Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa
File:                     3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          EHqUCGignxrGFAT8JueQYW3MjNFVMt4sRvt8uet3exs=
Subject key identifier:   62:B5:B5:72:11:A5:95:EE:97:49:44:B8:59:5D:89:B4:08:EA:1D:2A
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       575F6D838198F1C55F018DFE8484366BD18E5E81
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 22 Aug 2024 20:13:04 +0000
ROA not before:           Thu 22 Aug 2024 20:08:04 +0000
ROA not after:            Thu 21 Aug 2025 20:13:04 +0000
asID:                     36236
IP address blocks:        185.178.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:5f:6d:83:81:98:f1:c5:5f:01:8d:fe:84:84:36:6b:d1:8e:5e:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug 22 20:08:04 2024 GMT
            Not After : Aug 21 20:13:04 2025 GMT
        Subject: CN=62B5B57211A595EE974944B8595D89B408EA1D2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4b:3c:dc:dd:e7:3f:1e:d6:f2:7b:c1:16:83:
                    56:35:ac:91:39:c4:05:ed:6c:86:be:11:3f:6d:37:
                    1a:92:f7:77:5c:bf:a0:7d:58:8e:1f:8a:62:e0:ea:
                    02:7e:60:fa:95:33:56:0d:22:8c:db:ee:88:20:65:
                    27:f1:41:f3:b3:22:95:9a:96:31:10:50:21:71:93:
                    cf:b6:7f:18:4b:63:2b:4b:92:22:30:fb:2e:70:5b:
                    37:73:f2:c1:4c:58:80:6e:74:1d:34:69:47:7b:fc:
                    d9:2d:cc:fb:e0:10:ae:bd:36:7a:74:20:35:c3:25:
                    2d:fa:1e:35:4d:4b:0e:86:11:0a:4d:74:04:d9:4a:
                    64:9b:99:ba:91:0b:b2:31:ce:68:b1:aa:81:bf:01:
                    53:01:ee:4d:b2:a9:4c:43:1a:fb:c5:49:a4:e0:54:
                    f6:81:63:82:ce:bb:3c:5c:95:82:b0:86:05:4a:09:
                    da:29:18:24:6a:de:21:cb:bf:50:df:51:59:26:1c:
                    b3:01:b6:56:23:28:76:1c:e6:ad:49:c7:60:07:71:
                    ee:34:7a:a4:d0:d6:fe:bb:3a:6c:94:b7:f4:43:4a:
                    31:a4:50:bd:26:22:58:29:39:e9:7d:da:2f:39:71:
                    b8:91:3b:28:7b:20:7f:34:4d:e9:42:72:29:fc:41:
                    2d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B5:B5:72:11:A5:95:EE:97:49:44:B8:59:5D:89:B4:08:EA:1D:2A
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230302e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:72:5d:54:75:94:5d:2d:cf:5a:c7:1d:35:9f:59:b0:69:ff:
         57:ab:88:5b:4f:85:d5:a0:f4:fb:86:1c:4b:ed:76:55:32:e9:
         33:62:bf:9f:d2:6c:42:ab:f6:bd:2c:1f:67:13:8f:38:62:bf:
         a3:b0:a3:68:ff:62:a8:be:b7:7d:c7:24:b0:89:ef:51:b2:58:
         29:1d:36:e6:81:83:05:be:d6:d5:99:df:57:09:af:cf:aa:27:
         5d:a8:3f:9e:df:44:9d:63:89:01:65:3d:b1:82:4d:04:44:e6:
         12:b1:58:3b:53:23:aa:ce:0a:6e:08:62:09:fe:a4:62:fd:2e:
         83:33:a3:7f:d2:78:2c:a3:70:18:56:a3:50:67:2c:54:8e:ef:
         b2:6a:49:93:40:e6:d4:c7:54:1e:03:0d:67:6f:41:96:8d:4b:
         74:bb:38:30:f7:51:87:5f:c8:8a:e9:80:62:e8:20:b1:e5:58:
         a5:a8:a5:a0:3f:a5:97:ae:34:29:71:a2:7e:8a:88:81:b4:10:
         b4:b7:7a:63:c4:79:af:21:97:8d:61:e3:22:c0:4d:8b:81:bd:
         ef:63:d3:79:d0:97:1e:06:bc:43:cd:58:1a:3c:f0:7e:4e:f1:
         ba:1d:04:b4:fe:4b:50:1f:44:77:9e:5e:e0:42:4c:5d:26:b7:
         17:81:ed:85
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUV19tg4GY8cVfAY3+hIQ2a9GOXoEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA4MjIyMDA4MDRaFw0yNTA4MjEyMDEzMDRaMDMxMTAvBgNV
BAMTKDYyQjVCNTcyMTFBNTk1RUU5NzQ5NDRCODU5NUQ4OUI0MDhFQTFEMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSzzc3ec/Htbye8EWg1Y1rJE5
xAXtbIa+ET9tNxqS93dcv6B9WI4fimLg6gJ+YPqVM1YNIozb7oggZSfxQfOzIpWa
ljEQUCFxk8+2fxhLYytLkiIw+y5wWzdz8sFMWIBudB00aUd7/NktzPvgEK69Nnp0
IDXDJS36HjVNSw6GEQpNdATZSmSbmbqRC7IxzmixqoG/AVMB7k2yqUxDGvvFSaTg
VPaBY4LOuzxclYKwhgVKCdopGCRq3iHLv1DfUVkmHLMBtlYjKHYc5q1Jx2AHce40
eqTQ1v67OmyUt/RDSjGkUL0mIlgpOel92i85cbiROyh7IH80TelCcin8QS05AgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUYrW1chGlle6XSUS4WV2JtAjqHSowHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzMTM3MzgyZTMyMzAzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ssgwDQYJKoZIhvcNAQELBQADggEBAAFy
XVR1lF0tz1rHHTWfWbBp/1eriFtPhdWg9PuGHEvtdlUy6TNiv5/SbEKr9r0sH2cT
jzhiv6Owo2j/Yqi+t33HJLCJ71GyWCkdNuaBgwW+1tWZ31cJr8+qJ12oP57fRJ1j
iQFlPbGCTQRE5hKxWDtTI6rOCm4IYgn+pGL9LoMzo3/SeCyjcBhWo1BnLFSO77Jq
SZNA5tTHVB4DDWdvQZaNS3S7ODD3UYdfyIrpgGLoILHlWKWopaA/pZeuNClxon6K
iIG0ELS3emPEea8hl41h4yLATYuBve9j03nQlx4GvEPNWBo88H5O8bodBLT+S1Af
RHeeXuBCTF0mtxeB7YU=
-----END CERTIFICATE-----