Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39352e302f32342d3234203d3e203336323336.roa
File:                     3137362e35382e39352e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          6MCxac6M1QngPOwTrkEauh1WiiulUwoL+VQiA1fSa0s=
Subject key identifier:   F5:E0:9C:06:76:63:42:16:70:A2:7F:80:2C:24:9A:4B:79:B5:AD:F8
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       46874E57BDD636488BBA984691E630F008EC42C1
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39352e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 23:13:14 +0000
ROA not before:           Mon 02 Sep 2024 23:08:14 +0000
ROA not after:            Mon 01 Sep 2025 23:13:14 +0000
asID:                     36236
IP address blocks:        176.58.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:87:4e:57:bd:d6:36:48:8b:ba:98:46:91:e6:30:f0:08:ec:42:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 23:08:14 2024 GMT
            Not After : Sep  1 23:13:14 2025 GMT
        Subject: CN=F5E09C067663421670A27F802C249A4B79B5ADF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f9:d6:df:73:f1:fe:fc:91:09:d4:03:8d:91:
                    38:65:8b:b3:e7:d1:ab:2c:bd:be:c1:b9:04:37:07:
                    7c:5c:36:f4:1e:e2:b1:02:6b:0e:e9:c1:fb:c0:0d:
                    81:ec:25:63:f8:5b:e1:dd:ea:aa:e9:9a:59:39:60:
                    12:58:7d:73:f7:7e:af:09:14:47:6b:57:aa:cc:78:
                    90:16:81:2b:dc:4b:2b:d5:62:c9:19:fb:03:3e:0b:
                    82:7a:d9:2c:ea:ce:99:83:36:7a:aa:20:54:21:4e:
                    47:80:c2:0c:8e:98:5e:ec:30:eb:f6:53:f1:c7:34:
                    a1:c0:f6:0d:1c:42:de:f6:8a:21:eb:fd:ee:ea:98:
                    1a:5f:55:03:0b:9e:3c:51:b6:91:e8:c9:8a:e5:0d:
                    a4:26:79:68:f7:40:dc:f6:96:c6:23:c8:7e:7f:ab:
                    09:3b:d0:a9:24:2e:ce:08:7b:a1:06:65:ed:6a:63:
                    23:42:3d:f7:05:3d:d9:95:85:c5:ae:31:a3:b1:09:
                    7c:91:4e:92:b7:4a:0c:94:63:df:88:ac:b5:10:44:
                    84:de:69:0e:32:8d:c0:19:38:2a:6b:63:ce:8b:04:
                    6c:b8:f1:71:92:b1:f0:2f:76:fa:f8:3c:06:5b:9e:
                    83:58:ad:06:34:97:b4:8a:ce:69:96:01:8f:6a:a2:
                    54:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E0:9C:06:76:63:42:16:70:A2:7F:80:2C:24:9A:4B:79:B5:AD:F8
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e39352e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:bf:36:3c:42:c5:53:7b:da:2d:b5:44:3e:87:e1:c6:78:d7:
         83:98:94:9d:a6:2d:7e:88:3a:90:4f:0e:65:11:37:7a:98:54:
         d8:3c:5f:d1:8b:11:40:b7:13:10:37:dc:12:2d:6a:9e:13:63:
         99:ca:79:82:82:44:a0:21:cb:6b:b2:1e:3f:f4:9e:1e:dd:e4:
         a4:cb:68:1e:52:a4:36:7c:d5:41:1b:5a:ad:95:e8:0a:07:9e:
         4b:74:40:49:40:b3:ed:7a:98:a0:76:22:61:09:fa:34:20:ca:
         0a:a5:03:11:8e:83:3a:aa:d0:00:6f:4d:72:93:ab:73:57:96:
         77:cf:7d:06:66:3f:05:9d:cb:78:5b:4f:27:93:c4:2e:97:95:
         86:e6:b0:32:0d:8b:08:94:f1:75:30:ad:69:fc:c7:8a:a8:81:
         c3:4b:c1:2a:4f:d8:91:62:7e:c0:34:82:a3:60:a1:3c:36:a4:
         bf:16:d0:99:63:53:7e:6b:4c:77:d8:68:e6:9d:38:2d:6e:43:
         5d:eb:ef:27:aa:dd:9d:96:25:37:de:b6:e0:cc:da:f2:d6:3b:
         ca:c8:b4:0b:d6:16:63:4a:3e:ee:ec:e3:f7:76:5f:d8:15:e0:
         bc:e9:03:95:04:47:0f:07:f2:6c:a6:f3:fe:65:03:b2:81:3f:
         8a:22:34:ff
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIURodOV73WNkiLuphGkeYw8AjsQsEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMzA4MTRaFw0yNTA5MDEyMzEzMTRaMDMxMTAvBgNV
BAMTKEY1RTA5QzA2NzY2MzQyMTY3MEEyN0Y4MDJDMjQ5QTRCNzlCNUFERjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9+dbfc/H+/JEJ1AONkThli7Pn
0assvb7BuQQ3B3xcNvQe4rECaw7pwfvADYHsJWP4W+Hd6qrpmlk5YBJYfXP3fq8J
FEdrV6rMeJAWgSvcSyvVYskZ+wM+C4J62SzqzpmDNnqqIFQhTkeAwgyOmF7sMOv2
U/HHNKHA9g0cQt72iiHr/e7qmBpfVQMLnjxRtpHoyYrlDaQmeWj3QNz2lsYjyH5/
qwk70KkkLs4Ie6EGZe1qYyNCPfcFPdmVhcWuMaOxCXyRTpK3SgyUY9+IrLUQRITe
aQ4yjcAZOCprY86LBGy48XGSsfAvdvr4PAZbnoNYrQY0l7SKzmmWAY9qolSxAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQU9eCcBnZjQhZwon+ALCSaS3m1rfgwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzNzM2MmUzNTM4MmUzOTM1MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEALA6XzANBgkqhkiG9w0BAQsFAAOCAQEAVb82PELF
U3vaLbVEPofhxnjXg5iUnaYtfog6kE8OZRE3ephU2Dxf0YsRQLcTEDfcEi1qnhNj
mcp5goJEoCHLa7IeP/SeHt3kpMtoHlKkNnzVQRtarZXoCgeeS3RASUCz7XqYoHYi
YQn6NCDKCqUDEY6DOqrQAG9NcpOrc1eWd899BmY/BZ3LeFtPJ5PELpeVhuawMg2L
CJTxdTCtafzHiqiBw0vBKk/YkWJ+wDSCo2ChPDakvxbQmWNTfmtMd9ho5p04LW5D
XevvJ6rdnZYlN9624Mza8tY7ysi0C9YWY0o+7uzj93Zf2BXgvOkDlQRHDwfybKbz
/mUDsoE/iiI0/w==
-----END CERTIFICATE-----