Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214441.roa
File:                     AS214441.roa (raw, json)
Hash identifier:          E3ytPvPxeXxrIHv3NWCkwKhr7f294BmC3SsaVnfOSDg=
Subject key identifier:   72:32:97:9A:E4:28:E5:D3:62:DC:18:15:88:26:BF:39:44:80:E7:85
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       0E5E28B08B771437FD1CAF8955BE1AD8D2B0667B
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214441.roa
Signing time:             Wed 18 Jun 2025 21:15:15 +0000
ROA not before:           Wed 18 Jun 2025 21:10:15 +0000
ROA not after:            Wed 17 Jun 2026 21:15:15 +0000
asID:                     214441
IP address blocks:        81.31.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 01:17:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:5e:28:b0:8b:77:14:37:fd:1c:af:89:55:be:1a:d8:d2:b0:66:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Jun 18 21:10:15 2025 GMT
            Not After : Jun 17 21:15:15 2026 GMT
        Subject: CN=7232979AE428E5D362DC18158826BF394480E785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:54:b1:59:fe:b8:de:16:83:e3:e4:9f:01:5a:
                    a2:96:35:dc:5a:47:0a:bd:cf:a0:7c:b1:2c:f8:e3:
                    fa:4c:ef:76:d5:a9:6b:4d:31:eb:13:20:8b:72:be:
                    dd:23:7c:17:dd:b6:25:a5:db:b5:96:cd:9e:32:67:
                    24:ff:b8:78:8a:56:a2:3f:a1:ec:a3:51:da:fa:e2:
                    ed:ae:fb:a1:43:eb:1a:42:4e:03:bc:cc:19:c1:5c:
                    7c:58:0e:93:30:ba:9d:64:c7:83:be:a9:ea:0d:2e:
                    95:a9:15:6c:08:bb:f8:c2:73:b1:e6:ff:a8:eb:e5:
                    5e:62:4b:cf:0e:8d:09:ec:6b:9e:b1:38:87:37:15:
                    e0:c4:8d:16:56:be:2f:69:fe:ca:e6:d7:49:b2:56:
                    f2:d7:24:03:42:7e:e8:99:f8:8d:f1:e0:41:a0:ba:
                    16:4d:e7:1e:07:32:26:0d:b5:bc:3b:ed:21:99:33:
                    31:94:0f:ef:ec:5c:88:d7:ff:7d:45:97:28:03:48:
                    ef:55:fd:f2:5a:c7:af:c8:09:d5:97:ef:f0:81:ba:
                    34:15:88:a6:31:2f:52:95:9c:aa:2f:23:b5:b0:a2:
                    95:4a:9c:32:e8:5a:81:15:83:d8:69:06:86:af:94:
                    7f:d4:60:e5:a2:d6:3d:55:fd:ac:21:91:e8:63:1f:
                    51:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:32:97:9A:E4:28:E5:D3:62:DC:18:15:88:26:BF:39:44:80:E7:85
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS214441.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:a3:d6:9a:4e:62:ab:83:81:eb:9b:b1:03:64:df:47:4f:16:
         d7:94:2a:4a:5f:ba:c2:db:2e:e6:16:f7:f8:66:01:c1:0a:ca:
         c6:0c:71:42:6b:5f:00:ef:46:61:a6:44:04:9a:99:f0:11:fd:
         ce:a0:0a:45:31:d1:8e:4c:02:e2:83:ab:8b:cb:53:8f:4b:ce:
         d6:0f:68:90:19:0b:23:6d:52:f2:90:67:44:8f:91:4f:ba:55:
         9c:38:37:fd:ad:57:1d:81:14:c4:bc:ad:2a:9b:57:a9:33:b4:
         9c:31:21:7b:1b:35:73:b1:1b:b5:5d:98:58:34:9b:3c:a3:f1:
         13:18:8a:76:e8:97:53:73:ed:8c:8d:0c:ce:ef:e0:80:08:6a:
         af:d2:73:72:89:c4:32:f2:8f:41:9c:da:4d:f6:f3:78:27:65:
         3f:a0:61:19:5c:85:33:32:9d:5b:cd:d7:a7:d6:0a:84:ff:8a:
         38:1b:5e:f5:7b:21:f0:9b:dd:0b:4d:f0:a5:62:01:84:ad:ec:
         c5:bc:97:cf:e8:69:4f:1f:65:5d:40:96:6a:16:94:ed:c1:c0:
         8e:3d:a1:f0:0e:e7:0b:3a:5e:bd:ab:42:d0:e5:05:40:5a:a0:
         ad:d1:f2:28:38:ef:02:0e:b2:f5:1b:3b:b3:39:e1:35:aa:40:
         31:16:e9:f5
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUDl4osIt3FDf9HK+JVb4a2NKwZnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA2MTgyMTEwMTVaFw0yNjA2MTcyMTE1MTVaMDMxMTAvBgNV
BAMTKDcyMzI5NzlBRTQyOEU1RDM2MkRDMTgxNTg4MjZCRjM5NDQ4MEU3ODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+VLFZ/rjeFoPj5J8BWqKWNdxa
Rwq9z6B8sSz44/pM73bVqWtNMesTIItyvt0jfBfdtiWl27WWzZ4yZyT/uHiKVqI/
oeyjUdr64u2u+6FD6xpCTgO8zBnBXHxYDpMwup1kx4O+qeoNLpWpFWwIu/jCc7Hm
/6jr5V5iS88OjQnsa56xOIc3FeDEjRZWvi9p/srm10myVvLXJANCfuiZ+I3x4EGg
uhZN5x4HMiYNtbw77SGZMzGUD+/sXIjX/31FlygDSO9V/fJax6/ICdWX7/CBujQV
iKYxL1KVnKovI7WwopVKnDLoWoEVg9hpBoavlH/UYOWi1j1V/awhkehjH1EtAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUcjKXmuQo5dNi3BgViCa/OUSA54UwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjE0NDQxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAUR/RMA0GCSqGSIb3DQEBCwUAA4IBAQAwo9aaTmKr
g4Hrm7EDZN9HTxbXlCpKX7rC2y7mFvf4ZgHBCsrGDHFCa18A70ZhpkQEmpnwEf3O
oApFMdGOTALig6uLy1OPS87WD2iQGQsjbVLykGdEj5FPulWcODf9rVcdgRTEvK0q
m1epM7ScMSF7GzVzsRu1XZhYNJs8o/ETGIp26JdTc+2MjQzO7+CACGqv0nNyicQy
8o9BnNpN9vN4J2U/oGEZXIUzMp1bzden1gqE/4o4G171eyHwm90LTfClYgGErezF
vJfP6GlPH2VdQJZqFpTtwcCOPaHwDucLOl69q0LQ5QVAWqCt0fIoOO8CDrL1Gzuz
OeE1qkAxFun1
-----END CERTIFICATE-----