Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233322e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233322e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          1zYqBuH34rO7d9b4kNAut+0x5S6ACHLok2AY0F9Drrc=
Subject key identifier:   87:3C:24:8E:2C:FA:37:3A:0A:96:6A:D5:C2:28:12:1A:06:C1:DE:36
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       54454D425D35E81E8F5F3B8B7324666E58C3994E
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233322e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 22:13:11 +0000
ROA not before:           Mon 02 Sep 2024 22:08:11 +0000
ROA not after:            Mon 01 Sep 2025 22:13:11 +0000
asID:                     36236
IP address blocks:        185.40.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:45:4d:42:5d:35:e8:1e:8f:5f:3b:8b:73:24:66:6e:58:c3:99:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 22:08:11 2024 GMT
            Not After : Sep  1 22:13:11 2025 GMT
        Subject: CN=873C248E2CFA373A0A966AD5C228121A06C1DE36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:74:ba:89:57:76:24:af:78:e6:d0:e0:71:3b:
                    0a:f6:ad:9a:56:cc:88:19:bc:aa:93:49:63:45:6b:
                    82:d2:00:15:c9:aa:42:d6:29:96:83:49:2d:1c:32:
                    fc:21:ab:d0:e5:6e:aa:4e:3e:06:72:9d:90:fa:34:
                    9a:64:5b:f1:f9:41:12:a1:dd:7d:a6:2c:ed:6e:ab:
                    a1:45:04:84:f8:e4:02:d1:1e:da:7f:35:63:c6:b1:
                    47:8f:e1:02:97:a8:bb:ca:4a:6b:16:4e:7f:8c:78:
                    f1:92:87:3f:4c:c8:a6:ad:27:e2:82:a3:4e:48:ce:
                    99:61:ec:f1:00:0a:70:cb:cc:23:e9:67:bd:33:50:
                    82:cc:26:37:45:87:5e:fd:55:f8:df:f8:4b:75:b2:
                    5a:89:90:26:df:d6:af:ea:34:da:d0:a2:58:dc:ef:
                    e6:1c:f7:9b:d2:17:ab:66:aa:2e:a8:d3:78:78:09:
                    a0:da:83:12:f7:95:b5:36:bc:2f:e6:ef:f4:7f:37:
                    51:35:c4:2b:f9:42:12:3b:7d:4f:3c:24:fa:7f:12:
                    02:09:41:52:22:f9:ac:6f:3e:ff:5f:fe:dd:77:15:
                    df:0a:b9:e6:da:76:1a:56:1b:67:41:b9:0d:8b:3b:
                    ee:b7:7c:03:6c:c4:08:f0:ca:df:1f:29:ec:ec:f2:
                    aa:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:3C:24:8E:2C:FA:37:3A:0A:96:6A:D5:C2:28:12:1A:06:C1:DE:36
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233322e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:41:19:06:b1:13:0b:93:b1:6f:ef:f0:00:b9:76:61:0c:d6:
         d4:64:04:3c:a8:8d:40:9f:ac:bc:2a:7c:85:9d:cf:42:72:e3:
         1c:76:e7:1a:fa:dd:07:c8:7c:fb:4b:89:e4:0f:27:cd:e4:32:
         14:bc:a3:21:9b:f0:ea:08:d0:b8:56:ba:af:70:43:b8:c7:cc:
         b0:be:21:68:1e:79:8e:e6:70:32:0e:97:f5:50:ff:bb:5f:4e:
         57:cb:f1:02:12:65:92:39:54:1f:1d:92:5a:9f:b9:31:74:0c:
         0f:c1:0a:a8:61:11:ca:e8:29:cf:f0:ea:0d:77:aa:b7:17:e1:
         5b:ff:cc:c7:38:a0:99:68:8e:b1:f2:db:df:05:d0:75:60:02:
         4c:b4:2e:ad:cb:d6:24:c0:06:75:a5:f9:c3:12:6c:3d:bf:8f:
         a0:1e:83:44:4f:df:3b:ff:38:70:3b:63:2b:7f:8f:72:2b:33:
         7a:f3:8a:a2:62:d2:df:3c:4e:e0:d2:8c:b6:71:a4:63:4c:9b:
         6f:15:ae:e3:21:a8:ca:eb:83:9f:9f:09:05:db:c7:2b:ed:5b:
         57:b0:09:4a:22:e4:f0:cf:1e:96:a3:57:0d:a0:85:2d:18:b1:
         15:00:5a:b8:cb:ec:96:23:35:9f:ed:46:9a:db:f2:a7:8f:3c:
         cd:c2:9b:2d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUVEVNQl016B6PXzuLcyRmbljDmU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMjA4MTFaFw0yNTA5MDEyMjEzMTFaMDMxMTAvBgNV
BAMTKDg3M0MyNDhFMkNGQTM3M0EwQTk2NkFENUMyMjgxMjFBMDZDMURFMzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8dLqJV3Ykr3jm0OBxOwr2rZpW
zIgZvKqTSWNFa4LSABXJqkLWKZaDSS0cMvwhq9DlbqpOPgZynZD6NJpkW/H5QRKh
3X2mLO1uq6FFBIT45ALRHtp/NWPGsUeP4QKXqLvKSmsWTn+MePGShz9MyKatJ+KC
o05Izplh7PEACnDLzCPpZ70zUILMJjdFh179Vfjf+Et1slqJkCbf1q/qNNrQoljc
7+Yc95vSF6tmqi6o03h4CaDagxL3lbU2vC/m7/R/N1E1xCv5QhI7fU88JPp/EgIJ
QVIi+axvPv9f/t13Fd8KuebadhpWG2dBuQ2LO+63fANsxAjwyt8fKezs8qqhAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUhzwkjiz6NzoKlmrVwigSGgbB3jYwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjoMA0GCSqGSIb3DQEBCwUAA4IBAQAKQRkG
sRMLk7Fv7/AAuXZhDNbUZAQ8qI1An6y8KnyFnc9CcuMcduca+t0HyHz7S4nkDyfN
5DIUvKMhm/DqCNC4VrqvcEO4x8ywviFoHnmO5nAyDpf1UP+7X05Xy/ECEmWSOVQf
HZJan7kxdAwPwQqoYRHK6CnP8OoNd6q3F+Fb/8zHOKCZaI6x8tvfBdB1YAJMtC6t
y9YkwAZ1pfnDEmw9v4+gHoNET987/zhwO2Mrf49yKzN684qiYtLfPE7g0oy2caRj
TJtvFa7jIajK64OfnwkF28cr7VtXsAlKIuTwzx6Wo1cNoIUtGLEVAFq4y+yWIzWf
7Uaa2/KnjzzNwpst
-----END CERTIFICATE-----