Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233322e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233322e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          M87m9dKp5gAqF7T478GgYp13cXgnMincCEOmaUh8a9U=
Subject key identifier:   C7:37:40:76:44:EC:59:9E:75:5E:A8:2B:EC:23:7E:7E:61:76:AC:12
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       3D12D4CD20C5354F262A34059B4AB81F0ACC5F18
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233322e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 21:55:38 +0000
ROA not before:           Mon 02 Oct 2023 21:50:38 +0000
ROA not after:            Mon 30 Sep 2024 21:55:38 +0000
asID:                     36236
IP address blocks:        185.40.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:12:d4:cd:20:c5:35:4f:26:2a:34:05:9b:4a:b8:1f:0a:cc:5f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 21:50:38 2023 GMT
            Not After : Sep 30 21:55:38 2024 GMT
        Subject: CN=C737407644EC599E755EA82BEC237E7E6176AC12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4e:e9:67:82:8f:bb:b0:77:17:2c:99:4b:24:
                    b8:a8:a3:1b:37:ac:00:dd:68:c7:99:a0:b0:16:c9:
                    b8:26:0f:45:fc:db:62:a3:8f:94:10:ba:f0:5f:b7:
                    62:29:eb:b1:d0:ed:5c:c8:af:06:31:7c:3a:06:4c:
                    a8:d3:46:27:69:e7:eb:12:ac:5d:61:3c:c4:a9:38:
                    51:ed:83:91:2f:d3:1b:b3:d2:18:3a:ec:2b:0a:a0:
                    ab:bb:98:d1:85:19:a9:85:6d:17:59:b8:18:76:dc:
                    91:cf:39:f1:69:8d:dd:bb:92:3b:4d:ec:27:a9:ed:
                    de:8e:54:d6:1c:e4:ab:97:89:96:71:f7:21:31:a5:
                    f0:eb:3c:c8:3a:a6:63:0e:e5:c4:59:c5:6b:ce:41:
                    c7:be:e1:e4:00:72:7f:95:be:7f:db:b4:1a:8c:e6:
                    85:be:06:5a:51:15:76:ab:f2:74:8c:b7:11:02:4d:
                    7b:37:dc:be:c5:43:8a:cb:c5:70:ed:02:7c:83:4a:
                    38:a8:be:8b:16:21:20:60:0d:01:2f:b5:fe:1f:87:
                    e5:59:6b:c1:9f:14:76:97:41:50:39:03:09:6c:b3:
                    ce:02:ad:c8:53:6e:fb:b4:3f:be:9b:96:6a:a0:17:
                    9b:cf:c1:04:9f:37:b4:23:a6:4a:1e:5c:a5:ea:19:
                    e9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:37:40:76:44:EC:59:9E:75:5E:A8:2B:EC:23:7E:7E:61:76:AC:12
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233322e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ab:35:ed:69:e9:73:29:77:22:6c:6f:94:c3:36:71:f2:57:
         6a:15:4a:6c:0a:70:f2:da:15:a4:7a:10:ab:f9:69:27:46:ca:
         15:6b:4f:7a:cd:e6:d9:a1:f9:0a:04:a4:cb:2a:50:d9:1a:10:
         42:62:4f:38:b9:f2:c0:23:f6:e3:15:8d:80:b7:6d:59:48:fb:
         36:ae:8c:1d:71:ef:c0:53:ec:f5:47:55:49:ba:4d:65:d2:a6:
         c4:fa:5b:8f:8e:46:8b:3e:63:9e:ff:03:49:71:95:1e:80:4a:
         d7:3c:05:cc:64:53:7a:26:c7:4e:a5:fb:51:29:0c:89:29:44:
         50:3c:f2:5e:60:44:93:cb:28:8f:a8:94:72:6e:7f:b6:68:53:
         77:68:d6:8b:6d:13:31:c1:dd:99:cf:cc:2a:2a:7b:40:4e:c4:
         86:e3:1c:c8:cd:ee:cf:da:2f:8c:e9:1f:7f:f8:77:a2:3c:b2:
         90:fa:b5:0d:ea:45:d9:85:b6:0e:0c:62:e5:e1:0f:a4:5a:7c:
         61:7a:74:57:81:f9:cc:cf:98:bb:c9:94:23:f3:ec:4f:de:79:
         fe:3f:32:ee:c2:ba:4b:b1:73:6b:ac:1d:5e:81:bb:62:ec:f2:
         ca:20:d1:bc:9d:55:4a:c7:9a:6a:28:aa:b9:1d:75:51:41:6b:
         4e:e4:8c:4d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUPRLUzSDFNU8mKjQFm0q4HwrMXxgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMTUwMzhaFw0yNDA5MzAyMTU1MzhaMDMxMTAvBgNV
BAMTKEM3Mzc0MDc2NDRFQzU5OUU3NTVFQTgyQkVDMjM3RTdFNjE3NkFDMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7Tulngo+7sHcXLJlLJLiooxs3
rADdaMeZoLAWybgmD0X822Kjj5QQuvBft2Ip67HQ7VzIrwYxfDoGTKjTRidp5+sS
rF1hPMSpOFHtg5Ev0xuz0hg67CsKoKu7mNGFGamFbRdZuBh23JHPOfFpjd27kjtN
7Cep7d6OVNYc5KuXiZZx9yExpfDrPMg6pmMO5cRZxWvOQce+4eQAcn+Vvn/btBqM
5oW+BlpRFXar8nSMtxECTXs33L7FQ4rLxXDtAnyDSjiovosWISBgDQEvtf4fh+VZ
a8GfFHaXQVA5Awlss84CrchTbvu0P76blmqgF5vPwQSfN7QjpkoeXKXqGenlAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUxzdAdkTsWZ51Xqgr7CN+fmF2rBIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjoMA0GCSqGSIb3DQEBCwUAA4IBAQBrqzXt
aelzKXcibG+UwzZx8ldqFUpsCnDy2hWkehCr+WknRsoVa096zebZofkKBKTLKlDZ
GhBCYk84ufLAI/bjFY2At21ZSPs2rowdce/AU+z1R1VJuk1l0qbE+luPjkaLPmOe
/wNJcZUegErXPAXMZFN6JsdOpftRKQyJKURQPPJeYESTyyiPqJRybn+2aFN3aNaL
bRMxwd2Zz8wqKntATsSG4xzIze7P2i+M6R9/+HeiPLKQ+rUN6kXZhbYODGLl4Q+k
WnxhenRXgfnMz5i7yZQj8+xP3nn+PzLuwrpLsXNrrB1egbti7PLKING8nVVKx5pq
KKq5HXVRQWtO5IxN
-----END CERTIFICATE-----