Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39302e302f32342d3234203d3e203336323336.roa
File:                     3137362e35382e39302e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          lzva4fHWmlfmOhn29MowK1kEtCGdepySJuUIIubI7KE=
Subject key identifier:   9B:BD:3C:83:B3:0C:57:E5:25:F5:9A:C7:98:68:9C:A9:57:AB:DD:AF
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       755AE3341168B1068BA3EDA4CB4BC5D4FDB99527
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39302e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 23:13:14 +0000
ROA not before:           Mon 02 Sep 2024 23:08:14 +0000
ROA not after:            Mon 01 Sep 2025 23:13:14 +0000
asID:                     36236
IP address blocks:        176.58.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:5a:e3:34:11:68:b1:06:8b:a3:ed:a4:cb:4b:c5:d4:fd:b9:95:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 23:08:14 2024 GMT
            Not After : Sep  1 23:13:14 2025 GMT
        Subject: CN=9BBD3C83B30C57E525F59AC798689CA957ABDDAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bb:b0:e0:3a:07:26:b7:14:7c:a4:45:c1:ce:
                    0d:14:6f:97:89:59:56:0c:ee:21:72:31:f4:d7:9f:
                    87:62:bd:17:bf:ed:70:6c:56:a8:61:4c:1f:66:31:
                    c4:f0:9e:74:33:11:9b:e9:34:79:ed:a7:27:43:7a:
                    5b:b7:71:bd:9e:cc:78:16:ba:cc:0d:fd:c9:70:0c:
                    20:87:a3:67:99:8d:92:53:59:b6:e6:03:49:b5:81:
                    92:01:b4:fa:09:ae:a1:90:fd:ff:f2:46:23:2f:46:
                    3a:a1:fa:32:18:b7:ec:9f:5f:81:5d:41:4a:11:27:
                    30:0c:7c:0d:ef:35:d6:db:3a:6d:3f:c5:00:ad:69:
                    2d:9d:9d:f9:8b:1e:d8:8f:cf:99:8a:cf:1d:6d:d9:
                    14:73:11:0b:fd:1a:d6:fb:1f:1f:bf:09:8c:68:aa:
                    06:99:1d:af:96:43:d7:bc:6d:8d:38:df:d0:4a:a7:
                    55:fc:db:0e:a2:2c:20:a9:6d:5a:91:a3:eb:87:d3:
                    aa:37:ce:54:82:66:ce:cc:39:01:2f:c3:c8:4f:6d:
                    7c:88:26:43:d2:f6:92:a9:aa:f3:04:9c:a3:e4:37:
                    c1:ec:51:ef:56:d6:2a:7b:c5:72:b9:9b:f6:60:56:
                    cd:e8:96:27:3b:35:46:ea:68:37:26:1e:d8:cb:e5:
                    d0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:BD:3C:83:B3:0C:57:E5:25:F5:9A:C7:98:68:9C:A9:57:AB:DD:AF
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39302e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:aa:a6:da:16:a0:bd:46:40:8f:b1:c2:c9:69:4e:30:ea:48:
         70:7c:f0:25:5d:b3:7e:52:77:0f:02:e3:50:1c:f9:67:78:46:
         82:a1:3f:37:d6:e6:39:1c:9a:b6:c8:a2:2f:ca:49:df:23:20:
         5d:ca:56:d4:6f:f9:ec:08:ec:73:49:75:34:38:b7:81:11:f8:
         26:f3:a0:0e:07:0d:8d:12:27:5c:81:0f:41:de:e7:e1:71:d4:
         9d:25:97:8f:75:85:2a:05:24:81:cb:b6:fa:75:c3:67:d2:55:
         43:15:fc:08:98:5c:2f:f7:4a:46:07:03:00:b6:91:05:af:46:
         63:e1:08:2a:ed:70:71:36:c7:75:7f:7b:e6:3a:86:30:a7:58:
         bf:5d:34:de:b6:46:20:75:e9:a3:97:4c:18:d5:e3:e5:97:9d:
         65:2b:d7:c1:3f:b2:18:11:7f:3d:9e:33:f8:db:79:82:fa:b5:
         cc:b1:24:c1:84:6e:ee:22:bd:94:26:55:98:09:30:91:b1:5a:
         0b:b2:d5:7f:45:b7:40:be:1c:e9:81:4e:b6:6d:b2:88:eb:79:
         0a:70:b1:e9:43:31:8d:3f:e7:82:62:ae:b0:9a:26:76:0c:e8:
         f1:11:dc:5b:43:00:b0:af:28:bb:53:87:cf:c7:87:8e:d1:58:
         e4:b6:de:67
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUdVrjNBFosQaLo+2ky0vF1P25lScwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMzA4MTRaFw0yNTA5MDEyMzEzMTRaMDMxMTAvBgNV
BAMTKDlCQkQzQzgzQjMwQzU3RTUyNUY1OUFDNzk4Njg5Q0E5NTdBQkREQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZu7DgOgcmtxR8pEXBzg0Ub5eJ
WVYM7iFyMfTXn4divRe/7XBsVqhhTB9mMcTwnnQzEZvpNHntpydDelu3cb2ezHgW
uswN/clwDCCHo2eZjZJTWbbmA0m1gZIBtPoJrqGQ/f/yRiMvRjqh+jIYt+yfX4Fd
QUoRJzAMfA3vNdbbOm0/xQCtaS2dnfmLHtiPz5mKzx1t2RRzEQv9Gtb7Hx+/CYxo
qgaZHa+WQ9e8bY0439BKp1X82w6iLCCpbVqRo+uH06o3zlSCZs7MOQEvw8hPbXyI
JkPS9pKpqvMEnKPkN8HsUe9W1ip7xXK5m/ZgVs3olic7NUbqaDcmHtjL5dB3AgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUm708g7MMV+Ul9ZrHmGicqVer3a8wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzNzM2MmUzNTM4MmUzOTMwMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEALA6WjANBgkqhkiG9w0BAQsFAAOCAQEAp6qm2hag
vUZAj7HCyWlOMOpIcHzwJV2zflJ3DwLjUBz5Z3hGgqE/N9bmORyatsiiL8pJ3yMg
XcpW1G/57Ajsc0l1NDi3gRH4JvOgDgcNjRInXIEPQd7n4XHUnSWXj3WFKgUkgcu2
+nXDZ9JVQxX8CJhcL/dKRgcDALaRBa9GY+EIKu1wcTbHdX975jqGMKdYv1003rZG
IHXpo5dMGNXj5ZedZSvXwT+yGBF/PZ4z+Nt5gvq1zLEkwYRu7iK9lCZVmAkwkbFa
C7LVf0W3QL4c6YFOtm2yiOt5CnCx6UMxjT/ngmKusJomdgzo8RHcW0MAsK8ou1OH
z8eHjtFY5LbeZw==
-----END CERTIFICATE-----