Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS400810.roa
File:                     AS400810.roa (raw, json)
Hash identifier:          h5EefdQf1V/f/rc84wK+1ySKawps1QRUgENosuOyqpI=
Subject key identifier:   26:32:87:FD:A3:D5:1D:2B:89:D5:98:48:95:51:4F:56:92:FF:B3:13
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       69AEB5ED900C8C02FE7B09DC148301A39B9689A9
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS400810.roa
Signing time:             Wed 10 Jun 2026 15:01:22 +0000
ROA not before:           Wed 10 Jun 2026 14:56:22 +0000
ROA not after:            Wed 09 Jun 2027 15:01:22 +0000
asID:                     400810
IP address blocks:        85.155.224.0/24 maxlen: 24
                          103.208.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ae:b5:ed:90:0c:8c:02:fe:7b:09:dc:14:83:01:a3:9b:96:89:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jun 10 14:56:22 2026 GMT
            Not After : Jun  9 15:01:22 2027 GMT
        Subject: CN=263287FDA3D51D2B89D5984895514F5692FFB313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f9:38:3a:df:b1:f4:e7:6d:a8:a0:dc:f4:96:
                    9c:71:f0:cb:66:7a:90:df:db:48:a8:7d:42:6a:91:
                    19:50:ab:1b:a1:a9:1a:89:cb:3d:1d:58:b2:ff:cf:
                    3c:02:f8:4f:60:0d:0e:ad:17:9e:f1:b2:7d:89:87:
                    20:f6:51:b0:6f:e6:dd:01:4a:42:6c:83:da:7f:9e:
                    59:ea:06:df:11:8d:e4:b2:e8:09:9a:a5:a7:6f:f4:
                    9b:02:ac:f2:99:e0:fa:a7:0d:54:b9:2a:fc:b1:6d:
                    eb:fe:ea:75:8c:6a:b4:08:0b:75:52:45:d7:b0:ad:
                    28:8e:ea:db:a6:42:c1:4a:ea:fa:54:6c:2d:12:ec:
                    81:04:56:20:1c:58:04:11:4b:e8:f5:33:01:c0:7e:
                    c1:7e:65:18:9f:d6:61:85:b4:1d:3a:a8:fe:2e:b3:
                    b3:9e:b7:27:79:ed:8c:07:c3:c0:f9:ce:47:02:84:
                    ab:94:73:bd:fe:ec:9b:22:fa:95:54:41:da:7d:68:
                    dc:c1:34:46:e9:b2:16:e7:9c:27:82:c5:36:8d:86:
                    cd:00:6d:b8:c8:3a:0e:e9:03:a1:51:ab:d1:60:25:
                    90:f2:8f:61:ea:f9:54:c4:5b:0a:ee:8b:91:53:4f:
                    5d:70:57:65:4c:52:58:95:4f:d2:94:33:a1:ca:53:
                    f7:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:32:87:FD:A3:D5:1D:2B:89:D5:98:48:95:51:4F:56:92:FF:B3:13
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS400810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.224.0/24
                  103.208.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:3f:ba:d0:44:3c:bf:a9:01:28:b5:9c:22:11:39:ea:e3:08:
         44:db:aa:65:74:f0:9e:83:0e:68:be:b7:52:76:37:75:8b:0d:
         72:07:0c:41:db:3b:86:90:56:dc:fa:89:1d:7d:37:7d:9b:c0:
         e0:c2:55:d8:b7:3c:81:93:7f:b2:2b:4b:5e:f4:f3:7d:0e:10:
         a4:3f:91:c5:22:4c:0e:b5:20:1a:d6:e4:8f:55:a4:6d:b2:4a:
         1d:c6:03:e5:4d:46:3a:0e:2c:61:f0:72:a9:83:1f:3c:4f:9d:
         ad:0e:c1:f6:4c:9f:a6:ef:db:35:66:c2:16:92:11:e3:6a:51:
         42:14:25:1c:c4:cc:32:26:9b:50:b5:43:62:44:e1:bf:af:6f:
         ba:28:49:00:f1:80:3e:c1:ba:29:ee:d3:13:46:60:74:73:a6:
         c7:d3:36:34:7d:e9:4d:27:c9:5b:d0:0a:7c:81:a9:b8:90:2e:
         f4:6a:10:0d:4c:b5:29:d6:6a:b0:be:6a:a0:e3:14:81:82:db:
         db:6c:ee:52:36:01:f6:6f:74:fa:7d:c3:3a:39:d2:f7:e6:bd:
         70:33:aa:d2:bf:0c:5e:bf:a2:9f:c2:cb:2f:6e:c6:25:b2:81:
         1f:44:54:cc:8a:82:f8:2f:73:68:6b:83:4a:dd:80:9a:af:b1:
         21:36:75:f3
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUaa617ZAMjAL+ewncFIMBo5uWiakwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA2MTAxNDU2MjJaFw0yNzA2MDkxNTAxMjJaMDMxMTAvBgNV
BAMTKDI2MzI4N0ZEQTNENTFEMkI4OUQ1OTg0ODk1NTE0RjU2OTJGRkIzMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS+Tg637H0522ooNz0lpxx8Mtm
epDf20iofUJqkRlQqxuhqRqJyz0dWLL/zzwC+E9gDQ6tF57xsn2JhyD2UbBv5t0B
SkJsg9p/nlnqBt8RjeSy6Amapadv9JsCrPKZ4PqnDVS5Kvyxbev+6nWMarQIC3VS
RdewrSiO6tumQsFK6vpUbC0S7IEEViAcWAQRS+j1MwHAfsF+ZRif1mGFtB06qP4u
s7Oetyd57YwHw8D5zkcChKuUc73+7Jsi+pVUQdp9aNzBNEbpshbnnCeCxTaNhs0A
bbjIOg7pA6FRq9FgJZDyj2Hq+VTEWwrui5FTT11wV2VMUliVT9KUM6HKU/dlAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUJjKH/aPVHSuJ1ZhIlVFPVpL/sxMwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDAwODEwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAVZvgAwQAZ9BUMA0GCSqGSIb3DQEBCwUAA4IBAQAD
P7rQRDy/qQEotZwiETnq4whE26pldPCegw5ovrdSdjd1iw1yBwxB2zuGkFbc+okd
fTd9m8DgwlXYtzyBk3+yK0te9PN9DhCkP5HFIkwOtSAa1uSPVaRtskodxgPlTUY6
Dixh8HKpgx88T52tDsH2TJ+m79s1ZsIWkhHjalFCFCUcxMwyJptQtUNiROG/r2+6
KEkA8YA+wbop7tMTRmB0c6bH0zY0felNJ8lb0Ap8gam4kC70ahANTLUp1mqwvmqg
4xSBgtvbbO5SNgH2b3T6fcM6OdL35r1wM6rSvwxev6KfwssvbsYlsoEfRFTMioL4
L3Noa4NK3YCar7EhNnXz
-----END CERTIFICATE-----