Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215225.roa
File:                     AS215225.roa (raw, json)
Hash identifier:          iT8LxP65TT23IjWHAt94XaEGRh9hMQHpU4sNLiWbKd0=
Subject key identifier:   0D:F8:09:9A:86:F1:64:94:72:23:C1:CD:8C:BF:9B:97:F6:93:8A:36
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       36084C51BF62AD94D4C7215063080E8BC1EB54FD
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215225.roa
Signing time:             Wed 01 Apr 2026 04:30:53 +0000
ROA not before:           Wed 01 Apr 2026 04:25:53 +0000
ROA not after:            Wed 31 Mar 2027 04:30:53 +0000
asID:                     215225
IP address blocks:        5.253.85.0/24 maxlen: 24
                          153.76.115.0/24 maxlen: 24
                          168.222.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:08:4c:51:bf:62:ad:94:d4:c7:21:50:63:08:0e:8b:c1:eb:54:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Apr  1 04:25:53 2026 GMT
            Not After : Mar 31 04:30:53 2027 GMT
        Subject: CN=0DF8099A86F164947223C1CD8CBF9B97F6938A36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:24:89:c0:01:f5:ac:24:05:18:61:04:a4:cf:
                    12:d1:e6:f3:7e:60:dd:d6:1f:85:ae:28:28:00:8b:
                    1e:84:87:56:aa:9b:77:57:7d:bd:dc:f3:21:09:47:
                    09:93:8f:31:97:41:f5:df:ca:d7:2c:3c:d2:c1:6b:
                    86:7c:26:33:85:ff:5f:52:01:df:4b:f3:3b:ec:a0:
                    44:53:96:a5:cb:a2:99:46:67:45:ab:ce:81:bd:72:
                    c7:7e:a0:d1:2d:46:f5:d6:fd:30:db:fe:7b:3a:7c:
                    9d:2f:b4:4d:09:ef:b2:73:59:74:51:ea:0b:66:36:
                    3a:bc:50:10:11:c0:e4:60:97:6a:d9:de:d9:a2:1d:
                    d0:1e:b2:b8:16:4d:f6:35:ee:c4:80:a7:7f:49:e0:
                    39:24:e2:02:af:e4:2e:da:b0:64:f4:81:7d:ec:c2:
                    97:9a:c4:69:c1:34:58:d8:cc:f5:75:e0:a9:a3:43:
                    9f:03:da:af:b8:38:3d:62:15:50:4d:cb:3e:9e:da:
                    51:b7:5e:f5:d4:51:b8:f2:27:75:c9:25:3e:3f:84:
                    c9:0a:43:b6:7f:02:99:e7:6b:86:27:12:61:c9:f9:
                    cc:4e:90:6a:41:46:ea:4a:ee:a4:e7:60:7b:88:63:
                    65:71:f4:0a:1a:ae:73:a2:d3:cc:ac:32:1b:7a:03:
                    52:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F8:09:9A:86:F1:64:94:72:23:C1:CD:8C:BF:9B:97:F6:93:8A:36
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215225.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.85.0/24
                  153.76.115.0/24
                  168.222.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:3a:c7:68:c0:9a:36:00:75:b2:00:da:c0:38:3b:11:80:3b:
         07:ea:bf:18:4b:eb:23:a0:8c:30:94:ca:11:03:0d:08:f3:70:
         e4:d4:33:71:35:61:73:d2:46:95:f7:d1:17:59:f2:f2:3f:65:
         b2:24:38:28:13:68:13:19:d2:be:0e:2c:a9:f5:b3:3d:d3:17:
         fd:ed:98:b8:41:1e:f9:31:bf:dc:9b:12:e7:e1:93:66:28:e8:
         a0:37:2a:9d:78:e7:4a:ad:9c:d9:14:cb:82:21:3a:94:b3:8f:
         18:99:4d:a4:79:cc:d5:03:b4:f9:44:4a:21:1b:52:ce:84:48:
         65:aa:9e:b8:dc:52:5f:8f:ae:3d:28:d1:1a:5c:bb:54:89:92:
         8e:9a:73:a1:c8:2a:90:0c:be:70:57:93:ca:f2:89:dc:1e:e3:
         9a:cc:ab:9f:24:7b:56:7a:89:42:f6:d4:78:f5:fa:89:31:71:
         2f:c5:0c:df:31:10:53:3d:12:b2:94:e3:7c:27:ce:6d:7d:e4:
         8a:b0:43:f9:b6:74:2d:a7:3e:f1:63:67:d2:4e:f1:e4:af:ec:
         76:16:75:16:0a:86:1e:bd:52:a0:88:e3:4b:e9:22:6d:79:5d:
         f5:43:c0:d6:ec:5a:d7:54:ad:e9:42:96:2f:d4:c2:3a:18:04:
         1b:9d:7e:05
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUNghMUb9irZTUxyFQYwgOi8HrVP0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA0MDEwNDI1NTNaFw0yNzAzMzEwNDMwNTNaMDMxMTAvBgNV
BAMTKDBERjgwOTlBODZGMTY0OTQ3MjIzQzFDRDhDQkY5Qjk3RjY5MzhBMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeJInAAfWsJAUYYQSkzxLR5vN+
YN3WH4WuKCgAix6Eh1aqm3dXfb3c8yEJRwmTjzGXQfXfytcsPNLBa4Z8JjOF/19S
Ad9L8zvsoERTlqXLoplGZ0WrzoG9csd+oNEtRvXW/TDb/ns6fJ0vtE0J77JzWXRR
6gtmNjq8UBARwORgl2rZ3tmiHdAesrgWTfY17sSAp39J4Dkk4gKv5C7asGT0gX3s
wpeaxGnBNFjYzPV14KmjQ58D2q+4OD1iFVBNyz6e2lG3XvXUUbjyJ3XJJT4/hMkK
Q7Z/Apnna4YnEmHJ+cxOkGpBRupK7qTnYHuIY2Vx9AoarnOi08ysMht6A1JvAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUDfgJmobxZJRyI8HNjL+bl/aTijYwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MjI1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAATASAwQABf1VAwQAmUxzAwQAqN7yMA0GCSqGSIb3DQEBCwUA
A4IBAQBbOsdowJo2AHWyANrAODsRgDsH6r8YS+sjoIwwlMoRAw0I83Dk1DNxNWFz
0kaV99EXWfLyP2WyJDgoE2gTGdK+Diyp9bM90xf97Zi4QR75Mb/cmxLn4ZNmKOig
NyqdeOdKrZzZFMuCITqUs48YmU2keczVA7T5REohG1LOhEhlqp643FJfj649KNEa
XLtUiZKOmnOhyCqQDL5wV5PK8oncHuOazKufJHtWeolC9tR49fqJMXEvxQzfMRBT
PRKylON8J85tfeSKsEP5tnQtpz7xY2fSTvHkr+x2FnUWCoYevVKgiONL6SJteV31
Q8DW7FrXVK3pQpYv1MI6GAQbnX4F
-----END CERTIFICATE-----