Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS812.roa
File:                     AS812.roa (raw, json)
Hash identifier:          dFR3R5XcIiIOznMsBBx7UMqrklK3BliNvo/XLIW9He4=
Subject key identifier:   63:96:14:35:95:4D:22:87:BE:1E:29:BD:78:37:3C:51:FA:B7:BD:54
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       32BAB9C80DBC57462A5F66AC962674F8BCCF1A77
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS812.roa
Signing time:             Wed 15 Apr 2026 08:53:35 +0000
ROA not before:           Wed 15 Apr 2026 08:48:35 +0000
ROA not after:            Wed 14 Apr 2027 08:53:35 +0000
asID:                     812
IP address blocks:        153.76.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:ba:b9:c8:0d:bc:57:46:2a:5f:66:ac:96:26:74:f8:bc:cf:1a:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Apr 15 08:48:35 2026 GMT
            Not After : Apr 14 08:53:35 2027 GMT
        Subject: CN=63961435954D2287BE1E29BD78373C51FAB7BD54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1a:17:eb:ab:1a:2d:c8:78:a4:2f:30:f9:0e:
                    2d:52:04:a8:96:b1:79:1b:97:2e:8c:41:0c:2f:8b:
                    01:fe:f1:52:b4:26:f9:fc:37:14:f0:d0:e9:e6:ee:
                    d3:c5:cc:2c:f2:8b:dc:a6:0f:60:26:78:63:06:6a:
                    97:e5:d6:a1:d4:4e:9d:4e:27:6c:9d:2a:46:23:56:
                    7d:c3:7a:fe:cc:ec:ad:d4:37:9f:5e:a4:d2:4b:b8:
                    72:e0:cc:46:06:b0:57:e1:57:af:7c:b8:a7:e4:9b:
                    ce:8c:9a:f9:e2:0c:09:a4:ae:83:b5:bf:7f:4f:12:
                    94:20:f9:9f:02:61:8f:fa:0a:db:53:25:3e:46:68:
                    92:79:a4:39:1b:82:e0:93:10:92:79:2c:99:25:5d:
                    26:90:49:3a:d3:8f:37:d5:b5:f4:fa:52:ff:31:66:
                    c0:7f:f7:3e:b2:90:dd:ab:01:1d:7b:a2:e4:1f:fa:
                    18:c0:6f:5c:67:8f:87:b1:94:b0:62:46:95:92:80:
                    97:bd:19:21:52:e7:ac:f6:f4:3c:a8:44:7d:7c:64:
                    dd:79:b8:e7:2c:20:aa:5a:b9:dc:9a:8f:f7:5b:e4:
                    2c:e2:49:04:8f:0d:8a:47:d0:1e:df:ae:58:64:d7:
                    5c:69:34:5d:62:92:8c:be:ce:5d:b8:9b:9a:0e:e5:
                    fc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:96:14:35:95:4D:22:87:BE:1E:29:BD:78:37:3C:51:FA:B7:BD:54
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS812.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.76.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:3f:de:d8:25:9a:33:07:5c:ce:6c:58:6e:07:16:cf:4a:d9:
         95:5b:40:e2:0b:41:ec:1d:5e:12:e5:bf:f6:ec:26:51:85:30:
         3c:f2:77:4f:88:2d:60:db:bf:b7:c0:30:bc:91:26:55:54:80:
         f9:22:b5:56:99:20:cc:d0:61:e9:ea:ad:2f:2a:a2:30:5d:c1:
         db:e5:f9:c9:b9:11:83:1a:4e:ff:f3:29:e0:21:ea:cc:a2:e2:
         fa:35:22:1a:25:a9:92:fd:d4:76:14:76:27:82:52:60:84:cd:
         c7:55:ee:aa:57:a2:01:27:5a:cb:78:fd:43:d2:56:30:c5:97:
         36:11:ea:52:c5:20:09:d2:17:53:0b:36:5d:7c:1d:09:a9:32:
         a0:92:9f:93:e4:07:5f:40:cf:e9:82:04:52:ee:8c:75:46:c7:
         6d:8e:2b:f2:b7:bf:7f:e8:f3:2b:d6:40:99:50:28:96:7d:81:
         25:29:de:fa:49:24:0a:f1:d7:b0:8d:eb:1d:2c:fe:3b:14:15:
         38:f4:4f:cd:28:01:68:29:47:a4:5e:1d:3e:a5:96:ec:0a:fe:
         be:12:fe:22:f7:51:81:10:12:29:f8:f9:29:4d:09:82:3a:ce:
         98:ff:a5:d3:f3:8a:6e:50:dc:64:42:ad:f3:1f:ae:5b:64:89:
         ef:8a:2c:fa
-----BEGIN CERTIFICATE-----
MIIE4jCCA8qgAwIBAgIUMrq5yA28V0YqX2asliZ0+LzPGncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjA0MTUwODQ4MzVaFw0yNzA0MTQwODUzMzVaMDMxMTAvBgNV
BAMTKDYzOTYxNDM1OTU0RDIyODdCRTFFMjlCRDc4MzczQzUxRkFCN0JENTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6GhfrqxotyHikLzD5Di1SBKiW
sXkbly6MQQwviwH+8VK0Jvn8NxTw0Onm7tPFzCzyi9ymD2AmeGMGapfl1qHUTp1O
J2ydKkYjVn3Dev7M7K3UN59epNJLuHLgzEYGsFfhV698uKfkm86MmvniDAmkroO1
v39PEpQg+Z8CYY/6CttTJT5GaJJ5pDkbguCTEJJ5LJklXSaQSTrTjzfVtfT6Uv8x
ZsB/9z6ykN2rAR17ouQf+hjAb1xnj4exlLBiRpWSgJe9GSFS56z29DyoRH18ZN15
uOcsIKpaudyaj/db5CziSQSPDYpH0B7frlhk11xpNF1ikoy+zl24m5oO5fypAgMB
AAGjggHsMIIB6DAdBgNVHQ4EFgQUY5YUNZVNIoe+Him9eDc8Ufq3vVQwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBtBggrBgEF
BQcBCwRhMF8wXQYIKwYBBQUHMAuGUXJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
ODEyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQCmUx8MA0GCSqGSIb3DQEBCwUAA4IBAQAUP97YJZozB1zO
bFhuBxbPStmVW0DiC0HsHV4S5b/27CZRhTA88ndPiC1g27+3wDC8kSZVVID5IrVW
mSDM0GHp6q0vKqIwXcHb5fnJuRGDGk7/8yngIerMouL6NSIaJamS/dR2FHYnglJg
hM3HVe6qV6IBJ1rLeP1D0lYwxZc2EepSxSAJ0hdTCzZdfB0JqTKgkp+T5AdfQM/p
ggRS7ox1Rsdtjivyt79/6PMr1kCZUCiWfYElKd76SSQK8dewjesdLP47FBU49E/N
KAFoKUekXh0+pZbsCv6+Ev4i91GBEBIp+PkpTQmCOs6Y/6XT84puUNxkQq3zH65b
ZInviiz6
-----END CERTIFICATE-----