Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e96b24c4-b692-4b94-83f5-1da5490b8f3c/8e2df782-cb40-3fbf-afb1-d8b523873658.roa
File:                     8e2df782-cb40-3fbf-afb1-d8b523873658.roa (raw, json)
Hash identifier:          9skpS1MSRj7eTlEWEJmI63JH9K/odcXq7vZgvpQSNDs=
Subject key identifier:   20:35:C4:8F:A1:25:20:39:C8:8B:47:CF:78:C1:8B:CA:AD:6C:3D:FD
Certificate issuer:       /CN=e96b24c4-b692-4b94-83f5-1da5490b8f3c
Certificate serial:       010D0C9F4328584D5235003CE0E17DA9590E3C80
Authority key identifier: AB:B6:E3:90:36:46:4B:D0:0B:9A:D5:22:5A:5E:A3:60:7C:9D:D5:7C
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e96b24c4-b692-4b94-83f5-1da5490b8f3c.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e96b24c4-b692-4b94-83f5-1da5490b8f3c/8e2df782-cb40-3fbf-afb1-d8b523873658.roa
Signing time:             Sat 28 Mar 2026 18:44:39 +0000
ROA not before:           Sat 28 Mar 2026 18:44:39 +0000
ROA not after:            Wed 20 May 2026 15:27:45 +0000
asID:                     203938
IP address blocks:        205.220.225.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:4d:52:35:00:3c:e0:e1:7d:a9:59:0e:3c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96b24c4-b692-4b94-83f5-1da5490b8f3c
        Validity
            Not Before: Mar 28 18:44:39 2026 GMT
            Not After : May 20 15:27:45 2026 GMT
        Subject: CN=bd08e403-5291-42f1-bbfa-5997209cb307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c2:60:d7:15:ec:64:5d:a5:8c:6b:c9:e4:3d:
                    ad:ac:2e:9d:29:4a:48:9f:79:d7:cc:63:f7:76:95:
                    65:b9:22:75:d0:b3:db:5f:8a:d4:96:71:5a:69:bf:
                    1a:c3:ee:d2:8e:c7:2b:6c:8a:0e:e3:91:86:b4:ec:
                    46:c6:30:a5:cd:e0:69:b0:91:22:d6:92:4b:e6:ef:
                    16:d5:a1:58:2f:03:4e:bb:b0:d6:86:8a:90:bd:b7:
                    ed:14:63:dd:85:f7:be:f0:1a:d9:c5:ae:79:4d:5e:
                    46:4c:cc:83:13:3b:7b:c4:6f:3b:49:92:1a:56:84:
                    69:40:0a:48:cd:76:3d:3a:20:95:d1:70:85:0c:25:
                    69:44:56:9b:9a:bc:58:39:43:9b:ec:b5:d0:51:34:
                    63:68:2d:4c:5a:a6:93:09:d6:62:74:7d:50:bc:c1:
                    51:6b:b5:ae:61:15:da:f1:41:68:77:4f:8d:3a:c2:
                    fb:22:c2:3b:30:b6:7b:aa:5e:dc:f1:f2:1c:14:a3:
                    52:5f:f3:31:5f:cf:d3:b0:2c:8d:5d:36:eb:92:da:
                    f6:b7:3a:44:97:66:8b:9e:38:2b:fc:b7:e4:5e:cc:
                    95:f4:22:68:db:b8:1a:49:1e:5b:cd:b9:32:8b:fe:
                    5c:34:61:cd:70:8e:0e:6e:04:a3:81:b5:a2:7c:b3:
                    cc:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:35:C4:8F:A1:25:20:39:C8:8B:47:CF:78:C1:8B:CA:AD:6C:3D:FD
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e96b24c4-b692-4b94-83f5-1da5490b8f3c/8e2df782-cb40-3fbf-afb1-d8b523873658.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e96b24c4-b692-4b94-83f5-1da5490b8f3c/e96b24c4-b692-4b94-83f5-1da5490b8f3c.crl

            X509v3 Authority Key Identifier:
