Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS53724.roa
File:                     AS53724.roa (raw, json)
Hash identifier:          S8IBeMSwJuOSUMEmTXh222BKHdy9129Ho4SqbmdYl/U=
Subject key identifier:   67:D0:3B:4C:1E:0B:DE:78:AA:D0:D1:F2:E3:E1:B6:86:80:D2:12:61
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       3DD95764A42DB8EE95D94806199AEBED799FEEE7
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS53724.roa
Signing time:             Thu 30 Oct 2025 23:17:00 +0000
ROA not before:           Thu 30 Oct 2025 23:12:00 +0000
ROA not after:            Thu 29 Oct 2026 23:17:00 +0000
asID:                     53724
IP address blocks:        103.214.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 23:53:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d9:57:64:a4:2d:b8:ee:95:d9:48:06:19:9a:eb:ed:79:9f:ee:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Oct 30 23:12:00 2025 GMT
            Not After : Oct 29 23:17:00 2026 GMT
        Subject: CN=67D03B4C1E0BDE78AAD0D1F2E3E1B68680D21261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:30:0d:40:97:f6:9d:4d:85:20:bf:3d:a4:49:
                    9f:a8:76:66:fb:05:f5:97:1f:60:8b:e5:6c:00:ce:
                    4b:01:f2:cd:f7:ab:0d:6d:77:32:26:68:09:ea:47:
                    81:89:d9:fc:cb:b6:f6:94:2a:b0:90:9e:15:ec:cb:
                    38:f7:ed:80:ae:21:a1:b2:54:4d:7a:02:ba:6c:d2:
                    c8:a2:2e:5f:db:77:6a:11:48:c6:c1:48:9d:1c:07:
                    82:a3:6d:a0:8e:d5:5e:62:be:1a:81:19:34:4a:db:
                    e1:f6:e1:43:0f:c3:94:0e:95:46:4d:85:b2:a4:e5:
                    f0:b3:44:e1:4a:f8:c3:25:92:c9:e0:de:aa:d3:46:
                    fe:60:81:1e:8c:7d:f8:05:b4:10:9d:63:d0:eb:e4:
                    ed:a9:e6:7e:32:70:a0:fb:39:64:41:9d:79:ef:eb:
                    31:b4:b9:4d:5c:43:7c:0f:9c:83:81:24:18:24:cd:
                    1d:83:8a:57:d5:f4:96:36:3d:ce:63:35:bc:cc:86:
                    b7:ed:61:c0:36:65:bb:82:b8:fa:fd:30:35:10:d7:
                    9b:dc:a2:a3:c2:56:e4:74:ae:9a:2b:63:03:f5:12:
                    d2:50:10:4c:74:e5:0a:92:37:c3:85:c8:a0:33:47:
                    de:ba:53:0a:b0:f6:98:e3:dc:51:72:08:79:81:cc:
                    1f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D0:3B:4C:1E:0B:DE:78:AA:D0:D1:F2:E3:E1:B6:86:80:D2:12:61
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS53724.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:72:e1:07:d7:5e:9c:47:48:d6:dc:41:77:c4:8f:e9:39:dd:
         db:71:8a:cf:09:11:f0:ad:22:ed:96:a5:d2:e6:a2:69:95:44:
         82:b2:07:4e:ff:ff:50:d5:a7:ed:92:ef:a1:3a:17:c7:8c:61:
         01:81:0d:33:c2:b9:6d:47:72:80:23:69:0e:b8:9d:88:87:90:
         66:f8:7e:1f:f7:53:c7:22:43:12:f3:8c:6d:50:22:1c:92:42:
         9c:fd:19:15:6a:ad:33:29:a3:d7:69:03:51:24:92:c5:73:14:
         67:70:70:fe:d4:17:0b:8a:e7:2b:4b:a1:2f:84:bf:68:1f:07:
         c4:20:fa:1e:03:41:bd:67:b0:7c:23:ae:dc:f3:65:30:92:b7:
         97:a3:31:73:50:b3:9b:73:8e:9c:a3:2d:30:6f:66:2a:72:40:
         2e:a7:a4:c7:56:fe:16:09:f1:12:b1:09:d1:16:9d:44:cd:ef:
         19:4a:a1:19:ac:ae:69:d3:e2:08:8e:48:81:d4:0a:37:a3:8e:
         4e:09:a5:6a:2b:c8:c3:29:36:84:e5:ce:4a:d5:20:3c:e8:05:
         18:98:de:f6:b4:81:f3:b2:6e:77:c0:31:c8:0a:08:ea:ea:a3:
         ef:89:28:5b:d2:0d:b8:39:d7:8b:84:e0:2f:f4:21:8b:7f:db:
         92:0d:4b:44
-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIUPdlXZKQtuO6V2UgGGZrr7Xmf7ucwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTEwMzAyMzEyMDBaFw0yNjEwMjkyMzE3MDBaMDMxMTAvBgNV
BAMTKDY3RDAzQjRDMUUwQkRFNzhBQUQwRDFGMkUzRTFCNjg2ODBEMjEyNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2MA1Al/adTYUgvz2kSZ+odmb7
BfWXH2CL5WwAzksB8s33qw1tdzImaAnqR4GJ2fzLtvaUKrCQnhXsyzj37YCuIaGy
VE16Arps0siiLl/bd2oRSMbBSJ0cB4KjbaCO1V5ivhqBGTRK2+H24UMPw5QOlUZN
hbKk5fCzROFK+MMlksng3qrTRv5ggR6MffgFtBCdY9Dr5O2p5n4ycKD7OWRBnXnv
6zG0uU1cQ3wPnIOBJBgkzR2DilfV9JY2Pc5jNbzMhrftYcA2ZbuCuPr9MDUQ15vc
oqPCVuR0rporYwP1EtJQEEx05QqSN8OFyKAzR966Uwqw9pjj3FFyCHmBzB83AgMB
AAGjggHuMIIB6jAdBgNVHQ4EFgQUZ9A7TB4L3niq0NHy4+G2hoDSEmEwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBvBggrBgEF
BQcBCwRjMGEwXwYIKwYBBQUHMAuGU3JzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NTM3MjQucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcB
Af8EEDAOMAwEAgABMAYDBABn1kQwDQYJKoZIhvcNAQELBQADggEBAKly4QfXXpxH
SNbcQXfEj+k53dtxis8JEfCtIu2WpdLmommVRIKyB07//1DVp+2S76E6F8eMYQGB
DTPCuW1HcoAjaQ64nYiHkGb4fh/3U8ciQxLzjG1QIhySQpz9GRVqrTMpo9dpA1Ek
ksVzFGdwcP7UFwuK5ytLoS+Ev2gfB8Qg+h4DQb1nsHwjrtzzZTCSt5ejMXNQs5tz
jpyjLTBvZipyQC6npMdW/hYJ8RKxCdEWnUTN7xlKoRmsrmnT4giOSIHUCjejjk4J
pWoryMMpNoTlzkrVIDzoBRiY3va0gfOybnfAMcgKCOrqo++JKFvSDbg514uE4C/0
IYt/25INS0Q=
-----END CERTIFICATE-----