Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207513.roa
File:                     AS207513.roa (raw, json)
Hash identifier:          DvPaRNsgSxux+3oXNqm/T1igFhlhvKWpkLjW4QqvlIY=
Subject key identifier:   25:95:45:41:75:5B:C5:FE:59:96:8A:67:5B:91:C6:98:73:DB:29:E7
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       1E628DC7706D54530C997F15454BC2DB61620444
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207513.roa
Signing time:             Sun 17 Aug 2025 21:05:55 +0000
ROA not before:           Sun 17 Aug 2025 21:00:55 +0000
ROA not after:            Sun 16 Aug 2026 21:05:55 +0000
asID:                     207513
IP address blocks:        81.31.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:62:8d:c7:70:6d:54:53:0c:99:7f:15:45:4b:c2:db:61:62:04:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Aug 17 21:00:55 2025 GMT
            Not After : Aug 16 21:05:55 2026 GMT
        Subject: CN=25954541755BC5FE59968A675B91C69873DB29E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:53:43:e9:66:f1:da:97:c3:f0:c3:7d:87:e5:
                    27:98:6d:44:18:de:26:f6:c3:1a:30:df:5c:f8:ad:
                    ab:81:10:a0:98:00:c9:5b:05:07:09:aa:d3:dc:5e:
                    45:ea:56:b0:8f:15:36:ce:32:44:5c:fe:39:0f:a4:
                    fa:22:1a:58:25:aa:3b:81:3c:08:10:ec:40:26:a4:
                    63:09:25:af:61:57:ea:9d:ef:1d:4d:0e:ec:91:f9:
                    b5:82:63:c1:8a:64:69:21:5b:19:ab:9f:ca:06:c4:
                    87:7f:f1:03:d8:3c:7f:66:93:17:4b:05:ee:92:c9:
                    a6:15:91:b8:d8:73:a0:52:8f:74:02:a4:da:fe:46:
                    a2:ac:d7:58:7d:4e:cd:06:21:04:8e:80:95:ea:de:
                    14:04:49:17:11:22:f9:a4:71:03:37:6e:f7:f8:e8:
                    9b:66:84:e9:93:bb:ee:a1:8a:1e:f8:d6:54:b9:1b:
                    8f:28:47:f0:ad:c3:b8:c5:47:f6:59:05:56:de:7b:
                    78:a0:a0:f7:64:14:fa:6d:d8:a1:9d:70:04:9d:07:
                    09:62:81:f0:c7:f5:a8:6a:b1:80:5b:a7:9d:c8:14:
                    f5:93:b6:6e:1d:7b:e6:ca:58:33:62:f7:f1:21:5a:
                    24:a2:f6:55:fc:db:d9:74:c4:94:21:a2:92:c7:9c:
                    78:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:95:45:41:75:5B:C5:FE:59:96:8A:67:5B:91:C6:98:73:DB:29:E7
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS207513.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:82:03:59:8a:d1:b2:ae:a7:95:fa:91:a6:7d:1d:39:5b:d2:
         6e:1c:9f:83:9b:13:8f:ac:44:67:f5:b8:57:29:90:1b:8a:cb:
         4b:07:cb:41:47:02:b8:2f:f0:c6:43:5f:1a:43:f0:60:d6:e5:
         8a:64:a1:ba:49:42:6e:df:ed:31:ef:ce:85:96:6e:2c:0c:ce:
         01:3e:c5:6e:2f:14:cf:1c:07:26:ee:40:ca:ae:ea:07:a2:b8:
         bc:7f:64:71:e4:94:86:a7:75:0f:65:12:a2:56:a7:2e:1b:fb:
         4e:db:43:17:1d:7d:e6:c1:e3:1f:df:e2:66:01:91:51:a2:78:
         7b:1f:de:6c:34:08:98:a6:10:07:4f:a1:3f:23:0a:d2:37:54:
         33:f6:26:d4:a1:44:ab:77:bd:f7:90:ae:9e:78:4a:5c:51:ca:
         67:de:18:6d:13:15:f0:37:49:ec:dc:d3:3f:c4:07:89:d3:c5:
         de:ca:8c:b1:30:3b:7e:d0:27:18:d9:f4:df:2b:a2:e7:db:0d:
         0d:8b:0a:c3:4d:62:a2:7d:1c:20:d9:54:f8:17:58:d5:2a:44:
         18:80:3c:bb:37:6a:35:ee:8c:6d:20:14:b0:ab:da:eb:d4:92:
         c0:ec:f9:ff:01:8a:45:4c:25:4c:b7:57:bf:6b:36:b7:c2:43:
         ed:c0:71:7e
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUHmKNx3BtVFMMmX8VRUvC22FiBEQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA4MTcyMTAwNTVaFw0yNjA4MTYyMTA1NTVaMDMxMTAvBgNV
BAMTKDI1OTU0NTQxNzU1QkM1RkU1OTk2OEE2NzVCOTFDNjk4NzNEQjI5RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJU0PpZvHal8Pww32H5SeYbUQY
3ib2wxow31z4rauBEKCYAMlbBQcJqtPcXkXqVrCPFTbOMkRc/jkPpPoiGlglqjuB
PAgQ7EAmpGMJJa9hV+qd7x1NDuyR+bWCY8GKZGkhWxmrn8oGxId/8QPYPH9mkxdL
Be6SyaYVkbjYc6BSj3QCpNr+RqKs11h9Ts0GIQSOgJXq3hQESRcRIvmkcQM3bvf4
6JtmhOmTu+6hih741lS5G48oR/Ctw7jFR/ZZBVbee3igoPdkFPpt2KGdcASdBwli
gfDH9ahqsYBbp53IFPWTtm4de+bKWDNi9/EhWiSi9lX829l0xJQhopLHnHhpAgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUJZVFQXVbxf5ZlopnW5HGmHPbKecwHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjA3NTEzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAUR/RMA0GCSqGSIb3DQEBCwUAA4IBAQAhggNZitGy
rqeV+pGmfR05W9JuHJ+DmxOPrERn9bhXKZAbistLB8tBRwK4L/DGQ18aQ/Bg1uWK
ZKG6SUJu3+0x786Flm4sDM4BPsVuLxTPHAcm7kDKruoHori8f2Rx5JSGp3UPZRKi
VqcuG/tO20MXHX3mweMf3+JmAZFRonh7H95sNAiYphAHT6E/IwrSN1Qz9ibUoUSr
d733kK6eeEpcUcpn3hhtExXwN0ns3NM/xAeJ08XeyoyxMDt+0CcY2fTfK6Ln2w0N
iwrDTWKifRwg2VT4F1jVKkQYgDy7N2o17oxtIBSwq9rr1JLA7Pn/AYpFTCVMt1e/
aza3wkPtwHF+
-----END CERTIFICATE-----