Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
File:                     3138352e33342e302e302f32322d3232203d3e203336323336.roa (raw, json)
Hash identifier:          5xYGcvXyafGn54f235N7UqQpV5HTsbcwOJA88RB9uSs=
Subject key identifier:   23:93:C8:F7:79:C6:54:DA:D2:7D:88:DB:13:0A:B9:A3:BA:B5:36:12
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       7D4B5E124C41D3B3075A558788B42D769D142876
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
Signing time:             Thu 28 May 2026 19:29:03 +0000
ROA not before:           Thu 28 May 2026 19:24:03 +0000
ROA not after:            Thu 27 May 2027 19:29:03 +0000
asID:                     36236
IP address blocks:        185.34.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 08:14:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:4b:5e:12:4c:41:d3:b3:07:5a:55:87:88:b4:2d:76:9d:14:28:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: May 28 19:24:03 2026 GMT
            Not After : May 27 19:29:03 2027 GMT
        Subject: CN=2393C8F779C654DAD27D88DB130AB9A3BAB53612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b1:4b:2d:20:41:32:ec:71:43:10:4f:12:21:
                    31:fa:5c:b6:5b:d8:4a:52:8c:10:71:0b:88:93:b5:
                    66:ba:2e:44:72:ae:c0:21:ac:36:0f:c9:43:03:dd:
                    39:38:70:cf:2b:9f:99:53:cf:7f:c1:d7:c9:f8:20:
                    75:60:70:4a:27:72:4b:85:74:5d:f9:bc:18:56:f9:
                    a1:24:04:d7:78:4b:ca:f1:da:76:c1:e9:f1:35:a0:
                    a4:95:10:9f:8b:f6:69:1c:80:5b:a6:83:0a:81:72:
                    86:51:ad:d3:b2:c8:1a:6e:59:85:5f:d9:e7:15:9b:
                    ae:00:26:46:b7:92:ba:e1:f0:0a:0f:fd:b9:84:d8:
                    de:7a:b1:20:e0:7d:86:cc:3e:27:8b:fb:81:96:6c:
                    30:47:a7:d2:03:c6:5e:21:00:ad:9a:28:0b:fa:d2:
                    43:ef:f2:1b:49:ef:74:e0:8a:60:f8:b4:39:67:16:
                    75:0d:40:91:dd:58:9d:1c:71:c8:cc:63:c8:2b:3d:
                    bb:3c:e4:c8:4a:8a:d8:25:e7:54:b2:16:76:5b:84:
                    f6:e0:e0:b9:20:0c:76:36:d6:9e:9d:a3:d1:07:2f:
                    fa:b7:fb:4c:d6:b8:24:77:ef:a0:28:a0:9e:4a:f4:
                    4e:d1:ad:96:18:e7:2e:86:8f:18:84:b5:f0:32:af:
                    ad:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:93:C8:F7:79:C6:54:DA:D2:7D:88:DB:13:0A:B9:A3:BA:B5:36:12
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:98:b0:2b:17:65:ca:3b:e6:6e:82:47:2b:f7:2b:aa:e4:24:
         be:1d:6d:54:c5:e7:f5:6d:bb:75:4d:01:f4:a5:75:f2:ed:57:
         8d:01:27:63:39:2f:ec:4c:45:0a:62:55:72:54:10:8c:fe:72:
         5f:23:0a:64:22:aa:02:11:e5:76:1d:e4:7c:9c:de:2e:fd:19:
         c8:13:fe:3d:b3:4d:09:71:16:8e:93:e4:c1:d5:bd:ff:9c:d2:
         47:c7:a4:d6:52:1e:07:a6:2b:3f:78:25:5d:fc:17:68:2a:1c:
         91:13:81:a0:f6:ac:81:62:fd:fc:5d:29:28:a0:84:07:2e:c5:
         71:d4:bb:4f:59:cf:2a:2e:ef:95:c3:c7:ce:1d:72:f3:e9:fe:
         ee:c1:a0:5f:28:cf:cb:36:d2:42:2b:be:04:40:bc:80:58:76:
         98:18:05:c0:d2:81:f1:dd:7f:c7:e9:21:bf:f9:c3:ac:ed:cc:
         f2:26:36:b6:ac:e9:f7:c0:25:49:c1:7f:2a:54:b7:1f:4d:f9:
         c1:84:b1:c8:5e:9f:64:1a:4c:92:28:3f:dd:b4:03:27:cf:35:
         06:32:7a:df:5d:fe:c5:91:7e:2c:3f:91:b4:99:d8:28:03:cc:
         9c:7b:ef:6e:65:b5:c6:43:80:eb:cf:74:41:cc:6e:b7:36:95:
         a8:5f:63:f5
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUfUteEkxB07MHWlWHiLQtdp0UKHYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNjA1MjgxOTI0MDNaFw0yNzA1MjcxOTI5MDNaMDMxMTAvBgNV
BAMTKDIzOTNDOEY3NzlDNjU0REFEMjdEODhEQjEzMEFCOUEzQkFCNTM2MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVsUstIEEy7HFDEE8SITH6XLZb
2EpSjBBxC4iTtWa6LkRyrsAhrDYPyUMD3Tk4cM8rn5lTz3/B18n4IHVgcEonckuF
dF35vBhW+aEkBNd4S8rx2nbB6fE1oKSVEJ+L9mkcgFumgwqBcoZRrdOyyBpuWYVf
2ecVm64AJka3krrh8AoP/bmE2N56sSDgfYbMPieL+4GWbDBHp9IDxl4hAK2aKAv6
0kPv8htJ73TgimD4tDlnFnUNQJHdWJ0cccjMY8grPbs85MhKitgl51SyFnZbhPbg
4LkgDHY21p6do9EHL/q3+0zWuCR376AooJ5K9E7RrZYY5y6GjxiEtfAyr63DAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUI5PI93nGVNrSfYjbEwq5o7q1NhIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMwMmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEArkiADANBgkqhkiG9w0BAQsFAAOCAQEAJ5iwKxdlyjvm
boJHK/crquQkvh1tVMXn9W27dU0B9KV18u1XjQEnYzkv7ExFCmJVclQQjP5yXyMK
ZCKqAhHldh3kfJzeLv0ZyBP+PbNNCXEWjpPkwdW9/5zSR8ek1lIeB6YrP3glXfwX
aCockROBoPasgWL9/F0pKKCEBy7FcdS7T1nPKi7vlcPHzh1y8+n+7sGgXyjPyzbS
Qiu+BEC8gFh2mBgFwNKB8d1/x+khv/nDrO3M8iY2tqzp98AlScF/KlS3H035wYSx
yF6fZBpMkig/3bQDJ881BjJ6313+xZF+LD+RtJnYKAPMnHvvbmW1xkOA6890Qcxu
tzaVqF9j9Q==
-----END CERTIFICATE-----