Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e332e302f32342d3234203d3e203336323336.roa
File:                     3138352e33342e332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          4mjztP+1AlpYSK2k011GpSd9VDRnBT19p5s8GpocgFw=
Subject key identifier:   B5:AB:A2:A7:74:7E:19:40:22:52:D6:BC:25:92:CE:39:25:3D:3B:AC
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       5BB7F94A09407C366A787D1E3E3524696C882034
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e332e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 22 Aug 2024 19:13:03 +0000
ROA not before:           Thu 22 Aug 2024 19:08:03 +0000
ROA not after:            Thu 21 Aug 2025 19:13:03 +0000
asID:                     36236
IP address blocks:        185.34.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:b7:f9:4a:09:40:7c:36:6a:78:7d:1e:3e:35:24:69:6c:88:20:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug 22 19:08:03 2024 GMT
            Not After : Aug 21 19:13:03 2025 GMT
        Subject: CN=B5ABA2A7747E19402252D6BC2592CE39253D3BAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ee:d5:6f:5c:8f:f9:fc:5b:d7:06:6b:58:e1:
                    6a:2b:77:b2:87:90:c6:b0:0f:d6:a1:f7:d2:e0:e9:
                    46:c2:5b:44:7d:bf:40:7d:cc:29:e2:c8:7b:ba:0e:
                    74:56:00:a9:2e:d7:17:13:37:13:a2:40:1e:35:65:
                    7a:a9:79:93:6d:38:bc:c1:50:98:ac:a4:30:90:7b:
                    a6:c5:74:49:60:88:2b:d9:cb:dd:8b:27:af:d5:ac:
                    bc:3e:9f:bd:b4:79:77:0c:f5:4c:51:ed:17:f1:61:
                    83:e6:ed:b0:64:6b:c7:b8:d8:95:09:65:c7:8e:ef:
                    6f:79:df:46:75:ea:f4:78:e2:49:c3:b1:68:94:99:
                    e7:12:0e:7e:04:91:9e:37:bd:d3:20:1b:a9:8e:8f:
                    2b:b4:93:c4:21:62:43:3a:ba:3f:a8:5f:a2:6d:9e:
                    11:71:00:59:07:a5:8d:a5:45:c6:ba:be:7d:81:d9:
                    e5:0c:b9:6c:19:2a:a7:c3:88:2d:f5:ca:12:cc:eb:
                    d2:6d:5f:ea:e8:a9:e3:19:4a:63:bd:7a:08:c8:79:
                    4d:b1:dd:ea:50:03:03:c0:b5:9f:a9:f0:0e:db:51:
                    fe:db:a8:ff:e8:3b:dd:54:31:0f:ea:ba:3f:05:9b:
                    cc:03:89:01:9e:d7:cf:4b:98:95:83:a6:36:39:6b:
                    67:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:AB:A2:A7:74:7E:19:40:22:52:D6:BC:25:92:CE:39:25:3D:3B:AC
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:1b:ea:0b:e8:ca:65:92:41:75:65:10:92:ab:90:b8:bf:0e:
         14:43:ef:32:b5:53:80:1b:28:b7:43:75:53:36:d5:40:99:50:
         e1:18:7a:22:a8:b7:36:2c:9e:1e:f4:b4:38:d8:f5:2b:47:ae:
         f9:bb:85:e6:c7:51:01:06:9b:2d:42:a9:9c:62:e0:b4:a3:6e:
         ba:c0:85:1c:48:4b:ac:26:12:99:ba:ef:02:f4:fa:51:eb:f2:
         a9:17:41:49:2e:0b:10:2e:67:b7:75:75:78:15:32:43:63:eb:
         31:aa:08:a0:ab:00:fa:3c:29:2f:6b:af:84:2f:02:0d:d9:8b:
         5a:49:0e:d9:5b:79:d6:48:86:b4:7e:9d:63:a1:9e:20:32:82:
         2c:de:65:f7:d4:ac:46:98:2b:58:b0:f9:d7:26:ad:fe:a3:6a:
         e0:d2:c8:67:9a:18:f4:f5:d7:cc:2a:f1:e2:ec:b0:83:ae:d9:
         6c:62:72:63:7e:f7:df:d9:55:88:c7:32:57:77:65:a4:74:68:
         49:4c:f5:7b:10:49:ba:c3:33:bf:de:39:07:93:1a:ce:e5:74:
         5e:9b:e7:8a:48:56:4f:68:d1:2c:a2:66:2e:e4:92:d9:b3:20:
         42:a5:77:46:d4:de:2a:a2:d3:26:1e:f9:bc:b0:f6:6b:21:54:
         17:75:29:85
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUW7f5SglAfDZqeH0ePjUkaWyIIDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA4MjIxOTA4MDNaFw0yNTA4MjExOTEzMDNaMDMxMTAvBgNV
BAMTKEI1QUJBMkE3NzQ3RTE5NDAyMjUyRDZCQzI1OTJDRTM5MjUzRDNCQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl7tVvXI/5/FvXBmtY4Word7KH
kMawD9ah99Lg6UbCW0R9v0B9zCniyHu6DnRWAKku1xcTNxOiQB41ZXqpeZNtOLzB
UJispDCQe6bFdElgiCvZy92LJ6/VrLw+n720eXcM9UxR7RfxYYPm7bBka8e42JUJ
ZceO729530Z16vR44knDsWiUmecSDn4EkZ43vdMgG6mOjyu0k8QhYkM6uj+oX6Jt
nhFxAFkHpY2lRca6vn2B2eUMuWwZKqfDiC31yhLM69JtX+roqeMZSmO9egjIeU2x
3epQAwPAtZ+p8A7bUf7bqP/oO91UMQ/quj8Fm8wDiQGe189LmJWDpjY5a2cFAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUtauip3R+GUAiUta8JZLOOSU9O6wwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMzMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEALkiAzANBgkqhkiG9w0BAQsFAAOCAQEALhvqC+jKZZJB
dWUQkquQuL8OFEPvMrVTgBsot0N1UzbVQJlQ4Rh6Iqi3NiyeHvS0ONj1K0eu+buF
5sdRAQabLUKpnGLgtKNuusCFHEhLrCYSmbrvAvT6UevyqRdBSS4LEC5nt3V1eBUy
Q2PrMaoIoKsA+jwpL2uvhC8CDdmLWkkO2Vt51kiGtH6dY6GeIDKCLN5l99SsRpgr
WLD51yat/qNq4NLIZ5oY9PXXzCrx4uywg67ZbGJyY37339lViMcyV3dlpHRoSUz1
exBJusMzv945B5MazuV0XpvnikhWT2jRLKJmLuSS2bMgQqV3RtTeKqLTJh75vLD2
ayFUF3UphQ==
-----END CERTIFICATE-----