Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e38382e302f32342d3234203d3e203336323336.roa
File:                     3137362e35382e38382e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          rHi3y71go/RK8Mv4jSnWV6FUsby5HYZhJ2dVMey4a14=
Subject key identifier:   3D:5E:0D:E1:71:C6:90:75:5C:20:19:47:F2:B5:39:5D:4A:EB:8F:55
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       492A6EA4FFE440C665DA8ED739369E4B40EA9C5C
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e38382e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 22:55:41 +0000
ROA not before:           Mon 02 Oct 2023 22:50:41 +0000
ROA not after:            Mon 30 Sep 2024 22:55:41 +0000
asID:                     36236
IP address blocks:        176.58.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:2a:6e:a4:ff:e4:40:c6:65:da:8e:d7:39:36:9e:4b:40:ea:9c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 22:50:41 2023 GMT
            Not After : Sep 30 22:55:41 2024 GMT
        Subject: CN=3D5E0DE171C690755C201947F2B5395D4AEB8F55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6c:34:39:7c:65:fd:10:ff:8d:2e:4b:a2:a4:
                    fa:63:6a:4a:33:a1:e0:60:8c:96:c9:31:53:e8:a6:
                    1c:30:a5:32:5e:08:75:5a:e6:ab:fe:34:7c:ce:d2:
                    97:ae:50:6c:86:dc:20:05:b8:b9:ce:cb:fb:5f:31:
                    48:f3:7d:23:71:28:94:36:4c:6c:e0:17:47:0c:d0:
                    7a:69:78:17:b1:ea:42:d7:f7:7b:1d:b0:c8:22:7c:
                    52:ec:78:64:b1:0d:96:e4:68:e3:c5:e0:ee:c7:a0:
                    cf:19:94:c8:ec:da:48:e1:de:12:8c:71:8c:68:3c:
                    5f:b1:66:a8:c1:5f:6d:6b:3c:78:8a:a1:ce:6f:b1:
                    80:07:a1:34:b9:12:2d:8b:49:ca:a9:e0:90:1d:86:
                    7f:dd:31:f0:d1:98:06:71:f4:d7:1a:3d:91:7d:b0:
                    73:c3:6a:1e:30:ca:f6:21:c2:18:4b:15:62:c9:77:
                    e4:d1:75:8c:83:a5:92:14:9c:cf:55:19:9c:04:4b:
                    95:26:29:81:b1:22:17:6c:db:b4:2a:75:59:4c:36:
                    b8:38:11:3a:08:78:95:b4:77:0d:9f:a9:9a:b5:6a:
                    da:cd:48:a6:1c:37:cf:1b:ea:e2:65:a4:d3:f2:a8:
                    1d:dd:75:b0:82:01:96:3b:42:e2:7e:28:c3:ad:dc:
                    b2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:5E:0D:E1:71:C6:90:75:5C:20:19:47:F2:B5:39:5D:4A:EB:8F:55
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e38382e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:76:82:f5:49:a3:21:70:de:27:50:0f:8d:1a:40:51:46:f8:
         11:b5:1b:0c:39:78:94:b6:f0:3b:47:ad:a9:f1:66:75:52:ef:
         e1:93:d2:8e:7b:92:44:71:e8:ab:a9:41:17:67:b5:88:0d:c1:
         e3:68:62:d8:5e:5b:21:cf:8f:c6:18:62:97:f7:03:bf:f1:59:
         7f:6f:ea:91:0d:58:cb:5e:cc:13:ac:0a:89:f8:58:92:22:97:
         60:a1:c4:46:41:c6:03:60:5f:43:c9:53:cc:71:fd:62:d8:26:
         aa:c0:ce:68:32:5a:b8:f4:a0:60:be:74:97:ff:8b:a5:f7:b0:
         89:46:66:09:df:75:bd:59:b6:c7:b3:24:cc:03:97:8e:81:2e:
         0c:eb:bb:ed:a8:f0:db:58:01:17:18:06:37:fc:bd:ac:7a:57:
         74:a4:5b:5d:90:4e:08:d1:78:12:6d:0e:84:2f:bc:ac:72:c9:
         54:78:85:c6:31:b0:ac:05:35:36:b9:df:7d:0f:92:bd:65:a1:
         58:69:57:d3:cf:d4:e5:d4:bf:c4:ac:5c:54:44:e6:11:11:b8:
         11:34:35:c6:de:9e:dc:09:a5:49:85:43:89:2e:bd:24:1d:d0:
         bb:47:b5:c4:02:5a:be:e4:e3:d1:de:98:0b:af:ca:11:ec:ba:
         c1:93:30:c9
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUSSpupP/kQMZl2o7XOTaeS0DqnFwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMjUwNDFaFw0yNDA5MzAyMjU1NDFaMDMxMTAvBgNV
BAMTKDNENUUwREUxNzFDNjkwNzU1QzIwMTk0N0YyQjUzOTVENEFFQjhGNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkbDQ5fGX9EP+NLkuipPpjakoz
oeBgjJbJMVPophwwpTJeCHVa5qv+NHzO0peuUGyG3CAFuLnOy/tfMUjzfSNxKJQ2
TGzgF0cM0HppeBex6kLX93sdsMgifFLseGSxDZbkaOPF4O7HoM8ZlMjs2kjh3hKM
cYxoPF+xZqjBX21rPHiKoc5vsYAHoTS5Ei2LScqp4JAdhn/dMfDRmAZx9NcaPZF9
sHPDah4wyvYhwhhLFWLJd+TRdYyDpZIUnM9VGZwES5UmKYGxIhds27QqdVlMNrg4
EToIeJW0dw2fqZq1atrNSKYcN88b6uJlpNPyqB3ddbCCAZY7QuJ+KMOt3LIDAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUPV4N4XHGkHVcIBlH8rU5XUrrj1UwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzNzM2MmUzNTM4MmUzODM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEALA6WDANBgkqhkiG9w0BAQsFAAOCAQEAJHaC9Umj
IXDeJ1APjRpAUUb4EbUbDDl4lLbwO0etqfFmdVLv4ZPSjnuSRHHoq6lBF2e1iA3B
42hi2F5bIc+Pxhhil/cDv/FZf2/qkQ1Yy17ME6wKifhYkiKXYKHERkHGA2BfQ8lT
zHH9YtgmqsDOaDJauPSgYL50l/+LpfewiUZmCd91vVm2x7MkzAOXjoEuDOu77ajw
21gBFxgGN/y9rHpXdKRbXZBOCNF4Em0OhC+8rHLJVHiFxjGwrAU1NrnffQ+SvWWh
WGlX08/U5dS/xKxcVETmERG4ETQ1xt6e3AmlSYVDiS69JB3Qu0e1xAJavuTj0d6Y
C6/KEey6wZMwyQ==
-----END CERTIFICATE-----