                keyid:AB:B6:E3:90:36:46:4B:D0:0B:9A:D5:22:5A:5E:A3:60:7C:9D:D5:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/e96b24c4-b692-4b94-83f5-1da5490b8f3c.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.220.225.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         0f:1e:26:30:0d:5c:20:74:f0:76:8a:41:23:09:a9:f8:4d:b5:
         aa:9f:c9:8b:5c:f9:86:c1:e6:ec:38:0f:09:88:95:f3:6e:05:
         b8:22:90:85:2c:43:8d:2c:b7:ff:45:3a:5d:42:02:74:19:9f:
         61:ee:72:30:06:b4:23:9e:20:dc:5d:36:fa:4e:4f:5d:37:86:
         3e:65:37:c4:6a:ee:f5:44:05:de:f0:f7:7f:b1:db:73:ab:ed:
         ab:06:bc:2c:35:1c:78:f8:9b:a8:89:e3:9c:c5:62:e9:4a:70:
         06:ac:86:b1:99:9d:84:26:0b:6b:c6:fa:8d:2b:e9:04:6e:5b:
         8e:20:b6:a1:9e:e4:75:ac:14:3d:27:8f:e9:95:c9:4f:06:81:
         1e:35:5a:96:bf:71:38:a7:26:71:36:c8:3e:3e:ba:fd:6d:3a:
         ea:f6:80:7f:26:e8:8c:45:2a:dc:6c:69:1f:a9:38:ae:2e:61:
         dd:24:24:ba:e5:55:07:46:d5:52:e3:c0:ef:a0:9c:e2:ba:55:
         96:bf:87:02:e3:e8:9b:31:be:58:4e:b6:1e:d3:03:b2:30:eb:
         0d:b5:1c:f5:32:91:10:96:49:e8:2b:ee:9e:12:d2:40:b6:d2:
         e4:ce:42:ed:2f:3f:6a:c3:cf:dd:1f:59:20:a1:db:8a:78:4f:
         c4:87:8f:70
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIUAQ0Mn0MoWE1SNQA84OF9qVkOPIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkZTk2YjI0YzQtYjY5Mi00Yjk0LTgzZjUtMWRhNTQ5MGI4
ZjNjMB4XDTI2MDMyODE4NDQzOVoXDTI2MDUyMDE1Mjc0NVowLzEtMCsGA1UEAxMk
YmQwOGU0MDMtNTI5MS00MmYxLWJiZmEtNTk5NzIwOWNiMzA3MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMJg1xXsZF2ljGvJ5D2trC6dKUpIn3nXzGP3
dpVluSJ10LPbX4rUlnFaab8aw+7SjscrbIoO45GGtOxGxjClzeBpsJEi1pJL5u8W
1aFYLwNOu7DWhoqQvbftFGPdhfe+8BrZxa55TV5GTMyDEzt7xG87SZIaVoRpQApI
zXY9OiCV0XCFDCVpRFabmrxYOUOb7LXQUTRjaC1MWqaTCdZidH1QvMFRa7WuYRXa
8UFod0+NOsL7IsI7MLZ7ql7c8fIcFKNSX/MxX8/TsCyNXTbrktr2tzpEl2aLnjgr
/LfkXsyV9CJo27gaSR5bzbkyi/5cNGHNcI4ObgSjgbWifLPMdQIDAQABo4IDVTCC
A1EwHQYDVR0OBBYEFCA1xI+hJSA5yItHz3jBi8qtbD39MIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi9lOTZi
MjRjNC1iNjkyLTRiOTQtODNmNS0xZGE1NDkwYjhmM2MvOGUyZGY3ODItY2I0MC0z
ZmJmLWFmYjEtZDhiNTIzODczNjU4LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvZTk2YjI0YzQtYjY5Mi00Yjk0LTgz
ZjUtMWRhNTQ5MGI4ZjNjL2U5NmIyNGM0LWI2OTItNGI5NC04M2Y1LTFkYTU0OTBi
OGYzYy5jcmwwHwYDVR0jBBgwFoAUq7bjkDZGS9ALmtUiWl6jYHyd1XwwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi9lOTZiMjRjNC1iNjkyLTRiOTQtODNmNS0xZGE1
NDkwYjhmM2MuY2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzdzhMFQG
A1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93
d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQEL
BQADggEBAA8eJjANXCB08HaKQSMJqfhNtaqfyYtc+YbB5uw4DwmIlfNuBbgikIUs
Q40st/9FOl1CAnQZn2HucjAGtCOeINxdNvpOT103hj5lN8Rq7vVEBd7w93+x23Or
7asGvCw1HHj4m6iJ45zFYulKcAashrGZnYQmC2vG+o0r6QRuW44gtqGe5HWsFD0n
j+mVyU8GgR41Wpa/cTinJnE2yD4+uv1tOur2gH8m6IxFKtxsaR+pOK4uYd0kJLrl
VQdG1VLjwO+gnOK6VZa/hwLj6JsxvlhOth7TA7Iw6w21HPUykRCWSegr7p4S0kC2
0uTOQu0vP2rDz90fWSCh24p4T8SHj3A=
-----END CERTIFICATE-----
Generated at Mon Apr 20 15:41:24 2026 by rpki-client