2:2d:54:d9:2d:ab:6f:a0:03:2a:3e:f3:9d:d3:62:b8:
         a1:09:51:6e:0d:76:e5:69:72:d5:00:af:b5:e0:0e:2b:19:e1:
         75:c6:e8:50:bc:fa:f7:c6:8c:b9:e6:13:ba:52:7f:c1:57:51:
         d3:07:ad:a7:c3:25:38:69:3a:16:e9:e7:a8:2d:4c:7d:13:58:
         57:49:c1:f9:ce:03:85:03:0f:26:48:18:2f:d5:93:e4:7f:f3:
         a3:9c:3a:8a:73:9e:d6:9e:d9:5c:e6:83:37:9e:87:80:14:d1:
         75:a8:b5:88:0e:f3:91:ad:81:44:7d:30:86:bb:1c:55:6e:dd:
         92:9d:35:10:40:15:a9:16:39:2a:20:ca:30:9e:a7:3c:03:00:
         6e:a9:c1:20
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUf0j2h7LPEM1hyHYvmqEC4K8xY6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNDlaFw0yNzA2MDMxNTU4NDlaMDMxMTAvBgNV
BAMTKDZCNzE2NjBDRTU2NTJBQ0E0QUU0QURGNjZEMzE4MDgxNkY1RDE1MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyI/pUH48Ahq9EGLAB4FmtTEGU
w3aYsjhtabOB2KioxVNF4a1DUWfZPTwKUMN3OW5bPfcAId4VnhkB8S1Q5eeBweB3
50M2Hg4M162UCYRHBw4XcbIITPhszR+B7mxF/a70fmz2n6B0l5d4oSBR6s43+RZq
d6gKhsXNs6wZ0azAkArNw3K2swhwf8Xmv46mh8+6GBLik7hkQ7JUPlJOaJ7JoGpP
0+ppG65vGlEZvaj3+DEnhqOxoUUKEp2fAyeiWoWSfciYBiOB/17gDanUQSJn4DFh
2QJC9hzgebOSXVyV45i6G6JvPwONOWmWnYifCJtjEfYAJOWHQzh9bS9Ke2QpAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUa3FmDOVlKspK5K32bTGAgW9dFQIwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NzEwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAXhoZMA0GCSqGSIb3DQEBCwUAA4IBAQBYVSCCaaYX
Qhw+KpxklApB+R2jPHkhY8hovNvg3leAqfGni0InCsMFmn+EUIpH1q0s1HucDwh3
W/cUmfyFV/Oq6qpj4h+T9BUOux8hS25hAqXUvZOvXaV9ZfxsdJN7fOBiMwNqVIJl
PiefPMcZONItVNktq2+gAyo+853TYrihCVFuDXblaXLVAK+14A4rGeF1xuhQvPr3
xoy55hO6Un/BV1HTB62nwyU4aToW6eeoLUx9E1hXScH5zgOFAw8mSBgv1ZPkf/Oj
nDqKc57Wntlc5oM3noeAFNF1qLWIDvORrYFEfTCGuxxVbt2SnTUQQBWpFjkqIMow
nqc8AwBuqcEg
-----END CERTIFICATE-----