Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa
File:                     326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa (raw, json)
Hash identifier:          H2G6iQVsxcVg3CVn+pLu8j+yC0OstxCPpVeftnZayWM=
Subject key identifier:   C2:02:7C:5F:6B:BE:89:5A:2C:0F:D3:80:CA:93:28:D6:4F:0A:79:95
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       7225F4D18B75B783F1FE7BD5A6EE8411A8BBBD44
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa
Signing time:             Sat 07 Dec 2024 12:13:26 +0000
ROA not before:           Sat 07 Dec 2024 12:08:26 +0000
ROA not after:            Sat 06 Dec 2025 12:13:26 +0000
asID:                     399160
IP address blocks:        2a00:dd80:3e:4::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:03:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:25:f4:d1:8b:75:b7:83:f1:fe:7b:d5:a6:ee:84:11:a8:bb:bd:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Dec  7 12:08:26 2024 GMT
            Not After : Dec  6 12:13:26 2025 GMT
        Subject: CN=C2027C5F6BBE895A2C0FD380CA9328D64F0A7995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:37:cf:84:ab:34:85:fd:28:5b:7f:72:93:e3:
                    d3:c2:8c:56:b4:f4:82:2b:34:30:27:d6:12:5d:2b:
                    49:6a:fb:1c:46:0b:7b:25:ce:da:eb:9c:ed:16:6d:
                    8a:b9:44:7c:1e:4b:79:96:ad:3b:43:3d:1f:08:42:
                    6d:ff:78:72:15:11:71:5a:26:05:bf:ee:b2:84:9a:
                    9b:58:60:1a:47:9a:b1:e5:f5:d5:96:ef:35:3c:dd:
                    4b:69:4b:98:c4:ee:dc:65:9b:49:37:04:27:4d:d4:
                    e6:a5:e2:75:36:08:03:72:9e:b0:31:6d:f4:ca:f8:
                    95:d0:3c:dd:29:80:ee:ce:3c:a0:2d:10:c2:b4:21:
                    53:dc:54:80:0b:d7:43:18:b8:f4:2a:51:b4:96:75:
                    6b:23:32:34:fd:b2:dd:91:82:11:00:d5:10:54:04:
                    33:03:81:e2:94:7b:4e:5a:f8:ec:de:f6:1c:0c:10:
                    79:5c:6b:83:c9:ef:86:c1:a1:27:cc:a0:dd:fa:f8:
                    d7:9c:e7:d6:ae:51:90:80:39:a1:77:75:a4:b3:37:
                    44:d1:c0:0d:9a:47:e0:cd:0e:3c:a6:1f:95:71:73:
                    05:93:26:78:ae:d6:de:75:78:23:f5:52:bf:95:66:
                    e7:8d:86:b1:67:8e:7e:6f:08:f3:20:b3:bb:3a:c9:
                    36:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:02:7C:5F:6B:BE:89:5A:2C:0F:D3:80:CA:93:28:D6:4F:0A:79:95
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3e:4::/64

    Signature Algorithm: sha256WithRSAEncryption
         b0:24:43:40:ff:96:05:17:36:1c:90:65:e1:08:34:ec:79:e4:
         93:04:ae:20:5b:c6:cc:de:31:53:ac:5d:6e:42:45:ca:6a:84:
         26:b9:8d:a5:00:95:cd:ce:00:5f:fc:2d:1c:cc:30:bf:f0:36:
         3c:a7:6f:3e:8b:6c:86:23:24:05:05:61:81:19:33:22:13:90:
         c4:9b:04:4d:02:d6:e5:de:12:8b:e8:9b:cc:9a:ae:1a:88:bd:
         80:c3:8d:a3:e0:08:e2:a2:f1:d3:2a:60:82:c2:03:7d:85:c5:
         7d:b8:59:8a:b9:7c:e9:bf:c8:b8:74:49:f5:34:10:44:8f:b7:
         26:f6:51:c0:f8:85:10:4b:65:42:7b:31:16:24:0a:f6:38:26:
         3a:6d:ee:88:91:66:6f:64:df:98:60:9b:cc:69:fc:b3:87:5f:
         46:52:92:21:25:bf:da:7f:47:1b:78:22:5b:ac:5e:8a:d4:d1:
         7f:db:3e:d7:ee:7e:7a:0a:53:c8:41:1b:90:d0:0c:54:3b:fe:
         56:fe:1f:cc:c1:03:6f:15:14:38:58:67:60:0c:fd:63:93:50:
         0c:a1:a8:aa:9d:30:79:67:d5:b2:50:ab:5b:c5:ed:11:9c:0d:
         bc:a0:3b:15:d4:06:96:24:f3:c7:ef:a1:5f:a3:bd:26:bd:da:
         a1:4d:f3:01
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUciX00Yt1t4Px/nvVpu6EEai7vUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDEyMDcxMjA4MjZaFw0yNTEyMDYxMjEzMjZaMDMxMTAvBgNV
BAMTKEMyMDI3QzVGNkJCRTg5NUEyQzBGRDM4MENBOTMyOEQ2NEYwQTc5OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7N8+EqzSF/Shbf3KT49PCjFa0
9IIrNDAn1hJdK0lq+xxGC3slztrrnO0WbYq5RHweS3mWrTtDPR8IQm3/eHIVEXFa
JgW/7rKEmptYYBpHmrHl9dWW7zU83UtpS5jE7txlm0k3BCdN1Oal4nU2CANynrAx
bfTK+JXQPN0pgO7OPKAtEMK0IVPcVIAL10MYuPQqUbSWdWsjMjT9st2RghEA1RBU
BDMDgeKUe05a+Oze9hwMEHlca4PJ74bBoSfMoN36+Nec59auUZCAOaF3daSzN0TR
wA2aR+DNDjymH5VxcwWTJniu1t51eCP1Ur+VZueNhrFnjn5vCPMgs7s6yTYRAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUwgJ8X2u+iVosD9OAypMo1k8KeZUwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY1M2EzNDNhM2EyZjM2MzQyZDM2MzQy
MDNkM2UyMDMzMzkzOTMxMzYzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAkBggrBgEFBQcBBwEB/wQVMBMwEQQCAAIwCwMJACoA3YAAPgAEMA0GCSqGSIb3
DQEBCwUAA4IBAQCwJENA/5YFFzYckGXhCDTseeSTBK4gW8bM3jFTrF1uQkXKaoQm
uY2lAJXNzgBf/C0czDC/8DY8p28+i2yGIyQFBWGBGTMiE5DEmwRNAtbl3hKL6JvM
mq4aiL2Aw42j4AjiovHTKmCCwgN9hcV9uFmKuXzpv8i4dEn1NBBEj7cm9lHA+IUQ
S2VCezEWJAr2OCY6be6IkWZvZN+YYJvMafyzh19GUpIhJb/af0cbeCJbrF6K1NF/
2z7X7n56ClPIQRuQ0AxUO/5W/h/MwQNvFRQ4WGdgDP1jk1AMoaiqnTB5Z9WyUKtb
xe0RnA28oDsV1AaWJPPH76Ffo70mvdqhTfMB
-----END CERTIFICATE-----