Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa
File:                     3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          3aVVJZwXJVEvzwoTvLdxPN26fUmsmRCmBQKFAiu92Do=
Subject key identifier:   9C:E1:33:36:A2:92:71:0F:DF:0F:40:73:8C:36:91:5D:96:C6:35:14
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       6C2D22962494BABF305ECFBFF972700025065CC3
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 21 Sep 2023 19:51:07 +0000
ROA not before:           Thu 21 Sep 2023 19:46:07 +0000
ROA not after:            Thu 19 Sep 2024 19:51:07 +0000
asID:                     36236
IP address blocks:        185.178.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:2d:22:96:24:94:ba:bf:30:5e:cf:bf:f9:72:70:00:25:06:5c:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep 21 19:46:07 2023 GMT
            Not After : Sep 19 19:51:07 2024 GMT
        Subject: CN=9CE13336A292710FDF0F40738C36915D96C63514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:58:01:4a:0c:c6:fb:c9:6e:9c:f8:9d:08:09:
                    39:5f:9a:07:05:29:63:21:9d:3f:e8:33:02:17:75:
                    11:61:f6:1e:b1:d5:7e:01:7f:f6:5a:5c:24:7c:f2:
                    c9:f8:a7:f3:df:16:79:5e:c9:5d:69:de:40:e7:1b:
                    9b:a3:64:3d:5e:a6:37:8e:66:c9:65:51:10:ce:10:
                    af:7e:a3:2f:a4:46:3e:0f:cc:ec:43:11:20:ed:0a:
                    75:c9:ba:b7:be:60:73:a9:7f:3a:81:12:96:e0:26:
                    b4:bc:6e:2d:72:e7:85:55:00:23:8b:0b:cc:25:49:
                    b2:a9:86:19:10:6e:9d:d0:fe:2c:1f:17:51:0c:5a:
                    90:62:c1:7c:8a:71:0b:5b:e4:70:ff:87:8c:92:0a:
                    5a:85:07:31:68:56:2c:ee:32:a7:35:3a:55:dd:38:
                    ad:46:80:f5:89:e7:aa:4d:df:22:8d:6d:0c:ee:02:
                    f5:16:b8:2e:00:e9:f5:f1:ec:fa:f0:4c:08:6e:ca:
                    de:94:c2:b5:68:9e:74:07:23:8b:a1:9d:b6:68:57:
                    13:53:d2:a3:e3:6e:6a:07:71:65:b8:97:fe:ee:c9:
                    cd:e5:e9:1d:3c:2d:25:9e:36:be:4f:d8:01:76:e7:
                    b4:2e:8a:23:e4:35:cf:99:44:1e:13:2d:b0:da:f8:
                    4c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:E1:33:36:A2:92:71:0F:DF:0F:40:73:8C:36:91:5D:96:C6:35:14
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:a0:fd:0a:2f:eb:2b:b2:ab:3a:8b:d7:3d:81:d1:42:5e:e0:
         9e:29:a1:5b:da:cc:44:86:c0:c1:a3:b2:2e:ec:b2:2a:56:70:
         fc:c7:2f:e3:1b:bb:16:3c:73:e9:74:da:1d:03:4b:4f:66:58:
         db:f2:9d:9b:74:0d:0d:04:ea:21:99:e7:41:29:a6:a8:30:0d:
         a0:bd:6d:2e:d0:61:d9:32:13:be:47:d9:a0:b1:ff:30:90:7b:
         ee:81:b2:fd:94:11:2d:d8:1b:b0:8e:c2:49:82:b1:a8:8c:a1:
         aa:9c:bd:d2:fd:0b:d3:2d:f1:58:59:ca:cb:0f:8a:45:e8:67:
         d9:93:3f:4b:f3:e3:16:91:ea:e5:d7:7a:17:a9:31:4e:3b:aa:
         06:e9:a3:fe:f1:a3:e8:4e:81:72:1e:da:4c:11:6a:6f:7a:c9:
         2d:50:05:ae:9c:a3:13:c4:99:2f:88:b8:0d:5d:a1:05:16:a3:
         a3:be:1b:cb:50:9c:5c:e9:24:05:51:15:a7:9b:ba:09:32:ef:
         99:ed:11:e2:ec:ba:27:bb:4a:e6:6b:1e:c5:47:e3:d3:e6:cc:
         70:6d:7f:fa:9d:64:2d:b7:8c:fc:6c:92:81:0c:89:9a:80:2f:
         b7:9c:36:57:64:a4:4e:79:70:54:36:c2:ea:88:05:2c:8d:e2:
         af:55:64:d8
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUbC0iliSUur8wXs+/+XJwACUGXMMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzA5MjExOTQ2MDdaFw0yNDA5MTkxOTUxMDdaMDMxMTAvBgNV
BAMTKDlDRTEzMzM2QTI5MjcxMEZERjBGNDA3MzhDMzY5MTVEOTZDNjM1MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuWAFKDMb7yW6c+J0ICTlfmgcF
KWMhnT/oMwIXdRFh9h6x1X4Bf/ZaXCR88sn4p/PfFnleyV1p3kDnG5ujZD1epjeO
ZsllURDOEK9+oy+kRj4PzOxDESDtCnXJure+YHOpfzqBEpbgJrS8bi1y54VVACOL
C8wlSbKphhkQbp3Q/iwfF1EMWpBiwXyKcQtb5HD/h4ySClqFBzFoVizuMqc1OlXd
OK1GgPWJ56pN3yKNbQzuAvUWuC4A6fXx7PrwTAhuyt6UwrVonnQHI4uhnbZoVxNT
0qPjbmoHcWW4l/7uyc3l6R08LSWeNr5P2AF257QuiiPkNc+ZRB4TLbDa+EzvAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUnOEzNqKScQ/fD0BzjDaRXZbGNRQwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzMTM3MzgyZTMyMzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ssswDQYJKoZIhvcNAQELBQADggEBAAyg
/Qov6yuyqzqL1z2B0UJe4J4poVvazESGwMGjsi7ssipWcPzHL+MbuxY8c+l02h0D
S09mWNvynZt0DQ0E6iGZ50EppqgwDaC9bS7QYdkyE75H2aCx/zCQe+6Bsv2UES3Y
G7COwkmCsaiMoaqcvdL9C9Mt8VhZyssPikXoZ9mTP0vz4xaR6uXXehepMU47qgbp
o/7xo+hOgXIe2kwRam96yS1QBa6coxPEmS+IuA1doQUWo6O+G8tQnFzpJAVRFaeb
ugky75ntEeLsuie7SuZrHsVH49PmzHBtf/qdZC23jPxskoEMiZqAL7ecNldkpE55
cFQ2wuqIBSyN4q9VZNg=
-----END CERTIFICATE-----