Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa
File:                     38382e3133352e37342e302f32342d3234203d3e20393833.roa (raw, json)
Hash identifier:          OktGhRV8bYzCoMRfLVYMca3Cyl1qFoDuF4NLF943HiQ=
Subject key identifier:   27:01:5B:08:78:F1:77:05:14:78:31:EF:62:29:67:C2:63:2A:6D:64
Certificate issuer:       /CN=3de0b78633aaf10a9b22a1e925eebcd1ed76b0af
Certificate serial:       2FEADEEF171602E4980055BF4A0801543FC34B43
Authority key identifier: 3D:E0:B7:86:33:AA:F1:0A:9B:22:A1:E9:25:EE:BC:D1:ED:76:B0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa
Signing time:             Fri 18 Jul 2025 07:36:59 +0000
ROA not before:           Fri 18 Jul 2025 07:31:59 +0000
ROA not after:            Fri 17 Jul 2026 07:36:59 +0000
asID:                     983
IP address blocks:        88.135.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 17:17:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ea:de:ef:17:16:02:e4:98:00:55:bf:4a:08:01:54:3f:c3:4b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de0b78633aaf10a9b22a1e925eebcd1ed76b0af
        Validity
            Not Before: Jul 18 07:31:59 2025 GMT
            Not After : Jul 17 07:36:59 2026 GMT
        Subject: CN=27015B0878F17705147831EF622967C2632A6D64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:af:c9:09:80:e5:1a:23:12:f3:7c:57:c2:6a:
                    dd:3d:fb:98:b5:6f:67:b7:8f:da:d7:2d:aa:73:16:
                    1b:3f:00:73:f4:fb:e6:5e:cb:a5:65:19:d3:bf:bb:
                    06:8d:6c:d7:8d:8c:7c:42:dc:26:de:b6:a1:dd:15:
                    a1:b4:df:5c:a5:f3:54:79:fa:9f:22:92:e6:21:06:
                    f8:bc:e0:a4:9d:c2:3c:69:10:a3:c1:41:d4:1d:e9:
                    ef:9b:db:24:67:a7:e2:ce:a1:84:d2:0a:d1:b4:57:
                    c6:8d:c6:a5:14:c8:ad:51:81:24:73:7b:b7:e2:5f:
                    8d:6e:8e:18:c8:14:ea:cb:87:d1:3e:78:c1:90:fc:
                    23:46:74:81:43:e3:11:ec:b9:dc:a0:58:f7:5f:63:
                    92:35:0f:73:b0:94:03:46:22:a6:98:d8:ed:f4:ad:
                    7d:a7:35:f0:2b:72:b2:07:9d:e8:29:db:8c:78:64:
                    35:64:93:15:41:72:9b:19:66:ee:2d:a3:bc:22:13:
                    48:40:df:5f:da:2a:0b:73:40:35:f1:30:21:ea:1e:
                    5f:b0:e6:6f:9a:f5:b1:6c:d1:50:85:d5:f9:d3:f7:
                    28:0c:e3:0f:47:1f:49:0f:ad:05:e2:61:6b:aa:02:
                    19:71:79:46:a1:d3:7e:8d:71:83:f7:cf:78:c3:a0:
                    d3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:01:5B:08:78:F1:77:05:14:78:31:EF:62:29:67:C2:63:2A:6D:64
            X509v3 Authority Key Identifier:
                keyid:3D:E0:B7:86:33:AA:F1:0A:9B:22:A1:E9:25:EE:BC:D1:ED:76:B0:AF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:80:53:68:62:59:a5:35:af:82:14:db:ef:6d:04:99:09:4a:
         e4:0f:61:ae:09:de:0a:9c:15:0e:c4:1b:9e:6a:7c:00:c4:ba:
         6e:5b:3f:9d:88:7d:1b:f5:06:f2:d4:32:a1:f5:b3:e5:ae:e7:
         bd:b6:85:80:7c:54:72:a6:bb:a2:39:bd:c6:de:fe:58:1b:cf:
         b7:5a:82:0d:f0:44:4f:e6:dc:51:80:5b:d1:f0:40:a3:51:67:
         88:77:fe:87:d4:db:b0:e6:e2:fe:93:d6:83:57:b4:ab:6f:f9:
         e8:82:09:9b:7f:ba:5a:31:84:47:f6:14:3a:b7:e1:d1:14:61:
         78:6b:4d:ae:4d:c9:dd:39:84:c3:48:ab:01:aa:34:9f:4a:d5:
         e4:5d:f2:c9:a2:ec:ea:78:4f:4c:1d:3e:11:ff:24:0d:c8:de:
         a2:a0:27:ce:06:5b:6c:b4:9a:16:cd:4e:60:34:28:ff:a9:5c:
         74:e8:a2:b8:85:60:e4:c6:e1:28:27:f1:1a:f9:3a:31:55:fd:
         22:41:7a:87:a8:5a:e8:a1:ed:d2:76:6f:ed:ac:ab:b7:df:0e:
         90:07:ac:75:c0:1f:d1:47:9e:39:21:d3:41:10:37:69:aa:2d:
         ed:96:75:9e:87:a8:79:39:0b:b1:32:d7:20:14:1f:63:8e:e5:
         78:27:72:6b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUL+re7xcWAuSYAFW/SggBVD/DS0MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2RlMGI3ODYzM2FhZjEwYTliMjJhMWU5MjVlZWJjZDFl
ZDc2YjBhZjAeFw0yNTA3MTgwNzMxNTlaFw0yNjA3MTcwNzM2NTlaMDMxMTAvBgNV
BAMTKDI3MDE1QjA4NzhGMTc3MDUxNDc4MzFFRjYyMjk2N0MyNjMyQTZENjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDr8kJgOUaIxLzfFfCat09+5i1
b2e3j9rXLapzFhs/AHP0++Zey6VlGdO/uwaNbNeNjHxC3CbetqHdFaG031yl81R5
+p8ikuYhBvi84KSdwjxpEKPBQdQd6e+b2yRnp+LOoYTSCtG0V8aNxqUUyK1RgSRz
e7fiX41ujhjIFOrLh9E+eMGQ/CNGdIFD4xHsudygWPdfY5I1D3OwlANGIqaY2O30
rX2nNfArcrIHnegp24x4ZDVkkxVBcpsZZu4to7wiE0hA31/aKgtzQDXxMCHqHl+w
5m+a9bFs0VCF1fnT9ygM4w9HH0kPrQXiYWuqAhlxeUah036NcYP3z3jDoNPPAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUJwFbCHjxdwUUeDHvYilnwmMqbWQwHwYDVR0j
BBgwFoAUPeC3hjOq8QqbIqHpJe680e12sK8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY5MTRlMGFhNjAxOTE1OWYyZmIyNzBjYTgvMi8zREUwQjc4NjMz
QUFGMTBBOUIyMkExRTkyNUVFQkNEMUVENzZCMEFGLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvUGVDM2hqT3E4UXFiSXFIcEplNjgwZTEyc0s4LmNlcjCBmwYIKwYB
BQUHAQsEgY4wgYswgYgGCCsGAQUFBzALhnxyc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGY5MTRlMGFhNjAxOTE1OWYyZmIyNzBjYTgv
Mi8zODM4MmUzMTMzMzUyZTM3MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTM4
MzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABYh0owDQYJKoZIhvcNAQELBQADggEBACuAU2hiWaU1r4IU
2+9tBJkJSuQPYa4J3gqcFQ7EG55qfADEum5bP52IfRv1BvLUMqH1s+Wu5722hYB8
VHKmu6I5vcbe/lgbz7dagg3wRE/m3FGAW9HwQKNRZ4h3/ofU27Dm4v6T1oNXtKtv
+eiCCZt/uloxhEf2FDq34dEUYXhrTa5Nyd05hMNIqwGqNJ9K1eRd8smi7Op4T0wd
PhH/JA3I3qKgJ84GW2y0mhbNTmA0KP+pXHTooriFYOTG4Sgn8Rr5OjFV/SJBeoeo
Wuih7dJ2b+2sq7ffDpAHrHXAH9FHnjkh00EQN2mqLe2WdZ6HqHk5C7Ey1yAUH2OO
5Xgncms=
-----END CERTIFICATE-----