Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          F3qH9rLpkZDue4QSSWHdbbYAFUysvcvQn1TMExr2HyA=
Subject key identifier:   B8:EF:42:E8:01:5F:37:6A:A9:CA:FE:71:9C:75:9F:AD:C0:38:55:02
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       04208AB4676B70259D2C5405CAF450316CAFA982
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 22:13:11 +0000
ROA not before:           Mon 02 Sep 2024 22:08:11 +0000
ROA not after:            Mon 01 Sep 2025 22:13:11 +0000
asID:                     36236
IP address blocks:        185.40.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:20:8a:b4:67:6b:70:25:9d:2c:54:05:ca:f4:50:31:6c:af:a9:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 22:08:11 2024 GMT
            Not After : Sep  1 22:13:11 2025 GMT
        Subject: CN=B8EF42E8015F376AA9CAFE719C759FADC0385502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:06:45:c1:da:fc:a3:d6:82:74:cf:5b:d1:
                    da:a6:6d:48:13:29:96:67:49:91:2b:ed:89:3d:5b:
                    bc:1b:67:aa:a3:94:d5:24:2a:81:93:67:38:f9:90:
                    12:78:d8:86:42:95:00:e9:98:b1:e3:db:59:9b:79:
                    ce:da:97:c1:2b:62:ce:53:96:dc:2e:76:41:b2:df:
                    c1:c3:43:14:6a:8e:53:51:d7:c7:aa:f3:cb:2c:1b:
                    8a:7f:9f:0b:0f:a0:e2:e4:4d:a6:0e:0c:f9:19:af:
                    b3:e6:78:0a:cc:da:be:a3:60:f3:cf:ff:ba:cb:3c:
                    f5:0f:e7:4a:9a:3a:6c:90:23:01:79:d4:f9:31:b7:
                    cb:62:42:93:f6:d6:80:2d:f8:96:fc:92:f2:b1:bf:
                    21:a9:6c:26:7a:70:f6:6e:c0:27:98:ac:ba:a4:e3:
                    59:f3:35:dd:07:0e:75:0d:0b:7b:37:ff:09:d2:57:
                    81:d3:36:f5:34:b2:88:25:f6:c9:7f:a4:18:82:f7:
                    4e:2e:6d:c9:78:7a:2c:eb:66:a6:23:28:a9:74:88:
                    ca:76:df:e6:c3:fe:a6:8a:18:58:08:98:b1:ef:68:
                    48:1b:ee:8a:3d:ba:6a:d1:e4:7c:81:f3:8f:3c:ee:
                    53:97:fd:5a:9f:51:ec:7f:88:38:db:2a:9a:a9:0c:
                    af:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:EF:42:E8:01:5F:37:6A:A9:CA:FE:71:9C:75:9F:AD:C0:38:55:02
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:31:38:f8:cb:29:be:8a:56:b5:b5:78:e5:53:07:4e:2a:13:
         e9:54:3f:c7:ab:fe:7c:b1:6c:b0:05:89:54:b7:00:12:8a:c9:
         e5:2c:2a:c6:c3:53:4e:c7:4f:c7:bd:79:54:13:cc:41:22:7e:
         7c:98:9c:2a:50:a5:c1:a0:02:96:0a:a3:9c:4c:94:9d:38:e7:
         fc:65:d0:86:ac:2c:79:5f:ab:fd:bc:cb:37:49:4d:3c:7a:f7:
         80:f6:f4:2c:6c:c4:23:d0:46:a5:5c:2a:b1:18:b3:3f:9a:58:
         11:cd:07:0a:dc:49:7a:8d:b5:79:45:6f:54:8e:28:71:54:87:
         f4:98:3e:c3:71:fa:9f:b0:a2:da:d4:39:7c:a8:fa:c9:6e:75:
         74:ab:b6:01:16:ab:ed:c5:a0:1d:11:fb:13:2f:7a:ec:3f:a0:
         19:8b:c1:a6:6c:95:e6:80:45:2e:a2:04:5d:45:fc:f4:ce:49:
         5c:fd:98:5f:f7:0d:1c:04:76:54:65:60:0d:7d:ca:b2:02:98:
         aa:42:1b:cd:22:8a:c1:f0:6d:b0:a6:be:fe:aa:49:d7:50:c3:
         e2:90:0d:0a:ca:68:6f:32:04:c4:28:de:c4:46:67:c5:0e:b6:
         3d:d4:b3:dc:fe:d8:9d:b9:73:66:5e:cb:a0:7f:44:fe:d0:4c:
         c6:81:0a:77
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUBCCKtGdrcCWdLFQFyvRQMWyvqYIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMjA4MTFaFw0yNTA5MDEyMjEzMTFaMDMxMTAvBgNV
BAMTKEI4RUY0MkU4MDE1RjM3NkFBOUNBRkU3MTlDNzU5RkFEQzAzODU1MDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnXAZFwdr8o9aCdM9b0dqmbUgT
KZZnSZEr7Yk9W7wbZ6qjlNUkKoGTZzj5kBJ42IZClQDpmLHj21mbec7al8ErYs5T
ltwudkGy38HDQxRqjlNR18eq88ssG4p/nwsPoOLkTaYODPkZr7PmeArM2r6jYPPP
/7rLPPUP50qaOmyQIwF51Pkxt8tiQpP21oAt+Jb8kvKxvyGpbCZ6cPZuwCeYrLqk
41nzNd0HDnUNC3s3/wnSV4HTNvU0sogl9sl/pBiC904ubcl4eizrZqYjKKl0iMp2
3+bD/qaKGFgImLHvaEgb7oo9umrR5HyB84887lOX/VqfUex/iDjbKpqpDK8xAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUuO9C6AFfN2qpyv5xnHWfrcA4VQIwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjpMA0GCSqGSIb3DQEBCwUAA4IBAQA1MTj4
yym+ila1tXjlUwdOKhPpVD/Hq/58sWywBYlUtwASisnlLCrGw1NOx0/HvXlUE8xB
In58mJwqUKXBoAKWCqOcTJSdOOf8ZdCGrCx5X6v9vMs3SU08eveA9vQsbMQj0Eal
XCqxGLM/mlgRzQcK3El6jbV5RW9UjihxVIf0mD7DcfqfsKLa1Dl8qPrJbnV0q7YB
FqvtxaAdEfsTL3rsP6AZi8GmbJXmgEUuogRdRfz0zklc/Zhf9w0cBHZUZWANfcqy
ApiqQhvNIorB8G2wpr7+qknXUMPikA0KymhvMgTEKN7ERmfFDrY91LPc/tiduXNm
Xsugf0T+0EzGgQp3
-----END CERTIFICATE-----