Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e332e302f32342d3234203d3e203336323336.roa
File:                     3138352e33342e332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          yml6mlT1TPRPaxA408lGIdosJlRLMNzHglUZs8XRi30=
Subject key identifier:   FA:08:FD:2D:BC:D4:53:55:BC:0D:56:32:5A:29:6F:9E:7C:26:8B:A8
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       64716F54639351672DF22247DB06A3BCCEE4C6F6
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e332e302f32342d3234203d3e203336323336.roa
Signing time:             Thu 21 Sep 2023 18:51:05 +0000
ROA not before:           Thu 21 Sep 2023 18:46:05 +0000
ROA not after:            Thu 19 Sep 2024 18:51:05 +0000
asID:                     36236
IP address blocks:        185.34.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:71:6f:54:63:93:51:67:2d:f2:22:47:db:06:a3:bc:ce:e4:c6:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep 21 18:46:05 2023 GMT
            Not After : Sep 19 18:51:05 2024 GMT
        Subject: CN=FA08FD2DBCD45355BC0D56325A296F9E7C268BA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9e:68:04:0e:d2:54:69:48:a8:93:de:e9:40:
                    be:dd:f7:65:15:81:cb:f1:2f:af:e5:65:01:ed:b3:
                    ba:4f:56:96:56:ad:dc:6c:f9:de:10:dd:b8:5c:6a:
                    9e:f9:cd:02:32:1d:cd:89:07:0e:8e:df:97:b1:82:
                    41:aa:02:cd:20:12:07:3e:ed:36:88:88:84:21:02:
                    77:69:d5:cb:eb:4c:6c:6e:f4:62:65:19:57:a0:57:
                    33:1d:14:51:ab:b7:44:79:06:a4:96:2f:fd:74:5c:
                    ac:24:e1:a5:cc:80:e3:cb:0c:e8:58:1e:f6:75:c1:
                    3c:81:c9:c9:e9:c9:a3:d2:fd:d2:38:30:a4:8b:d4:
                    1e:33:b0:a9:67:f6:4b:e6:1e:b0:e9:13:fb:20:dd:
                    6e:bd:00:db:56:53:b2:f0:11:d9:6d:19:10:05:6c:
                    c6:81:12:67:a1:f3:97:25:fc:75:b0:d3:20:01:bd:
                    c6:57:ce:9e:08:75:32:76:b3:dd:18:8c:80:53:fc:
                    a9:e5:56:03:be:5b:34:69:ed:cf:a8:47:8b:ef:39:
                    f9:7c:b4:3d:69:d0:90:04:16:91:62:54:3a:7f:1d:
                    d2:01:99:77:d8:64:a3:f2:35:0c:a1:56:93:f4:be:
                    62:3c:8d:28:61:59:76:10:1a:48:3c:89:df:b4:de:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:08:FD:2D:BC:D4:53:55:BC:0D:56:32:5A:29:6F:9E:7C:26:8B:A8
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:9f:31:90:9a:13:e0:de:d3:d9:a3:44:39:c4:9f:85:20:f7:
         02:6b:6d:fa:dc:24:28:7b:2d:ec:6f:48:11:2f:bb:aa:37:92:
         ec:52:67:0d:02:04:0c:a3:0d:bc:9a:2d:e1:fb:b7:38:7a:c9:
         f4:77:4e:11:3f:dd:ed:2e:dc:00:c1:5b:f5:d5:24:44:71:0d:
         48:dd:d6:25:e0:d2:aa:20:30:e3:b8:84:6d:0b:80:a5:01:d3:
         12:12:95:07:26:5a:9b:91:59:9c:91:8b:c6:37:4f:23:74:6c:
         a8:e2:61:c9:64:f6:d7:29:d7:77:1d:a3:8b:45:88:98:f3:6c:
         46:c8:bd:8f:ba:bb:ea:d2:64:27:90:70:f2:26:4a:a0:62:86:
         bf:22:94:25:a6:53:50:e3:cd:13:9d:9b:0a:d3:9f:05:34:27:
         91:c0:9d:16:c0:0e:42:2a:3a:bf:f1:45:f4:62:0b:93:84:c1:
         09:af:32:73:81:b0:a0:e3:ce:53:90:02:6b:3c:b5:ea:22:e4:
         19:02:32:7a:d5:46:28:d5:20:09:cd:b7:0e:a5:6a:ba:17:d7:
         f7:18:70:08:9d:5b:ca:a8:67:bd:2c:d3:db:58:fa:cb:3d:b8:
         43:05:b9:d5:79:1f:9c:bb:fb:18:e9:7e:19:db:64:40:6d:68:
         65:e2:5a:86
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUZHFvVGOTUWct8iJH2wajvM7kxvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzA5MjExODQ2MDVaFw0yNDA5MTkxODUxMDVaMDMxMTAvBgNV
BAMTKEZBMDhGRDJEQkNENDUzNTVCQzBENTYzMjVBMjk2RjlFN0MyNjhCQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVnmgEDtJUaUiok97pQL7d92UV
gcvxL6/lZQHts7pPVpZWrdxs+d4Q3bhcap75zQIyHc2JBw6O35exgkGqAs0gEgc+
7TaIiIQhAndp1cvrTGxu9GJlGVegVzMdFFGrt0R5BqSWL/10XKwk4aXMgOPLDOhY
HvZ1wTyBycnpyaPS/dI4MKSL1B4zsKln9kvmHrDpE/sg3W69ANtWU7LwEdltGRAF
bMaBEmeh85cl/HWw0yABvcZXzp4IdTJ2s90YjIBT/KnlVgO+WzRp7c+oR4vvOfl8
tD1p0JAEFpFiVDp/HdIBmXfYZKPyNQyhVpP0vmI8jShhWXYQGkg8id+03oOtAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQU+gj9LbzUU1W8DVYyWilvnnwmi6gwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMzMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEALkiAzANBgkqhkiG9w0BAQsFAAOCAQEAX58xkJoT4N7T
2aNEOcSfhSD3Amtt+twkKHst7G9IES+7qjeS7FJnDQIEDKMNvJot4fu3OHrJ9HdO
ET/d7S7cAMFb9dUkRHENSN3WJeDSqiAw47iEbQuApQHTEhKVByZam5FZnJGLxjdP
I3RsqOJhyWT21ynXdx2ji0WImPNsRsi9j7q76tJkJ5Bw8iZKoGKGvyKUJaZTUOPN
E52bCtOfBTQnkcCdFsAOQio6v/FF9GILk4TBCa8yc4GwoOPOU5ACazy16iLkGQIy
etVGKNUgCc23DqVquhfX9xhwCJ1byqhnvSzT21j6yz24QwW51XkfnLv7GOl+Gdtk
QG1oZeJahg==
-----END CERTIFICATE-----