Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215312.roa
File:                     AS215312.roa (raw, json)
Hash identifier:          O3UnI2WM7Dx51UwdkwAVIjiKaDZVktx65vvRrUejDxs=
Subject key identifier:   91:4E:EC:B3:FA:6D:0A:12:3A:6F:F2:3F:84:74:AA:35:F5:8F:75:5B
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       0C68414F8D083A0E7A2665073401E478AEE13E5A
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215312.roa
Signing time:             Thu 04 Jun 2026 15:58:51 +0000
ROA not before:           Thu 04 Jun 2026 15:53:51 +0000
ROA not after:            Thu 03 Jun 2027 15:58:51 +0000
asID:                     215312
IP address blocks:        202.50.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:68:41:4f:8d:08:3a:0e:7a:26:65:07:34:01:e4:78:ae:e1:3e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:51 2026 GMT
            Not After : Jun  3 15:58:51 2027 GMT
        Subject: CN=914EECB3FA6D0A123A6FF23F8474AA35F58F755B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:cd:7c:a3:7b:9c:fe:2e:b6:a0:db:b6:2a:da:
                    c4:dc:a6:ce:cc:7e:fe:b5:68:84:3d:45:e0:da:34:
                    73:12:a2:73:c6:9a:21:df:90:74:4f:53:2d:b8:82:
                    03:64:9a:95:d9:d4:bd:c6:83:a9:e9:a5:3e:43:3c:
                    0e:c7:09:d1:2f:6c:da:7c:59:3f:12:ab:3e:cb:78:
                    0a:09:fa:f8:bf:b8:97:37:de:82:5c:2c:4c:d1:68:
                    08:03:50:1f:5d:ce:61:c2:dd:f7:fb:43:e5:ed:53:
                    de:46:40:0a:db:47:92:c8:21:58:21:73:46:a7:25:
                    54:1a:bd:bf:4f:f4:d8:8d:b4:9d:0e:4e:61:65:74:
                    8a:33:1e:7d:77:4b:b0:bc:42:ee:79:25:a7:8b:6a:
                    aa:33:a0:81:0f:20:9a:d2:9e:3e:92:c8:f9:e7:79:
                    2d:cf:a8:dc:5a:f1:05:04:3f:8b:c2:62:9e:90:67:
                    d7:36:64:c7:ac:07:e3:e8:e2:33:ba:e9:06:13:2c:
                    cb:15:15:6b:3e:a8:6b:64:2e:0b:ba:49:d7:31:fc:
                    90:a9:db:16:bb:03:d7:04:89:e7:d3:97:d1:72:54:
                    0e:1c:4e:96:a8:3b:aa:2d:ec:72:83:ae:43:bb:84:
                    ba:57:37:09:e6:5a:5b:c6:4f:ad:d7:95:70:87:5b:
                    33:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4E:EC:B3:FA:6D:0A:12:3A:6F:F2:3F:84:74:AA:35:F5:8F:75:5B
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS215312.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.50.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:fd:af:67:49:28:17:0c:7f:43:50:7c:0a:28:fa:01:c9:da:
         fe:b0:85:8b:71:58:5d:91:35:3d:ae:89:9f:35:85:0b:46:d5:
         2d:92:e2:9b:6c:21:d0:df:e8:b7:ce:fa:0a:db:57:38:b6:81:
         a6:f5:0a:c3:5c:05:9b:87:a8:c4:05:d2:73:c2:79:93:bf:79:
         74:43:e8:26:cf:75:db:06:94:bf:cf:50:79:c1:44:92:61:6c:
         b3:66:de:85:49:52:ce:d1:16:f5:cc:e7:e0:97:14:70:db:fe:
         59:66:8e:7c:99:72:84:85:d6:ad:f1:18:05:a0:95:4d:f2:55:
         07:9d:e0:47:5e:24:c3:f4:27:e5:1f:a8:d1:62:22:87:0d:f8:
         07:30:22:8c:14:34:7e:48:8a:50:da:cc:b8:0e:5b:2c:ae:28:
         55:da:d9:07:a1:48:93:01:a8:49:d7:12:bd:52:d8:c1:26:47:
         a8:a1:5f:41:63:e6:e8:04:46:1e:e4:ff:50:b0:72:c2:3a:a9:
         a3:c7:1b:ff:0d:36:6c:0f:39:d7:cc:38:ec:7f:39:6f:5c:c3:
         e9:b8:f3:09:f6:a7:4a:ad:a1:65:68:88:2c:6e:d3:c2:bf:06:
         33:fb:9a:a8:52:c6:67:ca:7c:93:38:31:89:27:ac:e8:8f:ee:
         85:9a:0f:9c
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUDGhBT40IOg56JmUHNAHkeK7hPlowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTFaFw0yNzA2MDMxNTU4NTFaMDMxMTAvBgNV
BAMTKDkxNEVFQ0IzRkE2RDBBMTIzQTZGRjIzRjg0NzRBQTM1RjU4Rjc1NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnzXyje5z+Lrag27Yq2sTcps7M
fv61aIQ9ReDaNHMSonPGmiHfkHRPUy24ggNkmpXZ1L3Gg6nppT5DPA7HCdEvbNp8
WT8Sqz7LeAoJ+vi/uJc33oJcLEzRaAgDUB9dzmHC3ff7Q+XtU95GQArbR5LIIVgh
c0anJVQavb9P9NiNtJ0OTmFldIozHn13S7C8Qu55JaeLaqozoIEPIJrSnj6SyPnn
eS3PqNxa8QUEP4vCYp6QZ9c2ZMesB+Po4jO66QYTLMsVFWs+qGtkLgu6Sdcx/JCp
2xa7A9cEiefTl9FyVA4cTpaoO6ot7HKDrkO7hLpXNwnmWlvGT63XlXCHWzNpAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUkU7ss/ptChI6b/I/hHSqNfWPdVswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE1MzEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAyjI2MA0GCSqGSIb3DQEBCwUAA4IBAQAL/a9nSSgX
DH9DUHwKKPoBydr+sIWLcVhdkTU9romfNYULRtUtkuKbbCHQ3+i3zvoK21c4toGm
9QrDXAWbh6jEBdJzwnmTv3l0Q+gmz3XbBpS/z1B5wUSSYWyzZt6FSVLO0Rb1zOfg
lxRw2/5ZZo58mXKEhdat8RgFoJVN8lUHneBHXiTD9CflH6jRYiKHDfgHMCKMFDR+
SIpQ2sy4DlssrihV2tkHoUiTAahJ1xK9UtjBJkeooV9BY+boBEYe5P9QsHLCOqmj
xxv/DTZsDznXzDjsfzlvXMPpuPMJ9qdKraFlaIgsbtPCvwYz+5qoUsZnynyTODGJ
J6zoj+6Fmg+c
-----END CERTIFICATE-----