Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa
File:                     AS209022.roa (raw, json)
Hash identifier:          ljOSDgbRtPc6F5xGrenLIrUuSDySwSVSotQLeUpRT4c=
Subject key identifier:   AF:C5:1B:A3:E1:9B:0F:CC:A1:59:20:54:A8:1D:CC:D3:47:9D:B3:1C
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       075F4013CB6C888628ACC3496F317B86E7442E23
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa
Signing time:             Tue 24 Mar 2026 12:21:37 +0000
ROA not before:           Tue 24 Mar 2026 12:16:37 +0000
ROA not after:            Tue 23 Mar 2027 12:21:37 +0000
asID:                     209022
IP address blocks:        144.48.81.0/24 maxlen: 24
                          185.121.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:5f:40:13:cb:6c:88:86:28:ac:c3:49:6f:31:7b:86:e7:44:2e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Mar 24 12:16:37 2026 GMT
            Not After : Mar 23 12:21:37 2027 GMT
        Subject: CN=AFC51BA3E19B0FCCA1592054A81DCCD3479DB31C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f0:9a:e4:ca:6b:6a:34:bd:48:19:df:a0:65:
                    09:ae:7c:9d:f7:0b:94:3d:02:36:18:6b:48:90:18:
                    a5:ff:8e:4d:f1:6d:9a:d6:fd:8e:bb:4e:89:26:d7:
                    42:55:fb:e0:19:30:ba:45:83:7c:0c:44:95:89:f8:
                    ec:0d:9f:a2:86:1e:3c:8d:f3:bf:de:4c:e8:ab:63:
                    7d:1f:18:9f:74:8a:8c:e4:1f:8c:75:a5:50:93:64:
                    c6:e3:7e:18:9b:e6:2d:4c:72:fa:be:ce:cd:ff:be:
                    66:8c:86:4e:9b:4c:72:6a:80:07:29:d0:64:66:3d:
                    99:10:f9:28:08:31:0e:a6:ae:c9:63:ee:ff:06:5c:
                    ce:d5:29:08:59:f1:ea:ac:10:e8:6f:12:ae:fc:bf:
                    5a:8a:0e:cd:1a:f5:f2:0c:4e:3e:8e:32:d9:5d:e4:
                    21:29:a8:b2:96:a9:e6:37:b7:11:ce:df:f1:59:bf:
                    c6:ca:93:85:87:cf:18:6a:11:a7:a6:82:a0:54:cd:
                    e6:cb:d6:48:b9:32:83:90:dc:e9:a2:ca:f5:53:2e:
                    59:a7:80:93:d2:92:43:b2:6c:05:82:83:95:8f:8c:
                    fc:70:e6:ee:79:8e:9a:30:30:b9:76:6c:62:37:c0:
                    70:ad:83:d3:40:ed:ff:39:52:ea:84:04:39:b1:6a:
                    fd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:C5:1B:A3:E1:9B:0F:CC:A1:59:20:54:A8:1D:CC:D3:47:9D:B3:1C
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS209022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.81.0/24
                  185.121.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:00:90:e1:ad:41:44:d2:af:a9:35:02:43:4f:bf:8b:21:3d:
         2b:ec:e4:33:41:28:ff:a2:c8:d2:a1:08:6d:8a:f3:3d:8c:1e:
         41:34:28:5e:33:c0:d0:9b:4b:df:1c:af:d4:3f:f3:af:2a:26:
         3b:af:cb:2f:66:c7:ea:60:90:c9:77:e6:25:e7:b3:0e:58:68:
         07:7c:d6:da:1f:a8:2d:55:36:4c:b4:4a:82:d1:b1:97:60:f4:
         c9:99:22:4a:9d:8d:3d:8c:02:95:81:18:69:a5:89:78:8d:58:
         07:bb:ec:54:77:54:c2:ab:d2:6e:5e:c8:60:95:4c:23:d4:e8:
         9f:c4:65:b9:7a:55:ad:8e:87:61:96:91:5a:36:55:a4:71:40:
         77:e5:8b:c9:dd:cf:ec:1b:8a:eb:f3:44:5b:03:f8:85:c8:b4:
         a3:58:47:22:5a:37:c4:98:69:6a:2d:cc:15:cd:6a:c9:80:d9:
         df:3b:21:b3:c1:b5:48:1f:98:d2:88:dc:80:76:51:4a:98:de:
         2d:a4:0b:c8:b5:6f:bf:19:22:da:ec:96:14:b0:61:a8:92:9d:
         df:30:9b:8f:6e:d8:c1:c7:6f:ac:54:26:36:b9:d4:32:9f:f5:
         07:8d:7b:25:c3:73:7d:10:de:63:ef:3a:67:91:e3:fc:4f:be:
         f9:bb:b1:c2
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUB19AE8tsiIYorMNJbzF7hudELiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAzMjQxMjE2MzdaFw0yNzAzMjMxMjIxMzdaMDMxMTAvBgNV
BAMTKEFGQzUxQkEzRTE5QjBGQ0NBMTU5MjA1NEE4MURDQ0QzNDc5REIzMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF8JrkymtqNL1IGd+gZQmufJ33
C5Q9AjYYa0iQGKX/jk3xbZrW/Y67Tokm10JV++AZMLpFg3wMRJWJ+OwNn6KGHjyN
87/eTOirY30fGJ90iozkH4x1pVCTZMbjfhib5i1Mcvq+zs3/vmaMhk6bTHJqgAcp
0GRmPZkQ+SgIMQ6mrslj7v8GXM7VKQhZ8eqsEOhvEq78v1qKDs0a9fIMTj6OMtld
5CEpqLKWqeY3txHO3/FZv8bKk4WHzxhqEaemgqBUzebL1ki5MoOQ3OmiyvVTLlmn
gJPSkkOybAWCg5WPjPxw5u55jpowMLl2bGI3wHCtg9NA7f85UuqEBDmxav3/AgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUr8Ubo+GbD8yhWSBUqB3M00edsxwwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA5MDIyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAkDBRAwQAuXmpMA0GCSqGSIb3DQEBCwUAA4IBAQAP
AJDhrUFE0q+pNQJDT7+LIT0r7OQzQSj/osjSoQhtivM9jB5BNCheM8DQm0vfHK/U
P/OvKiY7r8svZsfqYJDJd+Yl57MOWGgHfNbaH6gtVTZMtEqC0bGXYPTJmSJKnY09
jAKVgRhppYl4jVgHu+xUd1TCq9JuXshglUwj1OifxGW5elWtjodhlpFaNlWkcUB3
5YvJ3c/sG4rr80RbA/iFyLSjWEciWjfEmGlqLcwVzWrJgNnfOyGzwbVIH5jSiNyA
dlFKmN4tpAvItW+/GSLa7JYUsGGokp3fMJuPbtjBx2+sVCY2udQyn/UHjXslw3N9
EN5j7zpnkeP8T775u7HC
-----END CERTIFICATE-----