Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
File:                     3138352e33342e302e302f32322d3232203d3e203336323336.roa (raw, json)
Hash identifier:          siHICxKl/XWMZlL0tb3F0jjYjEJfk13htbDuYmLAH7E=
Subject key identifier:   17:67:AE:BB:E5:71:B1:AB:17:44:0E:84:76:F9:A7:F7:4A:7A:75:B2
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       572935DD7CCF1CADCFFAB7F8AC0BEEEE18D079E0
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
Signing time:             Thu 24 Aug 2023 18:46:21 +0000
ROA not before:           Thu 24 Aug 2023 18:41:21 +0000
ROA not after:            Thu 22 Aug 2024 18:46:21 +0000
asID:                     36236
IP address blocks:        185.34.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:29:35:dd:7c:cf:1c:ad:cf:fa:b7:f8:ac:0b:ee:ee:18:d0:79:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug 24 18:41:21 2023 GMT
            Not After : Aug 22 18:46:21 2024 GMT
        Subject: CN=1767AEBBE571B1AB17440E8476F9A7F74A7A75B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b9:66:d7:db:a5:01:2d:dc:c8:d1:55:8d:c8:
                    3c:5e:7a:af:30:77:2c:b5:14:28:a5:95:76:db:b4:
                    e1:08:58:b1:ae:6d:f2:4f:d7:38:a2:e0:21:cd:23:
                    39:97:bc:51:2f:1f:bc:3e:0d:ff:09:1d:c8:b9:b6:
                    99:1a:76:ab:33:37:f9:9a:68:c9:91:a7:6e:04:43:
                    5c:cc:d1:ec:22:21:09:7e:cb:05:a3:64:f6:35:14:
                    aa:81:a0:b0:d3:6b:14:d6:fc:2d:9f:0f:15:ed:a0:
                    32:83:c6:67:2e:0e:2f:66:52:c9:d5:a4:1c:d2:0a:
                    6e:a3:53:92:87:df:d9:79:6e:fd:e7:49:7d:dc:a0:
                    52:75:9c:40:3b:b2:95:4f:f6:8e:eb:2a:9b:4d:47:
                    5a:ee:cd:0b:ef:36:fd:94:69:16:f6:48:70:3e:25:
                    ab:f0:79:f8:61:14:5d:fa:6d:cc:ad:fc:72:0c:68:
                    2f:07:e1:35:91:4c:ad:19:fd:9f:c2:0c:69:4f:90:
                    b7:f0:0a:fa:c7:62:1c:c7:9e:14:87:e3:5a:21:2f:
                    17:e1:86:00:cd:85:9e:6d:66:28:24:66:43:96:bb:
                    e1:4c:47:88:0a:04:6b:ad:52:5d:83:c8:98:fc:14:
                    2c:6b:3c:bf:a9:05:5c:a2:b8:38:82:7a:89:1b:d7:
                    22:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:67:AE:BB:E5:71:B1:AB:17:44:0E:84:76:F9:A7:F7:4A:7A:75:B2
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:e0:83:ef:bf:24:3a:a7:e0:d4:25:bf:8d:de:e6:00:33:ef:
         69:cd:b2:8a:3a:59:90:1c:03:76:c0:39:86:79:06:11:e2:a6:
         d6:a5:80:4f:e7:da:4a:a0:53:75:5a:13:b9:9f:6d:10:e0:3f:
         ae:45:bd:ae:5c:e2:5a:f0:73:6c:7a:57:79:df:c8:c7:f4:c7:
         6d:6f:51:c1:66:0b:fd:3b:b3:c5:ac:47:9c:61:82:73:0c:a5:
         f9:0c:43:98:ec:ee:60:3f:86:5e:12:b7:29:30:99:8b:64:99:
         66:73:38:a2:1c:61:de:12:1a:80:f5:2a:7d:d8:b2:64:37:e6:
         53:f1:cb:ff:a2:f7:ef:c8:46:9e:b1:08:a1:b4:0a:46:2d:88:
         85:dc:5f:55:32:e9:dd:64:78:87:ae:65:15:2e:fe:5e:0b:b1:
         ce:1a:18:dd:08:01:1a:ed:a9:33:8f:76:d9:3e:49:f7:ca:3e:
         b6:cb:c5:74:e7:e2:2f:de:b0:a9:c8:a1:ac:21:95:4a:4f:a7:
         40:cc:6e:88:b0:f9:38:18:fe:7b:2f:2e:87:a7:79:60:6d:a5:
         0a:6f:cd:dd:ec:3c:cc:c7:6c:90:0f:bd:d4:67:ef:d5:7b:b3:
         74:c0:77:43:7d:a7:3d:ce:dc:5c:ac:de:1a:7a:57:eb:5c:4d:
         c1:2e:0a:86
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUVyk13XzPHK3P+rf4rAvu7hjQeeAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzA4MjQxODQxMjFaFw0yNDA4MjIxODQ2MjFaMDMxMTAvBgNV
BAMTKDE3NjdBRUJCRTU3MUIxQUIxNzQ0MEU4NDc2RjlBN0Y3NEE3QTc1QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIuWbX26UBLdzI0VWNyDxeeq8w
dyy1FCillXbbtOEIWLGubfJP1zii4CHNIzmXvFEvH7w+Df8JHci5tpkadqszN/ma
aMmRp24EQ1zM0ewiIQl+ywWjZPY1FKqBoLDTaxTW/C2fDxXtoDKDxmcuDi9mUsnV
pBzSCm6jU5KH39l5bv3nSX3coFJ1nEA7spVP9o7rKptNR1ruzQvvNv2UaRb2SHA+
JavwefhhFF36bcyt/HIMaC8H4TWRTK0Z/Z/CDGlPkLfwCvrHYhzHnhSH41ohLxfh
hgDNhZ5tZigkZkOWu+FMR4gKBGutUl2DyJj8FCxrPL+pBVyiuDiCeokb1yKPAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUF2euu+VxsasXRA6Edvmn90p6dbIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMwMmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEArkiADANBgkqhkiG9w0BAQsFAAOCAQEAXuCD778kOqfg
1CW/jd7mADPvac2yijpZkBwDdsA5hnkGEeKm1qWAT+faSqBTdVoTuZ9tEOA/rkW9
rlziWvBzbHpXed/Ix/THbW9RwWYL/TuzxaxHnGGCcwyl+QxDmOzuYD+GXhK3KTCZ
i2SZZnM4ohxh3hIagPUqfdiyZDfmU/HL/6L378hGnrEIobQKRi2IhdxfVTLp3WR4
h65lFS7+XguxzhoY3QgBGu2pM4922T5J98o+tsvFdOfiL96wqcihrCGVSk+nQMxu
iLD5OBj+ey8uh6d5YG2lCm/N3ew8zMdskA+91Gfv1XuzdMB3Q32nPc7cXKzeGnpX
61xNwS4Khg==
-----END CERTIFICATE-----