Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa
File:                     AS214716.roa (raw, json)
Hash identifier:          g9VUmHJu+CkCtZay5MF5c4ZEgER9+ZeN9zyBZ9Hrh/s=
Subject key identifier:   85:1D:BE:87:FC:ED:51:03:E1:8A:20:F7:B1:BA:0D:E4:42:4F:AD:1E
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7DE57FB86F31703E0177D716B1D3EDB9B27A251E
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa
Signing time:             Mon 23 Feb 2026 19:26:59 +0000
ROA not before:           Mon 23 Feb 2026 19:21:59 +0000
ROA not after:            Mon 22 Feb 2027 19:26:59 +0000
asID:                     214716
IP address blocks:        85.155.98.0/24 maxlen: 24
                          85.155.226.0/24 maxlen: 24
                          103.109.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:e5:7f:b8:6f:31:70:3e:01:77:d7:16:b1:d3:ed:b9:b2:7a:25:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Feb 23 19:21:59 2026 GMT
            Not After : Feb 22 19:26:59 2027 GMT
        Subject: CN=851DBE87FCED5103E18A20F7B1BA0DE4424FAD1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3d:e9:13:85:8a:d3:43:5c:14:57:b4:81:3d:
                    0f:ce:63:4f:32:5c:f1:ec:b2:40:56:c6:94:a1:d6:
                    de:7e:c6:5c:e8:e5:bb:37:a5:23:87:b4:74:2c:8f:
                    e5:d4:51:c4:92:e6:9b:12:5c:12:d8:34:09:25:6c:
                    92:e4:2d:6a:c7:ff:de:a8:ac:cb:32:87:44:a7:e8:
                    94:d8:b8:00:82:a2:29:7e:5b:90:6c:8e:3b:d3:fe:
                    77:ca:f4:76:2c:c4:16:fc:44:fd:a5:71:f2:e5:c5:
                    d8:f2:83:91:6f:1a:6b:a0:ae:a7:43:20:48:aa:8d:
                    be:6e:9e:68:1f:88:cb:69:97:2d:6c:05:23:eb:67:
                    f3:34:64:d0:be:60:56:5f:fe:e9:93:b8:a1:05:43:
                    1b:26:ba:9e:b2:64:23:0b:aa:3a:45:61:d8:7f:6d:
                    b8:35:86:ec:7a:78:4c:de:ed:3a:34:8b:ec:62:68:
                    11:c8:76:28:b9:51:41:f4:1e:da:bd:4c:6b:a0:34:
                    62:e6:58:4c:65:ab:8b:49:0e:cd:e2:22:09:4b:22:
                    6a:75:4c:a6:28:a9:ad:ff:d4:a4:a7:38:6e:d3:22:
                    51:2f:0a:28:8f:2f:da:70:de:f5:f4:47:a9:ae:51:
                    96:a8:bf:1e:2b:a3:5a:30:91:30:04:9c:34:27:e1:
                    c4:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:1D:BE:87:FC:ED:51:03:E1:8A:20:F7:B1:BA:0D:E4:42:4F:AD:1E
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.98.0/24
                  85.155.226.0/24
                  103.109.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:01:db:a4:fa:4b:29:9e:c7:b8:32:f2:72:ca:88:31:2c:9d:
         ef:3f:1e:5f:2f:8d:72:a9:f1:1f:33:6c:fb:41:90:f2:56:36:
         92:95:9e:c0:7c:1c:29:8b:a1:8f:77:63:5f:0d:0d:e9:03:e4:
         01:b3:e8:fb:5b:bc:3c:c2:1a:bc:b3:a1:cd:1d:77:e8:6b:5e:
         70:d8:d3:f9:01:82:5f:32:58:08:8b:e8:8d:6a:8a:6b:6d:a2:
         05:7f:99:4b:53:94:c3:59:0d:95:0c:1a:8c:fd:24:5e:7d:84:
         37:22:e6:c1:ea:36:ac:fc:fa:14:2a:9e:bd:1c:77:ea:f8:8a:
         ef:c1:55:41:4a:3c:f0:40:f1:8b:5f:45:bb:4b:a3:56:bf:22:
         05:d4:2b:12:76:0e:ef:8b:5a:bc:60:d9:aa:f7:72:2f:c8:f1:
         95:d1:3c:56:c7:68:1f:9c:c6:23:a8:4f:74:08:04:b3:38:56:
         86:f6:f6:f3:32:f8:c6:c1:1c:63:44:39:d5:68:af:fb:3f:10:
         19:95:c9:88:be:d9:1c:7a:11:64:1b:a4:6b:78:f3:8d:a1:3c:
         a7:19:7b:a7:92:07:e7:7d:e4:98:c5:40:9a:c5:b0:05:fc:fe:
         97:bb:0a:c5:0c:68:00:5a:42:1f:b8:40:63:a9:ff:02:4b:fe:
         b4:11:ff:b5
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUfeV/uG8xcD4Bd9cWsdPtubJ6JR4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAyMjMxOTIxNTlaFw0yNzAyMjIxOTI2NTlaMDMxMTAvBgNV
BAMTKDg1MURCRTg3RkNFRDUxMDNFMThBMjBGN0IxQkEwREU0NDI0RkFEMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4PekThYrTQ1wUV7SBPQ/OY08y
XPHsskBWxpSh1t5+xlzo5bs3pSOHtHQsj+XUUcSS5psSXBLYNAklbJLkLWrH/96o
rMsyh0Sn6JTYuACCoil+W5BsjjvT/nfK9HYsxBb8RP2lcfLlxdjyg5FvGmugrqdD
IEiqjb5unmgfiMtply1sBSPrZ/M0ZNC+YFZf/umTuKEFQxsmup6yZCMLqjpFYdh/
bbg1hux6eEze7To0i+xiaBHIdii5UUH0Htq9TGugNGLmWExlq4tJDs3iIglLImp1
TKYoqa3/1KSnOG7TIlEvCiiPL9pw3vX0R6muUZaovx4ro1owkTAEnDQn4cSFAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUhR2+h/ztUQPhiiD3sboN5EJPrR4wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NzE2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAATASAwQAVZtiAwQAVZviAwQAZ23qMA0GCSqGSIb3DQEBCwUA
A4IBAQAbAduk+kspnse4MvJyyogxLJ3vPx5fL41yqfEfM2z7QZDyVjaSlZ7AfBwp
i6GPd2NfDQ3pA+QBs+j7W7w8whq8s6HNHXfoa15w2NP5AYJfMlgIi+iNaoprbaIF
f5lLU5TDWQ2VDBqM/SRefYQ3IubB6jas/PoUKp69HHfq+IrvwVVBSjzwQPGLX0W7
S6NWvyIF1CsSdg7vi1q8YNmq93IvyPGV0TxWx2gfnMYjqE90CASzOFaG9vbzMvjG
wRxjRDnVaK/7PxAZlcmIvtkcehFkG6RrePONoTynGXunkgfnfeSYxUCaxbAF/P6X
uwrFDGgAWkIfuEBjqf8CS/60Ef+1
-----END CERTIFICATE-----