Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
File:                     3138352e33342e302e302f32322d3232203d3e203336323336.roa (raw, json)
Hash identifier:          4j2etVvQdbsBX0MmXhzKsj4JM+I4dNquFH02whQTzlk=
Subject key identifier:   C4:D2:6B:CE:11:C6:81:0F:39:D7:58:42:42:B1:24:C8:4A:98:AA:99
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       4334DF0EEDF638CB47D7CE4C02670FF16CC2AEDC
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
Signing time:             Thu 25 Jul 2024 19:13:03 +0000
ROA not before:           Thu 25 Jul 2024 19:08:03 +0000
ROA not after:            Thu 24 Jul 2025 19:13:03 +0000
asID:                     36236
IP address blocks:        185.34.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:34:df:0e:ed:f6:38:cb:47:d7:ce:4c:02:67:0f:f1:6c:c2:ae:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jul 25 19:08:03 2024 GMT
            Not After : Jul 24 19:13:03 2025 GMT
        Subject: CN=C4D26BCE11C6810F39D7584242B124C84A98AA99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0a:a4:34:f2:2a:6b:62:05:ec:ab:9c:38:1e:
                    e5:d3:ad:e3:97:e8:bd:eb:c0:21:46:c3:5f:b6:75:
                    58:5e:bb:9b:99:e2:13:4f:bd:2f:fe:e0:31:00:f1:
                    3f:ea:f9:77:a5:49:f5:e5:05:17:63:a1:80:df:b6:
                    f0:c7:f3:b3:73:9b:94:d4:13:63:37:ca:78:34:61:
                    8b:1f:6a:36:ae:15:ed:9c:f8:94:c7:0f:69:7b:e1:
                    6f:73:e5:43:ee:4d:42:fe:2c:e6:3c:bc:a4:55:3b:
                    b0:45:39:e3:1d:e9:50:f0:d3:f1:49:d1:ee:a2:81:
                    f6:eb:00:94:6e:57:19:e0:61:27:f4:3a:f4:52:2c:
                    00:62:34:06:a4:55:70:87:36:06:4a:31:37:cd:ce:
                    bf:2f:d0:07:24:dd:39:64:0b:e3:3b:d5:0b:01:30:
                    44:e7:1a:6a:c2:c6:aa:eb:5c:b9:44:21:26:7c:d7:
                    60:f2:6e:04:c6:bb:45:33:10:98:b8:bd:32:fe:61:
                    db:6f:c6:45:6b:b7:94:3e:b1:bf:fc:38:59:3c:b0:
                    06:44:54:70:9b:37:7b:e3:bd:59:7f:80:f8:c7:c4:
                    a4:d5:f6:37:cd:d5:50:76:e4:d5:30:4e:68:e6:53:
                    fc:b3:28:54:fd:1e:fe:13:4c:48:19:c5:96:f4:49:
                    33:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:D2:6B:CE:11:C6:81:0F:39:D7:58:42:42:B1:24:C8:4A:98:AA:99
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:0b:f1:b7:c9:7f:45:3d:b9:2f:ed:fb:79:47:57:03:11:c0:
         19:66:42:63:45:d9:60:a7:9c:5f:43:94:ef:87:ba:c3:86:45:
         d7:9d:94:9b:02:e2:d5:67:22:9f:42:1a:cd:9f:c1:45:9d:51:
         09:9c:21:6d:63:c9:bf:f6:60:68:6c:a2:35:41:72:91:f2:a1:
         72:ef:75:d5:ec:c6:4d:44:46:79:bc:cf:3b:c3:73:66:9d:bf:
         36:fb:b2:bb:35:24:3f:36:3f:95:0d:5b:a6:92:2c:fc:4d:7f:
         c1:ba:7c:4d:88:52:7d:43:46:9d:84:8d:5c:62:39:31:ff:13:
         5d:94:86:e5:41:30:d8:9a:61:b8:25:58:3e:1e:7e:9b:23:72:
         53:fa:41:13:c2:17:37:37:45:6f:07:6b:94:c7:81:2d:3e:bd:
         fc:38:06:80:00:ec:86:89:a0:10:ef:a0:0d:35:a2:22:ae:41:
         8b:58:28:40:5b:3e:03:bc:c4:15:77:95:71:04:ed:e9:19:98:
         69:84:f0:2c:8c:f9:26:4c:12:c0:1d:9d:1b:cf:49:07:6a:de:
         dd:08:6f:3f:a4:b7:98:30:16:9b:75:87:d2:2a:8a:a7:9c:3c:
         9b:d7:6b:9e:7e:9e:89:6b:d4:d7:d1:31:83:9b:f6:98:f5:8d:
         3a:37:d1:d6
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUQzTfDu32OMtH185MAmcP8WzCrtwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA3MjUxOTA4MDNaFw0yNTA3MjQxOTEzMDNaMDMxMTAvBgNV
BAMTKEM0RDI2QkNFMTFDNjgxMEYzOUQ3NTg0MjQyQjEyNEM4NEE5OEFBOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsCqQ08iprYgXsq5w4HuXTreOX
6L3rwCFGw1+2dVheu5uZ4hNPvS/+4DEA8T/q+XelSfXlBRdjoYDftvDH87Nzm5TU
E2M3yng0YYsfajauFe2c+JTHD2l74W9z5UPuTUL+LOY8vKRVO7BFOeMd6VDw0/FJ
0e6igfbrAJRuVxngYSf0OvRSLABiNAakVXCHNgZKMTfNzr8v0Ack3TlkC+M71QsB
METnGmrCxqrrXLlEISZ812DybgTGu0UzEJi4vTL+YdtvxkVrt5Q+sb/8OFk8sAZE
VHCbN3vjvVl/gPjHxKTV9jfN1VB25NUwTmjmU/yzKFT9Hv4TTEgZxZb0STPxAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUxNJrzhHGgQ8511hCQrEkyEqYqpkwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMwMmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEArkiADANBgkqhkiG9w0BAQsFAAOCAQEAGwvxt8l/RT25
L+37eUdXAxHAGWZCY0XZYKecX0OU74e6w4ZF152UmwLi1Wcin0IazZ/BRZ1RCZwh
bWPJv/ZgaGyiNUFykfKhcu911ezGTURGebzPO8NzZp2/NvuyuzUkPzY/lQ1bppIs
/E1/wbp8TYhSfUNGnYSNXGI5Mf8TXZSG5UEw2JphuCVYPh5+myNyU/pBE8IXNzdF
bwdrlMeBLT69/DgGgADshomgEO+gDTWiIq5Bi1goQFs+A7zEFXeVcQTt6RmYaYTw
LIz5JkwSwB2dG89JB2re3QhvP6S3mDAWm3WH0iqKp5w8m9drnn6eiWvU19Exg5v2
mPWNOjfR1g==
-----END CERTIFICATE-----