Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32342d3234203d3e203336323336.roa
File:                     3138352e33342e322e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          R/vZQs+LGounEYxDEMlW7MFcXbw0swUkFh3tkQkTvsc=
Subject key identifier:   0F:C6:C1:6E:1A:B4:8C:22:46:CD:1E:AD:27:89:A1:5A:BC:4D:E0:22
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       02121FD2CF0FFAB79BF57B1044D24878F0783429
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 22 Aug 2024 19:13:03 +0000
ROA not before:           Thu 22 Aug 2024 19:08:03 +0000
ROA not after:            Thu 21 Aug 2025 19:13:03 +0000
asID:                     36236
IP address blocks:        185.34.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:12:1f:d2:cf:0f:fa:b7:9b:f5:7b:10:44:d2:48:78:f0:78:34:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug 22 19:08:03 2024 GMT
            Not After : Aug 21 19:13:03 2025 GMT
        Subject: CN=0FC6C16E1AB48C2246CD1EAD2789A15ABC4DE022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:eb:eb:cd:a9:34:47:32:41:bd:e8:7d:25:59:
                    6a:cd:e9:4c:2d:aa:d4:0c:79:c2:13:6c:93:5b:29:
                    0d:fd:61:42:df:fa:f0:f4:67:d0:1a:2c:6e:a7:7b:
                    7d:9f:b4:24:08:1c:39:0f:52:98:e8:d5:b1:c0:85:
                    a2:c2:af:db:db:ad:56:8f:0c:88:fa:58:1f:bb:41:
                    f5:0e:a7:60:5d:e1:cd:30:ba:36:24:cb:5e:a2:14:
                    be:d9:4d:c1:55:b1:e0:0e:bf:54:ca:64:04:d0:25:
                    0e:9b:6d:5d:96:95:89:34:83:f2:45:19:a8:a5:a4:
                    2d:13:3c:ea:0a:e2:5e:9e:c0:88:95:e6:3d:c5:6e:
                    45:ee:86:5e:13:26:00:15:f1:e1:86:b3:0a:c9:a6:
                    ea:c2:8e:36:9d:cb:8b:f3:a2:aa:6d:e1:00:ec:92:
                    04:d6:e4:4c:42:04:e8:a2:78:10:74:f3:4d:d0:44:
                    4a:23:3a:29:fa:3a:92:77:c1:87:5b:96:fe:08:c0:
                    29:a2:1f:a3:ca:33:e5:9b:ca:dc:83:92:6e:c5:25:
                    50:3d:7b:fe:65:88:77:e9:86:84:e4:d2:c2:e1:0c:
                    d6:92:1b:44:a1:50:d9:a4:4b:7e:e2:38:c0:ef:5d:
                    46:b4:1f:75:3a:69:08:74:dc:83:52:01:20:df:d2:
                    79:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C6:C1:6E:1A:B4:8C:22:46:CD:1E:AD:27:89:A1:5A:BC:4D:E0:22
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:29:34:a7:83:4b:12:ec:75:81:ee:dc:d5:19:30:30:c9:dc:
         27:8d:6a:ab:85:42:d9:b3:b2:8c:8f:e6:01:31:1f:f8:46:a0:
         8b:de:1d:74:b6:85:29:8d:5d:dc:0a:73:06:8e:72:b5:1a:22:
         29:2c:ff:1d:8f:43:b7:95:bb:61:e2:f4:b5:f6:a0:ae:87:a8:
         56:59:86:d9:ad:c8:3d:26:fe:c8:6e:b0:66:62:4e:7e:80:56:
         62:0a:92:be:7f:9e:64:ec:be:06:84:89:1d:1a:83:0d:6f:73:
         42:37:dd:30:90:29:48:c9:1e:99:b6:09:66:33:5f:71:a1:f0:
         73:99:10:ad:6b:8c:fb:4c:a1:70:a7:b6:29:e5:3f:50:f0:fe:
         c1:28:f8:e9:b9:12:52:e7:64:ce:16:d9:30:52:a8:f6:37:15:
         fe:0d:cd:ee:8b:2c:07:ee:76:6a:c1:4f:69:f6:c7:4e:ec:14:
         a0:d3:cb:3d:23:02:41:2b:38:9c:71:50:2c:58:62:ec:20:aa:
         00:36:7c:92:42:90:80:2a:12:ba:7e:76:fc:cd:ce:89:aa:40:
         60:38:80:62:a6:2a:4a:dd:9d:c6:46:7f:90:da:b0:49:b2:b1:
         c8:04:36:ab:6c:70:5f:85:20:f7:9b:85:0b:51:2a:02:b3:50:
         18:6f:94:48
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUAhIf0s8P+reb9XsQRNJIePB4NCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA4MjIxOTA4MDNaFw0yNTA4MjExOTEzMDNaMDMxMTAvBgNV
BAMTKDBGQzZDMTZFMUFCNDhDMjI0NkNEMUVBRDI3ODlBMTVBQkM0REUwMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm6+vNqTRHMkG96H0lWWrN6Uwt
qtQMecITbJNbKQ39YULf+vD0Z9AaLG6ne32ftCQIHDkPUpjo1bHAhaLCr9vbrVaP
DIj6WB+7QfUOp2Bd4c0wujYky16iFL7ZTcFVseAOv1TKZATQJQ6bbV2WlYk0g/JF
GailpC0TPOoK4l6ewIiV5j3FbkXuhl4TJgAV8eGGswrJpurCjjady4vzoqpt4QDs
kgTW5ExCBOiieBB0803QREojOin6OpJ3wYdblv4IwCmiH6PKM+WbytyDkm7FJVA9
e/5liHfphoTk0sLhDNaSG0ShUNmkS37iOMDvXUa0H3U6aQh03INSASDf0nkHAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUD8bBbhq0jCJGzR6tJ4mhWrxN4CIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMyMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEALkiAjANBgkqhkiG9w0BAQsFAAOCAQEAgik0p4NLEux1
ge7c1RkwMMncJ41qq4VC2bOyjI/mATEf+Eagi94ddLaFKY1d3ApzBo5ytRoiKSz/
HY9Dt5W7YeL0tfagroeoVlmG2a3IPSb+yG6wZmJOfoBWYgqSvn+eZOy+BoSJHRqD
DW9zQjfdMJApSMkembYJZjNfcaHwc5kQrWuM+0yhcKe2KeU/UPD+wSj46bkSUudk
zhbZMFKo9jcV/g3N7ossB+52asFPafbHTuwUoNPLPSMCQSs4nHFQLFhi7CCqADZ8
kkKQgCoSun52/M3OiapAYDiAYqYqSt2dxkZ/kNqwSbKxyAQ2q2xwX4Ug95uFC1Eq
ArNQGG+USA==
-----END CERTIFICATE-----