Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214150.roa
File:                     AS214150.roa (raw, json)
Hash identifier:          jwJIkO4DqZva9Axf97vGZVE5pHS6aiYe4jUcamCYmBY=
Subject key identifier:   BD:64:0F:78:CD:65:EC:FE:42:3E:98:A0:B7:CB:0F:99:72:37:EA:F3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       638AF59F179772F21234B5443229E5326118FE25
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214150.roa
Signing time:             Sat 03 May 2025 23:25:52 +0000
ROA not before:           Sat 03 May 2025 23:20:52 +0000
ROA not after:            Sat 02 May 2026 23:25:52 +0000
asID:                     214150
IP address blocks:        103.137.193.0/24 maxlen: 24
                          103.204.194.0/24 maxlen: 24
                          202.50.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 15:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:8a:f5:9f:17:97:72:f2:12:34:b5:44:32:29:e5:32:61:18:fe:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May  3 23:20:52 2025 GMT
            Not After : May  2 23:25:52 2026 GMT
        Subject: CN=BD640F78CD65ECFE423E98A0B7CB0F997237EAF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:09:3d:1e:27:24:d9:3c:3a:bf:51:3c:16:23:
                    6a:9c:25:30:2f:a5:29:23:c7:cc:62:db:c5:69:95:
                    ca:1b:9b:6e:30:c4:c8:c6:e6:6c:11:ca:3f:1f:9f:
                    1d:d7:f7:14:fc:a1:e9:c7:5f:8a:3b:f2:46:cf:14:
                    e2:71:41:2f:b9:50:86:64:5f:64:c9:16:86:61:a7:
                    99:ea:9c:59:f8:9f:bf:99:de:60:d1:20:30:77:e7:
                    79:6b:92:f0:1d:1e:0d:37:93:34:48:9d:1c:2a:c8:
                    58:8f:94:00:27:2d:bb:4d:e0:4f:a3:75:15:09:fc:
                    60:b5:64:35:f0:d2:4e:40:db:ef:ae:53:31:a1:bf:
                    7b:2d:e0:df:12:9b:50:88:88:8a:8d:73:c2:90:bc:
                    6d:f0:a7:eb:c7:67:07:fd:1c:37:eb:b7:ed:e6:cb:
                    2f:b8:e0:58:27:eb:89:82:17:da:b7:e4:e6:3d:05:
                    ab:b3:aa:80:93:2b:5f:31:87:d7:17:5d:63:7c:f4:
                    d2:31:e0:bf:6e:10:a9:b0:54:ce:25:b9:ea:ad:96:
                    25:31:a7:c4:b2:a7:0b:b2:c7:bf:41:43:72:cf:d4:
                    69:9c:c7:1f:6a:1d:4f:15:b7:be:83:a1:89:38:61:
                    05:80:48:7f:75:86:f9:8d:44:a3:fa:36:b5:a1:e0:
                    a3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:64:0F:78:CD:65:EC:FE:42:3E:98:A0:B7:CB:0F:99:72:37:EA:F3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.137.193.0/24
                  103.204.194.0/24
                  202.50.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:3d:96:70:a3:83:3d:28:6d:85:20:2e:13:32:e9:a4:6f:17:
         fd:9a:7d:df:8d:40:c4:4c:f8:0c:03:6d:2e:9e:3a:39:23:b9:
         2f:4e:87:a0:1e:80:fe:9b:33:bf:e9:41:2c:a5:00:c0:73:3a:
         0d:51:9c:6f:28:ff:35:e4:cb:86:61:10:b0:45:05:06:bf:e9:
         aa:cc:c8:19:42:38:d5:46:f7:ea:a1:07:60:45:71:4d:32:d3:
         47:60:5f:96:6e:8f:20:82:a7:b3:e7:ac:01:23:09:ad:4c:12:
         5d:62:44:01:cb:f4:71:cf:2b:05:2e:e8:af:56:12:49:a9:b3:
         10:c4:4f:69:36:e7:d0:64:13:82:bf:ac:e8:e5:f8:36:37:f3:
         55:7a:e6:0b:2d:d3:1d:a4:ad:a5:aa:f7:97:d0:bd:f4:af:bb:
         6c:9d:f4:a0:8b:c0:7d:46:68:1f:7e:f5:ab:06:8a:3c:5e:2e:
         fa:23:50:97:b4:1d:8c:3f:24:14:99:c6:e1:e3:c3:fc:03:eb:
         1d:68:8a:d5:6d:9c:2f:11:75:ff:25:41:d6:28:17:c1:84:89:
         a3:84:33:65:d8:0d:ef:1f:dc:45:45:05:6c:cf:60:2c:48:52:
         68:2f:ea:4c:41:c3:96:92:f8:c4:56:b5:92:da:57:99:0f:c9:
         0f:32:4a:85
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUY4r1nxeXcvISNLVEMinlMmEY/iUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA1MDMyMzIwNTJaFw0yNjA1MDIyMzI1NTJaMDMxMTAvBgNV
BAMTKEJENjQwRjc4Q0Q2NUVDRkU0MjNFOThBMEI3Q0IwRjk5NzIzN0VBRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcCT0eJyTZPDq/UTwWI2qcJTAv
pSkjx8xi28Vplcobm24wxMjG5mwRyj8fnx3X9xT8oenHX4o78kbPFOJxQS+5UIZk
X2TJFoZhp5nqnFn4n7+Z3mDRIDB353lrkvAdHg03kzRInRwqyFiPlAAnLbtN4E+j
dRUJ/GC1ZDXw0k5A2++uUzGhv3st4N8Sm1CIiIqNc8KQvG3wp+vHZwf9HDfrt+3m
yy+44Fgn64mCF9q35OY9BauzqoCTK18xh9cXXWN89NIx4L9uEKmwVM4lueqtliUx
p8Sypwuyx79BQ3LP1Gmcxx9qHU8Vt76DoYk4YQWASH91hvmNRKP6NrWh4KNRAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUvWQPeM1l7P5CPpigt8sPmXI36vMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE0MTUwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEH
AQH/BBwwGjAYBAIAATASAwQAZ4nBAwQAZ8zCAwQAyjI1MA0GCSqGSIb3DQEBCwUA
A4IBAQDFPZZwo4M9KG2FIC4TMumkbxf9mn3fjUDETPgMA20unjo5I7kvToegHoD+
mzO/6UEspQDAczoNUZxvKP815MuGYRCwRQUGv+mqzMgZQjjVRvfqoQdgRXFNMtNH
YF+Wbo8ggqez56wBIwmtTBJdYkQBy/RxzysFLuivVhJJqbMQxE9pNufQZBOCv6zo
5fg2N/NVeuYLLdMdpK2lqveX0L30r7tsnfSgi8B9RmgffvWrBoo8Xi76I1CXtB2M
PyQUmcbh48P8A+sdaIrVbZwvEXX/JUHWKBfBhImjhDNl2A3vH9xFRQVsz2AsSFJo
L+pMQcOWkvjEVrWS2leZD8kPMkqF
-----END CERTIFICATE-----