Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS400810.roa
File:                     AS400810.roa (raw, json)
Hash identifier:          ZehszlfNNKusbPuMVMWreoZRK+Mf1sokgNcmNnxVitg=
Subject key identifier:   AF:6C:88:1A:26:CC:2A:3B:33:EF:F0:2D:B0:4B:DB:4E:5B:1C:B1:50
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       06F3CF2DA4F5B4350FD52667B5F22B4ED91584F3
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS400810.roa
Signing time:             Thu 16 Oct 2025 19:03:47 +0000
ROA not before:           Thu 16 Oct 2025 18:58:47 +0000
ROA not after:            Thu 15 Oct 2026 19:03:47 +0000
asID:                     400810
IP address blocks:        85.155.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:44:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f3:cf:2d:a4:f5:b4:35:0f:d5:26:67:b5:f2:2b:4e:d9:15:84:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Oct 16 18:58:47 2025 GMT
            Not After : Oct 15 19:03:47 2026 GMT
        Subject: CN=AF6C881A26CC2A3B33EFF02DB04BDB4E5B1CB150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5d:48:94:b5:68:cf:9a:1e:dd:8a:89:f3:24:
                    d0:78:3b:bf:2b:af:f8:7b:c4:7f:ce:e7:48:e1:d7:
                    19:ac:9d:b5:c7:62:cc:c4:3d:01:59:ec:d2:e1:f6:
                    a6:88:a7:d6:08:4c:6a:f0:04:00:d2:0d:0d:33:be:
                    20:b4:9c:65:33:2f:ce:da:43:2a:00:0d:04:8a:f0:
                    4a:25:6a:a1:2f:82:6e:de:b5:fe:e8:99:40:5b:69:
                    36:38:4b:80:a9:67:40:62:6c:28:a4:81:62:11:d1:
                    4f:70:a7:5f:4c:23:88:0b:2e:5b:3f:ec:f9:71:5a:
                    31:61:99:65:49:6d:3e:e9:5a:97:5c:84:1d:c7:14:
                    e3:fa:8c:56:5a:8a:c3:07:bb:7c:f7:c9:33:bd:3a:
                    18:19:d7:bc:53:14:ce:59:36:cc:9b:be:e1:ec:8d:
                    65:25:4d:13:ac:f1:1f:f9:a1:80:0b:49:c0:73:6b:
                    96:c4:59:45:6c:bf:14:96:77:f7:b9:a2:3d:65:8b:
                    46:6c:74:29:26:6c:96:f9:a6:54:99:6a:b3:2b:e5:
                    8d:52:ef:a6:34:60:f9:d2:61:7f:aa:54:6f:c4:d3:
                    0b:5e:f3:4d:52:16:d1:e9:ee:22:c6:55:12:50:60:
                    46:73:32:7d:7d:5a:a1:81:fa:d7:c2:bf:9f:53:18:
                    01:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:6C:88:1A:26:CC:2A:3B:33:EF:F0:2D:B0:4B:DB:4E:5B:1C:B1:50
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS400810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c8:eb:f0:73:39:bf:c8:cd:c6:f2:c2:8c:7e:ae:70:ee:fb:
         fd:22:e9:4e:22:93:b8:fc:df:f6:47:e8:73:44:cd:40:96:1c:
         88:c6:27:1c:d3:03:03:ac:0c:56:88:b7:73:7b:d2:74:26:91:
         2d:90:70:0f:15:b4:2f:5a:47:8d:39:9c:21:0a:44:f3:eb:83:
         1b:bb:db:03:d0:e1:21:81:85:a1:97:7f:c8:67:bf:59:35:63:
         67:a2:9c:32:c4:e3:2a:f9:9d:3b:91:82:db:99:0d:16:f0:17:
         3b:79:f8:d6:0a:c7:05:d7:0e:d3:d9:95:39:76:f3:e7:08:1a:
         c7:cc:4a:fc:50:09:53:90:96:24:9e:17:27:93:18:15:92:a9:
         9e:28:54:4f:d4:f9:f4:60:b3:e1:d9:e3:02:b9:c5:76:84:19:
         8e:8a:c2:db:ee:98:3e:18:9d:d1:25:fc:2f:5e:41:8c:a4:b4:
         d2:62:a8:90:e8:b2:99:e8:ea:5d:9e:98:8e:14:54:a5:e4:e7:
         74:08:10:f6:af:93:e6:20:3f:4f:33:13:82:dc:fd:e2:09:1f:
         cf:76:09:dc:db:93:7f:d9:58:37:a2:58:ff:32:de:ac:78:45:
         24:80:bf:cf:c9:30:de:2f:d1:0c:04:c1:71:1b:00:8a:d9:fc:
         f7:72:83:24
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUBvPPLaT1tDUP1SZntfIrTtkVhPMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTEwMTYxODU4NDdaFw0yNjEwMTUxOTAzNDdaMDMxMTAvBgNV
BAMTKEFGNkM4ODFBMjZDQzJBM0IzM0VGRjAyREIwNEJEQjRFNUIxQ0IxNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPXUiUtWjPmh7dionzJNB4O78r
r/h7xH/O50jh1xmsnbXHYszEPQFZ7NLh9qaIp9YITGrwBADSDQ0zviC0nGUzL87a
QyoADQSK8EolaqEvgm7etf7omUBbaTY4S4CpZ0BibCikgWIR0U9wp19MI4gLLls/
7PlxWjFhmWVJbT7pWpdchB3HFOP6jFZaisMHu3z3yTO9OhgZ17xTFM5ZNsybvuHs
jWUlTROs8R/5oYALScBza5bEWUVsvxSWd/e5oj1li0ZsdCkmbJb5plSZarMr5Y1S
76Y0YPnSYX+qVG/E0wte801SFtHp7iLGVRJQYEZzMn19WqGB+tfCv59TGAGdAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUr2yIGibMKjsz7/AtsEvbTlscsVAwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
NDAwODEwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAVZvgMA0GCSqGSIb3DQEBCwUAA4IBAQBByOvwczm/
yM3G8sKMfq5w7vv9IulOIpO4/N/2R+hzRM1AlhyIxicc0wMDrAxWiLdze9J0JpEt
kHAPFbQvWkeNOZwhCkTz64Mbu9sD0OEhgYWhl3/IZ79ZNWNnopwyxOMq+Z07kYLb
mQ0W8Bc7efjWCscF1w7T2ZU5dvPnCBrHzEr8UAlTkJYknhcnkxgVkqmeKFRP1Pn0
YLPh2eMCucV2hBmOisLb7pg+GJ3RJfwvXkGMpLTSYqiQ6LKZ6OpdnpiOFFSl5Od0
CBD2r5PmID9PMxOC3P3iCR/Pdgnc25N/2Vg3olj/Mt6seEUkgL/PyTDeL9EMBMFx
GwCK2fz3coMk
-----END CERTIFICATE-----