Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa
File:                     3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          2fnL+hl/4LqCSvvKFvsq09ZC4Dk52hw0tGKJIoBOYjY=
Subject key identifier:   7B:61:BF:E5:B4:B6:A0:7B:A5:19:FD:C5:94:27:7F:EB:EC:FB:CD:32
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       603DFAEB27FEBFEF94C7DE4F38A3A9A04A7F4C49
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 22 Aug 2024 20:13:04 +0000
ROA not before:           Thu 22 Aug 2024 20:08:04 +0000
ROA not after:            Thu 21 Aug 2025 20:13:04 +0000
asID:                     36236
IP address blocks:        185.178.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:3d:fa:eb:27:fe:bf:ef:94:c7:de:4f:38:a3:a9:a0:4a:7f:4c:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug 22 20:08:04 2024 GMT
            Not After : Aug 21 20:13:04 2025 GMT
        Subject: CN=7B61BFE5B4B6A07BA519FDC594277FEBECFBCD32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:80:d8:4e:6f:0f:50:49:b9:77:95:e1:45:c0:
                    84:fb:dd:f3:b4:00:e7:59:be:9d:4a:fe:86:ac:17:
                    ff:f8:4d:4d:75:8c:35:ee:9c:79:84:e4:bf:4b:48:
                    22:a8:99:c0:5b:d9:52:1c:d8:b7:1d:61:d6:79:6f:
                    12:ae:44:76:ae:26:94:85:a0:12:22:f4:6b:b4:9e:
                    47:b6:dc:ae:cc:4c:3a:bd:a6:2b:2a:54:69:a6:d2:
                    e9:7b:86:d2:64:79:1c:a2:86:4b:96:4f:4f:27:b0:
                    35:1b:a7:7a:36:77:f7:c0:8b:39:b6:de:21:95:b9:
                    05:61:83:99:85:0a:dd:86:48:e6:10:97:46:f4:3c:
                    83:81:26:7f:dc:a3:93:5e:91:76:72:17:bd:ca:11:
                    31:79:3f:09:79:32:3e:6b:58:4b:c0:51:7d:5f:a5:
                    83:97:f0:0f:00:5d:8c:18:6e:87:6b:8c:a4:05:9f:
                    29:34:5b:bd:08:74:68:c1:16:4c:43:73:73:75:a5:
                    14:44:73:61:c2:df:0e:c3:a4:78:cf:57:85:c3:de:
                    ac:ca:b4:a8:38:fb:fe:ce:e5:0b:90:0b:7e:48:50:
                    54:0f:f1:62:d8:6b:1b:52:b2:d9:cc:4d:b1:e5:be:
                    6b:28:02:ae:ff:c4:a8:b4:01:dc:1d:9e:02:87:07:
                    97:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:61:BF:E5:B4:B6:A0:7B:A5:19:FD:C5:94:27:7F:EB:EC:FB:CD:32
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230322e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:a5:97:7d:df:58:3e:f3:8b:07:0a:57:47:b2:26:83:fb:98:
         11:c0:fd:e5:b1:93:71:c2:a8:dd:e6:3e:f6:8d:34:f9:6c:1b:
         db:7b:02:a3:13:b1:6a:73:c4:52:5b:66:72:ad:2d:d2:1b:5b:
         a1:39:26:83:8a:91:b4:7a:5e:31:2a:2e:eb:73:0f:9e:ab:8a:
         51:9f:c1:97:09:72:82:ab:b6:ce:de:09:af:29:7b:8c:9f:9b:
         4e:27:3a:76:50:8d:a5:52:c9:3f:ac:c1:53:4e:fa:5c:af:78:
         74:d4:b9:3b:39:a1:59:29:ea:06:5d:92:3e:91:ee:df:85:20:
         0c:37:42:6b:8e:b7:17:1e:fc:fd:00:03:fa:5e:fa:23:ea:f6:
         0c:32:f5:4a:23:c2:f7:6c:f4:88:fa:53:2b:c0:6f:c7:df:c2:
         58:ae:96:c3:fd:80:85:8c:cd:27:10:31:0a:ca:98:5a:b4:07:
         3c:de:9f:49:00:b9:7d:cf:be:50:e7:b8:fd:5c:3a:55:da:4b:
         f8:b1:0e:42:98:e9:4d:55:46:65:6a:f6:29:ef:5b:66:73:e9:
         6d:c4:a7:09:54:aa:1f:10:32:c2:5e:f2:13:f6:94:b5:7f:58:
         52:57:91:6e:99:ba:26:d1:aa:08:3b:f3:40:f3:a6:63:e3:40:
         6e:a1:d7:8d
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUYD366yf+v++Ux95POKOpoEp/TEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA4MjIyMDA4MDRaFw0yNTA4MjEyMDEzMDRaMDMxMTAvBgNV
BAMTKDdCNjFCRkU1QjRCNkEwN0JBNTE5RkRDNTk0Mjc3RkVCRUNGQkNEMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZgNhObw9QSbl3leFFwIT73fO0
AOdZvp1K/oasF//4TU11jDXunHmE5L9LSCKomcBb2VIc2LcdYdZ5bxKuRHauJpSF
oBIi9Gu0nke23K7MTDq9pisqVGmm0ul7htJkeRyihkuWT08nsDUbp3o2d/fAizm2
3iGVuQVhg5mFCt2GSOYQl0b0PIOBJn/co5NekXZyF73KETF5Pwl5Mj5rWEvAUX1f
pYOX8A8AXYwYbodrjKQFnyk0W70IdGjBFkxDc3N1pRREc2HC3w7DpHjPV4XD3qzK
tKg4+/7O5QuQC35IUFQP8WLYaxtSstnMTbHlvmsoAq7/xKi0AdwdngKHB5fXAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUe2G/5bS2oHulGf3FlCd/6+z7zTIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzMTM3MzgyZTMyMzAzMjJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ssowDQYJKoZIhvcNAQELBQADggEBAEql
l33fWD7ziwcKV0eyJoP7mBHA/eWxk3HCqN3mPvaNNPlsG9t7AqMTsWpzxFJbZnKt
LdIbW6E5JoOKkbR6XjEqLutzD56rilGfwZcJcoKrts7eCa8pe4yfm04nOnZQjaVS
yT+swVNO+lyveHTUuTs5oVkp6gZdkj6R7t+FIAw3QmuOtxce/P0AA/pe+iPq9gwy
9Uojwvds9Ij6UyvAb8ffwliulsP9gIWMzScQMQrKmFq0Bzzen0kAuX3PvlDnuP1c
OlXaS/ixDkKY6U1VRmVq9invW2Zz6W3EpwlUqh8QMsJe8hP2lLV/WFJXkW6ZuibR
qgg780DzpmPjQG6h140=
-----END CERTIFICATE-----