Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa
File:                     3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          ucpyauUpV6HistZkh4NeYJ68jq6TEB1OJURZ7bcgKpg=
Subject key identifier:   C0:88:AC:2E:AA:55:26:34:9B:70:96:D7:19:BC:7B:B9:29:C8:AF:A2
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       66ACD64926B6D6D8030407846E1532CAE4B3DB35
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 21 Sep 2023 19:51:07 +0000
ROA not before:           Thu 21 Sep 2023 19:46:07 +0000
ROA not after:            Thu 19 Sep 2024 19:51:07 +0000
asID:                     36236
IP address blocks:        185.178.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ac:d6:49:26:b6:d6:d8:03:04:07:84:6e:15:32:ca:e4:b3:db:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep 21 19:46:07 2023 GMT
            Not After : Sep 19 19:51:07 2024 GMT
        Subject: CN=C088AC2EAA5526349B7096D719BC7BB929C8AFA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e8:c9:b9:6d:8b:42:82:04:11:76:bc:67:f7:
                    2a:2e:ed:44:51:9a:ce:45:e0:fd:4c:a8:43:a6:7a:
                    e9:33:c9:6b:d1:44:c1:15:12:c4:e5:2a:66:c1:d2:
                    d1:23:12:61:13:48:e9:19:c4:9e:7c:96:8b:d1:9c:
                    3b:b8:2c:f3:8f:67:65:5b:b7:e2:9f:af:ea:76:58:
                    c3:12:3b:a1:53:ff:bf:f5:08:9f:d2:2c:01:20:a4:
                    4c:db:0a:49:ec:9d:2d:52:83:a0:ab:28:71:b2:82:
                    c4:2b:da:5b:7d:ea:88:76:a7:9d:8b:4d:f1:fb:a9:
                    ee:1d:dd:e8:43:c7:04:ba:2e:87:cc:8e:29:36:2a:
                    82:b1:d0:31:e7:b0:1c:01:22:f7:93:1c:50:18:9b:
                    5f:8e:13:86:15:36:15:23:0f:61:c7:da:dc:97:e8:
                    5b:68:c5:8e:21:55:82:cc:d7:50:62:51:11:eb:86:
                    72:94:da:85:05:07:e0:07:56:c7:c9:f8:f1:a4:b8:
                    f6:3d:7e:24:cd:cf:fe:58:a9:01:88:fa:a3:4c:2f:
                    e6:bc:1e:fa:55:87:09:8c:a9:b2:3b:c8:0c:f4:4c:
                    5a:99:81:29:29:36:b2:e1:84:16:2a:25:56:84:67:
                    ba:bc:5d:ac:bc:33:56:35:19:eb:e6:9b:62:a7:fc:
                    aa:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:88:AC:2E:AA:55:26:34:9B:70:96:D7:19:BC:7B:B9:29:C8:AF:A2
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:9f:41:c0:0b:49:e2:80:de:ce:3f:94:6b:2f:05:b1:cb:16:
         49:b5:6a:36:ec:f9:01:17:d8:34:cf:9d:e6:bd:0c:ad:97:df:
         71:eb:7b:01:8d:cf:fe:f6:c9:93:1a:33:d2:61:94:b7:92:13:
         ad:be:d6:b5:76:3f:e0:96:47:2a:9a:58:0b:f9:ad:56:35:e8:
         63:1b:00:8e:15:6e:bd:61:b5:ac:9e:f4:b5:d1:45:de:da:6d:
         de:e9:18:4c:71:d3:39:a2:30:c8:72:35:13:77:ea:74:ff:72:
         3e:d6:5f:d3:23:be:e7:bf:18:18:fd:e6:79:0d:27:b8:52:19:
         3f:62:14:45:89:2c:f9:1b:1a:74:be:f3:49:5b:df:35:32:d5:
         37:0f:57:1d:11:1e:ad:ff:1a:9f:4e:cc:29:22:77:0e:ee:92:
         9e:33:90:3c:a8:12:e0:b6:ba:e4:60:54:45:ca:d6:c1:40:e0:
         07:7d:21:54:fc:99:fb:88:0d:1a:98:b1:02:31:76:ef:6a:20:
         fa:f2:a4:5a:84:95:90:12:d2:3d:90:e4:88:40:1f:f7:a6:25:
         ab:99:ba:28:24:4a:79:76:a6:62:7e:bd:54:83:c0:a3:08:d7:
         84:1d:52:64:37:87:5b:95:99:d9:5a:25:47:6e:4a:68:7a:dd:
         cc:71:64:b3
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUZqzWSSa21tgDBAeEbhUyyuSz2zUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzA5MjExOTQ2MDdaFw0yNDA5MTkxOTUxMDdaMDMxMTAvBgNV
BAMTKEMwODhBQzJFQUE1NTI2MzQ5QjcwOTZENzE5QkM3QkI5MjlDOEFGQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn6Mm5bYtCggQRdrxn9you7URR
ms5F4P1MqEOmeukzyWvRRMEVEsTlKmbB0tEjEmETSOkZxJ58lovRnDu4LPOPZ2Vb
t+Kfr+p2WMMSO6FT/7/1CJ/SLAEgpEzbCknsnS1Sg6CrKHGygsQr2lt96oh2p52L
TfH7qe4d3ehDxwS6LofMjik2KoKx0DHnsBwBIveTHFAYm1+OE4YVNhUjD2HH2tyX
6FtoxY4hVYLM11BiURHrhnKU2oUFB+AHVsfJ+PGkuPY9fiTNz/5YqQGI+qNML+a8
HvpVhwmMqbI7yAz0TFqZgSkpNrLhhBYqJVaEZ7q8Xay8M1Y1Gevmm2Kn/KqnAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUwIisLqpVJjSbcJbXGbx7uSnIr6IwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzMTM3MzgyZTMyMzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ssowDQYJKoZIhvcNAQELBQADggEBAFif
QcALSeKA3s4/lGsvBbHLFkm1ajbs+QEX2DTPnea9DK2X33HrewGNz/72yZMaM9Jh
lLeSE62+1rV2P+CWRyqaWAv5rVY16GMbAI4Vbr1htaye9LXRRd7abd7pGExx0zmi
MMhyNRN36nT/cj7WX9Mjvue/GBj95nkNJ7hSGT9iFEWJLPkbGnS+80lb3zUy1TcP
Vx0RHq3/Gp9OzCkidw7ukp4zkDyoEuC2uuRgVEXK1sFA4Ad9IVT8mfuIDRqYsQIx
du9qIPrypFqElZAS0j2Q5IhAH/emJauZuigkSnl2pmJ+vVSDwKMI14QdUmQ3h1uV
mdlaJUduSmh63cxxZLM=
-----END CERTIFICATE-----