Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa
File:                     3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          /+S8BeXGgcCA5YVpR9D7r1uUWRtlrU/nTSflD5Tw2P0=
Subject key identifier:   7C:95:BC:52:B5:AD:76:83:F8:51:E2:D6:5A:D0:5D:C6:19:38:D4:EE
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       3962E00F04AC99907CF91AA1D18DE6E68DEAF185
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 22 Aug 2024 20:13:04 +0000
ROA not before:           Thu 22 Aug 2024 20:08:04 +0000
ROA not after:            Thu 21 Aug 2025 20:13:04 +0000
asID:                     36236
IP address blocks:        185.178.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:62:e0:0f:04:ac:99:90:7c:f9:1a:a1:d1:8d:e6:e6:8d:ea:f1:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug 22 20:08:04 2024 GMT
            Not After : Aug 21 20:13:04 2025 GMT
        Subject: CN=7C95BC52B5AD7683F851E2D65AD05DC61938D4EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6d:a3:c9:b0:66:4a:a2:53:07:8e:7e:96:f4:
                    99:80:1b:e0:72:33:f4:5e:51:49:1a:95:47:87:40:
                    86:7a:17:00:62:65:2f:cc:13:82:af:5a:14:aa:11:
                    b8:ae:cc:fd:af:61:ae:19:b7:2e:2d:64:d9:f2:a5:
                    22:ba:fa:a8:fb:3a:08:ce:14:14:30:02:61:2a:eb:
                    95:91:61:62:8a:6e:de:14:25:24:79:0d:b9:4d:7b:
                    28:06:63:69:6f:1d:78:f4:ec:a5:99:9e:67:ac:04:
                    c3:15:90:01:bb:07:4f:d9:9f:00:a3:82:b2:03:3d:
                    85:69:15:e1:fe:30:89:1b:b8:f6:20:55:79:ce:02:
                    6e:ac:ce:cc:5a:f0:11:a2:e0:3a:75:7b:cc:b4:a6:
                    b1:cf:fb:0b:cb:8e:2d:ca:54:91:77:d1:9d:57:a4:
                    fb:73:99:06:c8:9e:23:4a:c6:14:de:6a:74:a6:cd:
                    1f:16:2b:91:d5:8a:ce:69:e4:55:11:4c:be:00:11:
                    25:a7:c0:a5:33:02:8f:c7:6a:40:15:8a:71:8d:cb:
                    df:65:d8:d9:40:80:1b:af:5f:92:6d:1c:c4:30:09:
                    3e:20:4e:e0:fc:35:b1:46:4c:38:c8:2c:00:19:9e:
                    58:ad:aa:c8:78:2f:dd:eb:fc:1d:c9:c2:15:1c:d5:
                    5a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:95:BC:52:B5:AD:76:83:F8:51:E2:D6:5A:D0:5D:C6:19:38:D4:EE
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e3137382e3230332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f8:b5:89:af:da:78:c5:92:3b:56:b5:8a:bf:fa:7a:c4:1d:
         62:dc:65:a0:fa:6c:93:29:4b:2b:0b:b4:ab:81:57:3b:ed:a3:
         29:4b:49:6c:c6:03:1a:f0:9b:fc:c9:06:00:66:43:5b:0b:8b:
         2a:01:46:3e:cb:d4:16:ec:c0:3a:f5:98:f4:41:4b:13:e0:c7:
         40:87:e5:f3:b0:24:89:b2:a3:9f:98:d4:67:45:c8:8d:8a:83:
         67:ea:e7:89:ab:d0:93:39:53:84:76:99:74:fa:b6:1b:f4:84:
         3a:6e:67:c2:39:34:6c:46:f0:37:40:7c:61:9a:ae:ff:c4:63:
         76:b2:e8:96:d6:b6:12:9d:b4:8c:74:b2:9d:73:f6:09:da:f0:
         35:cd:62:34:28:84:1b:d2:15:c9:23:55:7d:c4:a0:40:01:7d:
         a2:58:56:78:0c:b9:3f:d6:cd:38:81:0d:13:2b:d4:e7:98:a6:
         9a:47:98:28:be:7c:27:13:cc:6a:28:ae:0f:a0:e3:0a:15:70:
         e9:3c:35:f4:7b:50:c2:b0:ba:f5:a5:ba:64:1c:11:3b:aa:13:
         9b:fd:4c:5f:ee:0a:43:d2:5f:59:9c:5b:36:d0:4e:00:c9:8b:
         22:16:46:42:8c:d0:75:a2:3b:00:b1:6d:fb:3c:59:d1:66:a8:
         65:ae:f4:4a
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgIUOWLgDwSsmZB8+Rqh0Y3m5o3q8YUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA4MjIyMDA4MDRaFw0yNTA4MjEyMDEzMDRaMDMxMTAvBgNV
BAMTKDdDOTVCQzUyQjVBRDc2ODNGODUxRTJENjVBRDA1REM2MTkzOEQ0RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8baPJsGZKolMHjn6W9JmAG+By
M/ReUUkalUeHQIZ6FwBiZS/ME4KvWhSqEbiuzP2vYa4Zty4tZNnypSK6+qj7OgjO
FBQwAmEq65WRYWKKbt4UJSR5DblNeygGY2lvHXj07KWZnmesBMMVkAG7B0/ZnwCj
grIDPYVpFeH+MIkbuPYgVXnOAm6szsxa8BGi4Dp1e8y0prHP+wvLji3KVJF30Z1X
pPtzmQbIniNKxhTeanSmzR8WK5HVis5p5FURTL4AESWnwKUzAo/HakAVinGNy99l
2NlAgBuvX5JtHMQwCT4gTuD8NbFGTDjILAAZnlitqsh4L93r/B3JwhUc1VoLAgMB
AAGjggIkMIICIDAdBgNVHQ4EFgQUfJW8UrWtdoP4UeLWWtBdxhk41O4wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzMTM3MzgyZTMyMzAzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYB
BQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5ssswDQYJKoZIhvcNAQELBQADggEBADr4
tYmv2njFkjtWtYq/+nrEHWLcZaD6bJMpSysLtKuBVzvtoylLSWzGAxrwm/zJBgBm
Q1sLiyoBRj7L1BbswDr1mPRBSxPgx0CH5fOwJImyo5+Y1GdFyI2Kg2fq54mr0JM5
U4R2mXT6thv0hDpuZ8I5NGxG8DdAfGGarv/EY3ay6JbWthKdtIx0sp1z9gna8DXN
YjQohBvSFckjVX3EoEABfaJYVngMuT/WzTiBDRMr1OeYpppHmCi+fCcTzGoorg+g
4woVcOk8NfR7UMKwuvWlumQcETuqE5v9TF/uCkPSX1mcWzbQTgDJiyIWRkKM0HWi
OwCxbfs8WdFmqGWu9Eo=
-----END CERTIFICATE-----