Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39332e302f32342d3234203d3e203336323336.roa
File:                     3137362e35382e39332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          DkZtwAQQKNp/0at1zha0PsqfhCyx8behPJKM4RAs2pY=
Subject key identifier:   89:2A:A3:EC:15:7B:CE:2A:53:7F:0D:8D:36:37:F0:41:FF:AA:C1:E2
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       4F5493B9C94DD60053C4142927B4F378D0480567
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39332e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 23:13:14 +0000
ROA not before:           Mon 02 Sep 2024 23:08:14 +0000
ROA not after:            Mon 01 Sep 2025 23:13:14 +0000
asID:                     36236
IP address blocks:        176.58.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:54:93:b9:c9:4d:d6:00:53:c4:14:29:27:b4:f3:78:d0:48:05:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 23:08:14 2024 GMT
            Not After : Sep  1 23:13:14 2025 GMT
        Subject: CN=892AA3EC157BCE2A537F0D8D3637F041FFAAC1E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6c:eb:b2:b5:b7:2e:a6:b8:5a:5d:ac:fc:82:
                    b9:ea:55:9b:6a:eb:74:9c:3d:29:86:5b:2d:a9:74:
                    74:ba:df:12:bd:2b:51:6c:f9:24:45:5c:30:72:ae:
                    2c:cd:63:8e:51:35:12:b8:56:5b:b2:46:28:54:ab:
                    b4:d1:c5:1a:33:f9:ff:b5:5b:84:a3:4d:49:1b:7a:
                    9b:b9:cd:f6:b5:97:89:a8:0e:04:ed:4b:e6:6f:2b:
                    d8:c9:8b:74:97:c1:ab:f6:c4:95:66:ca:87:c0:22:
                    0c:84:e3:bd:ee:bd:21:42:51:bb:dc:93:57:5c:3f:
                    9d:c5:2e:e7:55:e2:62:b1:ff:74:f8:44:4c:a7:a2:
                    7e:5e:15:c9:6a:06:91:e7:bd:91:84:53:81:f5:9f:
                    91:b6:0f:df:ab:e6:05:0c:c9:cb:8b:fa:28:f7:67:
                    b0:f6:88:b5:36:74:4b:fc:cd:69:1d:21:ab:df:5d:
                    40:4e:32:29:fa:74:a7:41:e4:e3:eb:e8:54:39:ed:
                    d7:1e:e8:95:46:5b:9c:b7:b3:e7:c8:2c:9d:ac:32:
                    08:36:39:30:75:52:29:b8:43:c1:7f:e7:4f:58:8a:
                    a9:5a:76:51:60:b4:d4:f6:fc:05:5b:b9:e4:a2:42:
                    02:16:da:c8:ce:0e:cb:7a:52:dc:5a:73:1f:ea:a8:
                    76:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2A:A3:EC:15:7B:CE:2A:53:7F:0D:8D:36:37:F0:41:FF:AA:C1:E2
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:a5:a4:f3:af:45:7c:3e:db:5f:69:a5:37:18:ed:67:86:2b:
         74:1d:39:af:f5:d8:54:89:fe:67:84:bb:f1:09:6c:2f:cf:65:
         b5:ca:c7:47:70:fe:53:1b:4b:00:dd:5b:b5:13:06:9f:a5:f9:
         6e:0a:a7:a0:74:a3:8a:89:1f:d9:79:72:cb:4c:ea:91:d0:95:
         b1:b9:5a:b4:ef:0e:4e:2b:2e:1f:b1:00:da:1d:4d:2d:b0:8b:
         8b:2c:7c:75:cf:9a:96:4f:a9:84:b0:3a:c3:a3:c8:63:b1:93:
         43:de:37:4b:8e:e8:2e:9e:0c:35:71:96:29:54:13:bd:b8:bd:
         05:8a:da:61:a9:0c:57:43:07:20:94:61:d7:0c:64:f9:e6:2d:
         b5:a5:78:d8:fc:6a:0b:40:6f:57:00:4f:d7:03:f7:59:72:2b:
         b0:f3:b5:f0:f5:f4:9d:f7:eb:ed:d9:66:18:6c:a4:83:7b:c5:
         b7:fd:93:3d:34:c5:18:6a:e5:0a:75:8d:af:d5:d2:0f:ed:68:
         b2:9c:61:f9:d8:d0:c0:82:70:05:d1:34:ff:4d:c7:53:16:a3:
         ce:f0:b7:d5:95:4a:a4:aa:02:65:26:a5:8d:61:a1:b4:15:ed:
         97:08:d8:93:c0:41:47:7a:60:e7:42:50:62:35:92:63:f9:9c:
         67:cb:b3:2e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUT1STuclN1gBTxBQpJ7TzeNBIBWcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMzA4MTRaFw0yNTA5MDEyMzEzMTRaMDMxMTAvBgNV
BAMTKDg5MkFBM0VDMTU3QkNFMkE1MzdGMEQ4RDM2MzdGMDQxRkZBQUMxRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCobOuytbcuprhaXaz8grnqVZtq
63ScPSmGWy2pdHS63xK9K1Fs+SRFXDByrizNY45RNRK4VluyRihUq7TRxRoz+f+1
W4SjTUkbepu5zfa1l4moDgTtS+ZvK9jJi3SXwav2xJVmyofAIgyE473uvSFCUbvc
k1dcP53FLudV4mKx/3T4REynon5eFclqBpHnvZGEU4H1n5G2D9+r5gUMycuL+ij3
Z7D2iLU2dEv8zWkdIavfXUBOMin6dKdB5OPr6FQ57dce6JVGW5y3s+fILJ2sMgg2
OTB1Uim4Q8F/509YiqladlFgtNT2/AVbueSiQgIW2sjODst6Utxacx/qqHbtAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUiSqj7BV7zipTfw2NNjfwQf+qweIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzNzM2MmUzNTM4MmUzOTMzMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEALA6XTANBgkqhkiG9w0BAQsFAAOCAQEAqaWk869F
fD7bX2mlNxjtZ4YrdB05r/XYVIn+Z4S78QlsL89ltcrHR3D+UxtLAN1btRMGn6X5
bgqnoHSjiokf2Xlyy0zqkdCVsblatO8OTisuH7EA2h1NLbCLiyx8dc+alk+phLA6
w6PIY7GTQ943S47oLp4MNXGWKVQTvbi9BYraYakMV0MHIJRh1wxk+eYttaV42Pxq
C0BvVwBP1wP3WXIrsPO18PX0nffr7dlmGGykg3vFt/2TPTTFGGrlCnWNr9XSD+1o
spxh+djQwIJwBdE0/03HUxajzvC31ZVKpKoCZSaljWGhtBXtlwjYk8BBR3pg50JQ
YjWSY/mcZ8uzLg==
-----END CERTIFICATE-----