Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa
File:                     AS214716.roa (raw, json)
Hash identifier:          r/P1ceOIlqF8A3C/6ObGYYzKU4jWZo7pjK9D3B/1U7U=
Subject key identifier:   FF:42:CD:FC:13:68:8A:F3:35:0B:CD:4E:10:7D:27:9F:CD:5D:68:68
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       752B3CCB7585E82B58756CD76E687A83DE1EC490
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa
Signing time:             Thu 31 Jul 2025 22:31:28 +0000
ROA not before:           Thu 31 Jul 2025 22:26:28 +0000
ROA not after:            Thu 30 Jul 2026 22:31:28 +0000
asID:                     214716
IP address blocks:        103.109.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Aug 2025 23:12:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:2b:3c:cb:75:85:e8:2b:58:75:6c:d7:6e:68:7a:83:de:1e:c4:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul 31 22:26:28 2025 GMT
            Not After : Jul 30 22:31:28 2026 GMT
        Subject: CN=FF42CDFC13688AF3350BCD4E107D279FCD5D6868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:92:1a:93:62:3a:b0:16:6c:27:9c:83:d6:65:
                    70:fd:e6:06:c3:55:25:44:c2:0d:59:24:89:b9:2e:
                    81:f1:7e:76:a8:87:e7:67:63:45:40:23:c4:3d:83:
                    30:28:de:d8:e2:dc:9e:ce:cc:b8:07:95:4e:da:b2:
                    26:96:d9:5c:bd:b7:9c:19:71:6c:7f:71:de:0e:af:
                    cf:98:43:ab:ca:70:10:67:a2:28:cc:6c:65:41:12:
                    e5:0c:4d:57:fa:8e:3b:52:fc:01:ac:08:44:8d:13:
                    fb:fd:2c:db:0a:d9:3c:84:cb:f9:69:a8:3d:48:03:
                    95:ae:a8:fe:7d:22:e0:68:04:67:c3:bb:24:16:8c:
                    93:ab:27:ca:99:aa:4f:f2:aa:29:3c:15:fb:66:84:
                    c9:8a:84:43:2d:12:6f:bc:9a:ae:a1:dd:34:a3:4f:
                    0d:f4:7b:c1:52:b0:63:a3:39:a9:2b:c0:03:2d:5c:
                    b8:d9:9e:97:19:8e:2f:b7:b6:99:30:80:1f:d6:e4:
                    f4:02:2b:e4:1d:e7:28:7a:d7:a1:80:96:a0:31:3c:
                    d8:b1:dd:dc:fa:a7:fd:38:eb:90:90:dc:04:c8:7f:
                    3d:7e:37:80:b5:93:09:4b:15:55:a2:8a:ac:f9:1f:
                    50:ea:49:84:f9:eb:9b:56:5a:92:67:48:49:6b:07:
                    46:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:42:CD:FC:13:68:8A:F3:35:0B:CD:4E:10:7D:27:9F:CD:5D:68:68
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.109.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:18:f1:29:24:a4:77:84:82:17:3e:0b:5c:55:a1:d7:77:16:
         86:8a:7c:5d:bc:a6:ae:63:d5:88:76:af:27:30:69:00:23:c5:
         12:04:66:7d:8e:8c:01:c5:b0:8e:01:7f:c7:72:9a:aa:7c:66:
         92:64:78:f8:eb:bd:fe:57:36:b7:6f:d8:27:69:14:76:2d:da:
         6e:43:95:7a:7f:7a:14:c0:ba:89:87:51:e2:65:f6:72:0f:e0:
         3b:ee:50:cb:94:3f:89:92:ad:2c:4e:2c:c4:85:7e:db:a1:a8:
         38:45:83:bd:7c:af:34:83:5a:0a:60:b7:d1:c4:cb:ff:8e:64:
         af:97:59:4b:9d:2d:e1:06:ef:83:1b:c5:b7:9a:90:0e:b6:c1:
         36:e3:40:7b:3b:29:75:92:cf:3c:41:98:3e:68:ac:e6:53:11:
         09:81:b5:0f:40:e5:cd:7c:12:c9:d1:c9:16:33:72:4a:4a:af:
         a0:3e:7f:cb:88:e0:f4:23:3d:d9:50:06:65:c3:dd:da:75:2d:
         b1:f0:15:25:cd:bd:77:33:0e:dc:5b:ac:03:f7:03:4a:f9:8b:
         6b:81:7a:6f:df:fa:fe:1f:f2:2b:34:ce:4c:c4:05:e8:d0:cc:
         5a:c3:3c:dd:e4:55:63:9c:e6:e1:99:8c:90:fe:41:b2:d0:94:
         bd:a5:f0:25
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUdSs8y3WF6CtYdWzXbmh6g94exJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MzEyMjI2MjhaFw0yNjA3MzAyMjMxMjhaMDMxMTAvBgNV
BAMTKEZGNDJDREZDMTM2ODhBRjMzNTBCQ0Q0RTEwN0QyNzlGQ0Q1RDY4NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqkhqTYjqwFmwnnIPWZXD95gbD
VSVEwg1ZJIm5LoHxfnaoh+dnY0VAI8Q9gzAo3tji3J7OzLgHlU7asiaW2Vy9t5wZ
cWx/cd4Or8+YQ6vKcBBnoijMbGVBEuUMTVf6jjtS/AGsCESNE/v9LNsK2TyEy/lp
qD1IA5WuqP59IuBoBGfDuyQWjJOrJ8qZqk/yqik8FftmhMmKhEMtEm+8mq6h3TSj
Tw30e8FSsGOjOakrwAMtXLjZnpcZji+3tpkwgB/W5PQCK+Qd5yh616GAlqAxPNix
3dz6p/0465CQ3ATIfz1+N4C1kwlLFVWiiqz5H1DqSYT565tWWpJnSElrB0YfAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU/0LN/BNoivM1C81OEH0nn81daGgwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NzE2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ23qMA0GCSqGSIb3DQEBCwUAA4IBAQCHGPEpJKR3
hIIXPgtcVaHXdxaGinxdvKauY9WIdq8nMGkAI8USBGZ9jowBxbCOAX/HcpqqfGaS
ZHj4673+Vza3b9gnaRR2LdpuQ5V6f3oUwLqJh1HiZfZyD+A77lDLlD+Jkq0sTizE
hX7boag4RYO9fK80g1oKYLfRxMv/jmSvl1lLnS3hBu+DG8W3mpAOtsE240B7Oyl1
ks88QZg+aKzmUxEJgbUPQOXNfBLJ0ckWM3JKSq+gPn/LiOD0Iz3ZUAZlw93adS2x
8BUlzb13Mw7cW6wD9wNK+YtrgXpv3/r+H/IrNM5MxAXo0Mxawzzd5FVjnObhmYyQ
/kGy0JS9pfAl
-----END CERTIFICATE-----