Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200775.roa
File:                     AS200775.roa (raw, json)
Hash identifier:          FE8rM+1LB6TrJp3AymhWQsUSC0/Oc7rGCPkeG1ak6m8=
Subject key identifier:   FC:28:7C:D9:06:DB:73:59:73:5F:65:FB:BE:E8:C8:51:2C:E7:F1:75
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       72C61FB68B1504738B61EB8FBBF8D8331D0870EA
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200775.roa
Signing time:             Thu 26 Mar 2026 09:12:08 +0000
ROA not before:           Thu 26 Mar 2026 09:07:08 +0000
ROA not after:            Thu 25 Mar 2027 09:12:08 +0000
asID:                     200775
IP address blocks:        185.121.178.0/24 maxlen: 24
                          2a0d:d904:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:c6:1f:b6:8b:15:04:73:8b:61:eb:8f:bb:f8:d8:33:1d:08:70:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Mar 26 09:07:08 2026 GMT
            Not After : Mar 25 09:12:08 2027 GMT
        Subject: CN=FC287CD906DB7359735F65FBBEE8C8512CE7F175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:33:2b:35:e1:6d:83:d7:d3:f6:a0:7e:bb:17:
                    b7:93:85:aa:e7:e0:e6:81:86:3b:7b:e1:b0:42:b8:
                    5b:62:13:af:41:08:39:4f:d2:81:b9:3c:b3:5d:15:
                    2b:c2:35:83:62:10:f2:b0:f4:61:92:f2:74:4d:16:
                    46:f8:14:81:40:dc:04:60:2d:fe:aa:1a:39:09:43:
                    dc:bf:22:41:80:df:09:96:50:71:48:aa:1c:3c:37:
                    a0:69:ff:11:f5:cd:1d:1e:0c:eb:97:fa:b1:1a:c0:
                    db:0d:bb:7a:16:c7:ab:ab:ad:0c:02:29:19:aa:dd:
                    b3:8f:28:e4:19:00:6c:25:f8:26:54:25:96:92:a7:
                    82:05:4f:5c:a1:cc:a6:c4:b6:35:ff:e8:b5:ee:b7:
                    5c:5c:b1:db:cc:28:1a:18:2b:f3:da:17:6f:da:5b:
                    2b:8a:b8:4c:51:d1:5d:ae:a9:b9:19:dd:ff:08:69:
                    b3:3d:8e:31:f5:dd:35:64:9c:96:8f:64:20:d1:9e:
                    b3:8b:6d:65:82:a4:36:3d:fb:2c:b7:1e:ed:ec:5a:
                    e4:6c:e2:ff:32:66:22:be:31:39:fe:f8:78:ec:05:
                    10:45:8f:82:0b:e1:a2:0d:1f:4d:b2:b9:d0:5d:3b:
                    e6:28:eb:bd:18:d0:ec:41:8c:e5:3b:b0:10:e4:fa:
                    44:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:28:7C:D9:06:DB:73:59:73:5F:65:FB:BE:E8:C8:51:2C:E7:F1:75
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS200775.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.178.0/24
                IPv6:
                  2a0d:d904:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         53:af:da:6b:96:6f:20:f6:42:2a:85:47:a0:de:f8:30:d3:ae:
         b9:b5:b9:ce:56:f4:5b:65:53:f4:5f:2c:ce:0d:26:79:9a:76:
         e2:05:d1:d2:c8:1a:9a:74:50:fd:34:cb:72:db:ae:c6:34:03:
         a9:12:a1:ff:de:9f:89:87:90:37:51:a3:27:fb:04:e9:67:5f:
         f0:c1:ef:c9:99:e6:17:e5:23:56:74:02:19:7e:7f:5a:d7:3c:
         2a:f6:c4:52:33:03:66:8f:ac:af:28:f8:c8:47:8a:ac:3e:c5:
         99:b2:e2:8f:0d:88:af:88:7c:c7:79:05:3a:ea:bc:cc:50:06:
         c4:3f:bb:ba:a4:77:69:19:e7:2a:d4:1b:62:0a:5c:f2:1d:df:
         81:64:ad:fc:15:07:11:de:7d:5e:9e:4d:11:16:6b:6b:d0:aa:
         54:3a:c7:fc:c1:1c:eb:0a:8d:d7:fb:0c:4a:fa:49:ea:6b:eb:
         ba:e7:14:39:69:7d:16:26:14:74:2f:b6:7a:7e:b1:43:36:6a:
         96:b1:28:6f:96:65:09:64:91:4a:97:ab:d2:0d:b4:7d:6a:e9:
         e8:ea:07:b6:94:f0:aa:96:19:82:89:81:1e:73:e2:47:f7:4c:
         c8:6e:86:47:f0:ab:5b:f2:60:dc:3c:78:02:9b:26:a2:af:91:
         73:93:83:6b
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIUcsYftosVBHOLYeuPu/jYMx0IcOowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAzMjYwOTA3MDhaFw0yNzAzMjUwOTEyMDhaMDMxMTAvBgNV
BAMTKEZDMjg3Q0Q5MDZEQjczNTk3MzVGNjVGQkJFRThDODUxMkNFN0YxNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZMys14W2D19P2oH67F7eTharn
4OaBhjt74bBCuFtiE69BCDlP0oG5PLNdFSvCNYNiEPKw9GGS8nRNFkb4FIFA3ARg
Lf6qGjkJQ9y/IkGA3wmWUHFIqhw8N6Bp/xH1zR0eDOuX+rEawNsNu3oWx6urrQwC
KRmq3bOPKOQZAGwl+CZUJZaSp4IFT1yhzKbEtjX/6LXut1xcsdvMKBoYK/PaF2/a
WyuKuExR0V2uqbkZ3f8IabM9jjH13TVknJaPZCDRnrOLbWWCpDY9+yy3Hu3sWuRs
4v8yZiK+MTn++HjsBRBFj4IL4aINH02yudBdO+Yo670Y0OxBjOU7sBDk+kRvAgMB
AAGjggH/MIIB+zAdBgNVHQ4EFgQU/Ch82Qbbc1lzX2X7vujIUSzn8XUwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAwNzc1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEH
AQH/BCAwHjAMBAIAATAGAwQAuXmyMA4EAgACMAgDBgQqDdkE8DANBgkqhkiG9w0B
AQsFAAOCAQEAU6/aa5ZvIPZCKoVHoN74MNOuubW5zlb0W2VT9F8szg0meZp24gXR
0sgamnRQ/TTLctuuxjQDqRKh/96fiYeQN1GjJ/sE6Wdf8MHvyZnmF+UjVnQCGX5/
Wtc8KvbEUjMDZo+sryj4yEeKrD7FmbLijw2Ir4h8x3kFOuq8zFAGxD+7uqR3aRnn
KtQbYgpc8h3fgWSt/BUHEd59Xp5NERZra9CqVDrH/MEc6wqN1/sMSvpJ6mvruucU
OWl9FiYUdC+2en6xQzZqlrEob5ZlCWSRSper0g20fWrp6OoHtpTwqpYZgomBHnPi
R/dMyG6GR/CrW/Jg3Dx4Apsmoq+Rc5ODaw==
-----END CERTIFICATE-----