Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa
File:                     3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          5DSCpMfMo9F4Axn5T+fAUvTWP7ptK9Fu2VEUDXgVft8=
Subject key identifier:   90:B4:D4:F6:91:3D:87:37:73:15:12:56:F5:24:66:B1:37:32:30:6B
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       0AE24FEB44301BD4EFD712529CDE8E0661529495
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 21 Sep 2023 19:51:07 +0000
ROA not before:           Thu 21 Sep 2023 19:46:07 +0000
ROA not after:            Thu 19 Sep 2024 19:51:07 +0000
asID:                     36236
IP address blocks:        185.178.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:e2:4f:eb:44:30:1b:d4:ef:d7:12:52:9c:de:8e:06:61:52:94:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep 21 19:46:07 2023 GMT
            Not After : Sep 19 19:51:07 2024 GMT
        Subject: CN=90B4D4F6913D873773151256F52466B13732306B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:86:e2:4a:77:97:8c:67:39:2c:ac:84:17:34:
                    30:db:e1:1e:d7:29:e4:4b:e4:f4:17:f3:be:64:43:
                    55:06:c3:ae:2b:3c:50:e0:17:a0:63:fa:25:62:77:
                    b0:ba:65:76:2f:4f:eb:cc:8c:4b:09:df:8b:9e:09:
                    d4:92:8a:1a:ed:c6:b4:4f:8b:85:23:89:aa:3e:20:
                    8e:5e:e1:9d:44:14:11:7b:3b:f2:a2:63:f9:ab:d3:
                    99:f9:d7:d8:14:f3:54:30:85:1f:43:8e:85:04:67:
                    a1:a1:a3:91:a5:fc:f7:aa:60:c0:0d:a4:77:0a:cf:
                    5b:c5:29:94:1e:80:2b:d7:4a:43:0b:70:23:a8:bf:
                    c0:21:1f:4d:de:9c:10:7d:63:16:7b:65:1d:17:6a:
                    c8:ad:ff:4d:c3:ca:e1:64:d9:2d:cd:05:3f:f8:28:
                    78:53:5d:3f:5f:87:72:76:c3:20:1a:e9:fe:c6:2f:
                    5c:a8:de:6b:ba:72:82:d8:73:fc:38:ec:df:90:ee:
                    1a:66:52:b7:8f:e6:fd:97:da:9b:80:58:a9:eb:82:
                    45:80:6b:a3:28:45:42:13:36:f0:a6:10:ed:8e:96:
                    cf:30:67:db:3d:68:93:f9:b8:fb:98:54:5f:37:03:
                    d3:eb:8e:05:3d:d6:5e:66:88:dd:c7:eb:c1:6f:e9:
                    61:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B4:D4:F6:91:3D:87:37:73:15:12:56:F5:24:66:B1:37:32:30:6B
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:36:b1:85:50:99:e0:1c:91:3c:dd:92:e3:cb:33:c9:c9:a5:
         5e:e0:a8:84:26:e1:ef:1b:43:e4:16:02:40:55:40:48:df:5a:
         e3:12:2b:73:95:2b:49:69:c2:00:75:14:7e:62:eb:ce:ba:2f:
         74:56:56:2f:2b:98:63:55:dd:66:a9:e3:f2:69:c8:a7:c3:1e:
         5c:a6:65:3c:ae:f4:f1:c6:85:39:73:f3:a5:3f:d9:53:9f:07:
         85:31:2b:d6:6f:ae:a5:8d:32:40:40:73:2b:d2:44:18:73:20:
         e7:78:3b:6c:de:3e:59:76:8f:57:16:f3:cf:a0:22:64:95:7d:
         9f:5f:95:27:db:04:89:24:3f:44:a0:74:87:81:0f:9c:a3:96:
         1f:7d:31:7e:0c:8f:dc:10:07:c2:bd:74:d8:7b:b4:35:1a:75:
         e8:bb:bf:cf:23:de:e6:3a:58:37:54:fa:dc:7a:d1:54:13:35:
         eb:4b:63:97:dd:5c:e9:65:6e:5a:06:80:38:80:c9:8d:2f:82:
         5a:34:37:1c:cc:32:1c:25:f0:fe:79:b2:20:8f:13:3e:4d:5c:
         9d:dc:af:3c:91:4d:a5:b9:47:08:fc:f1:50:49:a8:15:dd:ee:
         ea:63:26:b8:4a:55:76:ce:7c:af:15:af:4a:b9:be:06:8d:f7:
         5a:d8:a3:49
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUCuJP60QwG9Tv1xJSnN6OBmFSlJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzA5MjExOTQ2MDdaFw0yNDA5MTkxOTUxMDdaMDMxMTAvBgNV
BAMTKDkwQjRENEY2OTEzRDg3Mzc3MzE1MTI1NkY1MjQ2NkIxMzczMjMwNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLhuJKd5eMZzksrIQXNDDb4R7X
KeRL5PQX875kQ1UGw64rPFDgF6Bj+iVid7C6ZXYvT+vMjEsJ34ueCdSSihrtxrRP
i4Ujiao+II5e4Z1EFBF7O/KiY/mr05n519gU81QwhR9DjoUEZ6Gho5Gl/PeqYMAN
pHcKz1vFKZQegCvXSkMLcCOov8AhH03enBB9YxZ7ZR0Xasit/03DyuFk2S3NBT/4
KHhTXT9fh3J2wyAa6f7GL1yo3mu6coLYc/w47N+Q7hpmUreP5v2X2puAWKnrgkWA
a6MoRUITNvCmEO2Ols8wZ9s9aJP5uPuYVF83A9PrjgU91l5miN3H68Fv6WEJAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUkLTU9pE9hzdzFRJW9SRmsTcyMGswHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzMTM3MzgyZTMyMzAzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ssgwDQYJKoZIhvcNAQELBQADggEBAJ02
sYVQmeAckTzdkuPLM8nJpV7gqIQm4e8bQ+QWAkBVQEjfWuMSK3OVK0lpwgB1FH5i
6866L3RWVi8rmGNV3Wap4/JpyKfDHlymZTyu9PHGhTlz86U/2VOfB4UxK9ZvrqWN
MkBAcyvSRBhzIOd4O2zePll2j1cW88+gImSVfZ9flSfbBIkkP0SgdIeBD5yjlh99
MX4Mj9wQB8K9dNh7tDUadei7v88j3uY6WDdU+tx60VQTNetLY5fdXOllbloGgDiA
yY0vglo0NxzMMhwl8P55siCPEz5NXJ3crzyRTaW5Rwj88VBJqBXd7upjJrhKVXbO
fK8Vr0q5vgaN91rYo0k=
-----END CERTIFICATE-----