Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS273284.roa
File:                     AS273284.roa (raw, json)
Hash identifier:          K6dsrkUn8W76knUJZlOArFG+Biopxnn9cD5T2E2Rs5s=
Subject key identifier:   CE:AD:01:9C:68:93:C4:DB:0F:81:75:01:60:CD:B9:B0:CF:04:79:8E
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       434E0B134F4EC019CCB8C7C620DE5B9A144B1178
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS273284.roa
Signing time:             Thu 04 Jun 2026 15:58:50 +0000
ROA not before:           Thu 04 Jun 2026 15:53:50 +0000
ROA not after:            Thu 03 Jun 2027 15:58:50 +0000
asID:                     273284
IP address blocks:        103.68.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:4e:0b:13:4f:4e:c0:19:cc:b8:c7:c6:20:de:5b:9a:14:4b:11:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun  4 15:53:50 2026 GMT
            Not After : Jun  3 15:58:50 2027 GMT
        Subject: CN=CEAD019C6893C4DB0F81750160CDB9B0CF04798E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f0:5d:dd:2d:11:9c:2a:b2:83:47:63:05:b5:
                    3d:3b:90:d6:1d:69:54:67:90:0c:2d:df:f9:10:ba:
                    92:ef:a1:5b:e8:d3:cd:cf:a0:b2:2b:4d:4e:c9:5a:
                    a1:45:e7:48:99:25:3f:9b:21:91:85:da:e5:f3:3a:
                    fe:9f:d2:02:4f:42:cc:d7:f7:a4:55:ef:41:c9:32:
                    02:ff:d6:4a:8a:da:6e:80:ff:4b:e1:fe:0a:de:bd:
                    4d:e9:28:d1:58:be:1f:36:a1:7d:5e:52:4b:1d:a1:
                    c8:24:ad:2c:d5:14:5b:d9:e1:f9:4c:29:c2:23:79:
                    82:00:a9:ac:ff:0a:f9:c0:14:95:e5:38:57:c1:c7:
                    e1:23:a4:e0:b9:ba:6b:e6:a3:dd:11:14:51:30:07:
                    4b:cd:fc:4a:72:38:81:33:04:33:75:6a:78:a4:c5:
                    a1:a3:3f:46:db:62:82:4c:a3:c2:4e:2e:30:39:20:
                    45:45:5a:1f:d7:0d:1a:06:05:93:b8:27:ce:32:69:
                    54:51:bd:fe:a5:48:04:61:5a:d9:38:e4:e1:83:3c:
                    3f:61:c6:07:42:bc:92:42:b4:06:ac:8c:96:e8:eb:
                    b3:82:bc:1f:a5:99:4f:96:c4:44:33:7d:51:77:3f:
                    fd:fb:02:66:2e:f8:42:06:d5:56:cb:f8:b1:26:1e:
                    81:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:AD:01:9C:68:93:C4:DB:0F:81:75:01:60:CD:B9:B0:CF:04:79:8E
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS273284.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.68.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:ae:fd:29:66:64:73:44:90:c7:4b:ef:06:5a:8a:61:da:7b:
         42:30:cd:88:9e:a8:dd:4d:48:9c:bb:89:86:bf:96:3a:2d:eb:
         ec:14:b4:0f:95:6a:59:4e:c6:12:9a:82:a5:a9:3f:fb:59:0c:
         5e:cb:bf:79:67:30:06:a9:ad:8f:db:a0:ab:34:7d:51:e7:a8:
         d3:39:fa:f7:c6:5a:52:3a:30:82:f3:f4:ed:c8:34:d4:09:d4:
         b5:ef:0a:92:57:3a:f9:8b:86:70:7a:9b:0a:af:e1:67:44:23:
         59:09:8a:02:79:74:6f:aa:4b:9e:1d:cd:4b:11:ca:54:08:47:
         d3:61:4d:3b:c9:29:bf:cd:ce:17:5d:b0:96:95:35:b6:9b:70:
         c5:53:98:34:76:41:bd:84:6d:d2:d6:55:88:77:87:57:b4:5a:
         81:5c:96:70:74:fd:eb:a9:da:06:bd:fc:69:4d:c1:67:a6:6b:
         7a:0a:3d:f5:56:fa:70:24:12:a2:96:e7:bb:11:5c:02:57:0c:
         ab:87:d7:18:bb:a8:60:d4:f8:c1:79:2e:e6:83:17:90:ca:1e:
         b0:0c:f5:fd:6d:96:a5:cd:80:76:9c:5c:17:fd:4a:5e:1e:a1:
         3e:2b:3d:97:a3:d1:64:26:83:0f:d6:d2:8c:46:0c:07:09:34:
         7c:cb:c6:be
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUQ04LE09OwBnMuMfGIN5bmhRLEXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MDQxNTUzNTBaFw0yNzA2MDMxNTU4NTBaMDMxMTAvBgNV
BAMTKENFQUQwMTlDNjg5M0M0REIwRjgxNzUwMTYwQ0RCOUIwQ0YwNDc5OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz8F3dLRGcKrKDR2MFtT07kNYd
aVRnkAwt3/kQupLvoVvo083PoLIrTU7JWqFF50iZJT+bIZGF2uXzOv6f0gJPQszX
96RV70HJMgL/1kqK2m6A/0vh/grevU3pKNFYvh82oX1eUksdocgkrSzVFFvZ4flM
KcIjeYIAqaz/CvnAFJXlOFfBx+EjpOC5umvmo90RFFEwB0vN/EpyOIEzBDN1anik
xaGjP0bbYoJMo8JOLjA5IEVFWh/XDRoGBZO4J84yaVRRvf6lSARhWtk45OGDPD9h
xgdCvJJCtAasjJbo67OCvB+lmU+WxEQzfVF3P/37AmYu+EIG1VbL+LEmHoHFAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUzq0BnGiTxNsPgXUBYM25sM8EeY4wHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjczMjg0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ0RsMA0GCSqGSIb3DQEBCwUAA4IBAQDDrv0pZmRz
RJDHS+8GWoph2ntCMM2InqjdTUicu4mGv5Y6LevsFLQPlWpZTsYSmoKlqT/7WQxe
y795ZzAGqa2P26CrNH1R56jTOfr3xlpSOjCC8/TtyDTUCdS17wqSVzr5i4ZwepsK
r+FnRCNZCYoCeXRvqkueHc1LEcpUCEfTYU07ySm/zc4XXbCWlTW2m3DFU5g0dkG9
hG3S1lWId4dXtFqBXJZwdP3rqdoGvfxpTcFnpmt6Cj31VvpwJBKilue7EVwCVwyr
h9cYu6hg1PjBeS7mgxeQyh6wDPX9bZalzYB2nFwX/UpeHqE+Kz2Xo9FkJoMP1tKM
RgwHCTR8y8a+
-----END CERTIFICATE-----