Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          YqvbSy20WxF4i3paW6scPW8jgvfG2xL/NgxAeWB1Cic=
Subject key identifier:   C0:47:07:81:85:5D:57:33:E0:3C:C3:EC:5F:2D:FC:56:6E:AA:D0:45
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       727B02DD6998522C0210BF39432A3A8C7CFE71CC
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 21:55:38 +0000
ROA not before:           Mon 02 Oct 2023 21:50:38 +0000
ROA not after:            Mon 30 Sep 2024 21:55:38 +0000
asID:                     36236
IP address blocks:        185.40.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:7b:02:dd:69:98:52:2c:02:10:bf:39:43:2a:3a:8c:7c:fe:71:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 21:50:38 2023 GMT
            Not After : Sep 30 21:55:38 2024 GMT
        Subject: CN=C0470781855D5733E03CC3EC5F2DFC566EAAD045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:7e:f7:f0:1f:e8:c9:2c:e4:ba:32:22:6a:17:
                    16:fb:fc:38:8c:5a:7c:e9:19:00:91:7e:fe:5c:45:
                    03:71:e5:5e:a3:8e:97:c9:91:3a:c1:4c:12:0f:c7:
                    7b:f1:f4:a7:3e:20:ab:b2:12:76:bf:87:c4:e2:0d:
                    23:e1:eb:bf:42:f1:15:5b:07:71:fb:c6:46:80:28:
                    43:58:6b:b4:e2:fb:09:70:7b:07:57:dd:41:1a:b1:
                    ab:e8:3c:d1:d5:0c:92:fc:00:22:a1:d2:6b:30:a3:
                    19:c3:6d:06:fe:29:96:a1:07:d3:bb:98:45:c4:97:
                    57:dc:bf:26:68:dc:c1:6d:74:8b:48:cb:67:71:71:
                    7f:75:61:b9:83:33:2f:0c:63:69:91:43:b4:09:03:
                    be:90:34:a6:37:9b:81:65:13:1a:8d:ab:b5:0a:08:
                    a1:5b:a0:74:ef:81:24:7c:0d:a4:3e:29:1b:08:c2:
                    e1:d8:2c:70:f8:4d:32:6f:a3:4a:b5:cb:47:76:8e:
                    3e:b7:cc:f5:88:b3:8f:d2:96:62:92:e2:02:52:6d:
                    a3:da:90:44:f1:2a:86:57:c4:79:9f:c2:81:07:8c:
                    ba:30:0f:2e:b0:5e:b9:5d:36:76:5a:51:47:f0:dd:
                    2f:f9:9e:f7:36:b8:52:a1:0a:90:e5:0b:60:bc:eb:
                    df:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:47:07:81:85:5D:57:33:E0:3C:C3:EC:5F:2D:FC:56:6E:AA:D0:45
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:61:26:3c:e5:be:ec:28:41:fe:27:76:e0:d4:e7:81:d4:34:
         5a:7b:28:cc:47:f0:3d:90:af:99:83:60:0b:4d:c2:59:47:39:
         a6:ae:8c:9b:c5:58:8c:47:ec:01:13:c3:c4:3e:1a:f3:4f:26:
         f3:94:43:f8:da:5d:89:a2:29:19:9b:3e:4f:78:d9:5b:30:81:
         84:01:41:80:80:81:2f:d6:bb:36:28:67:d8:b1:83:95:47:17:
         55:f0:7e:4a:89:a9:47:98:d2:29:39:08:c0:b7:46:8d:2a:45:
         b0:fd:cb:44:ce:04:78:e6:9a:fe:58:69:92:77:88:b7:a3:30:
         d5:04:12:f5:d0:b8:87:8e:b8:27:4b:ec:3d:a7:80:0a:49:11:
         54:48:ea:31:cc:28:b5:76:83:c6:72:be:a2:c5:7e:91:ff:69:
         0b:c7:b1:63:0f:b1:87:27:a4:88:9e:b5:9c:c0:5f:4a:c2:ee:
         97:97:29:ef:1d:af:d6:72:31:06:28:26:7e:a5:f5:37:97:e5:
         99:c7:38:21:77:b2:b4:97:3f:24:76:47:2c:27:98:8a:5f:77:
         c2:1f:e6:3f:c6:b4:bf:21:10:27:25:c4:71:84:f8:ff:ce:3e:
         a6:0c:42:51:cb:38:77:15:be:20:b2:ef:20:ca:ae:48:49:56:
         73:0f:10:11
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUcnsC3WmYUiwCEL85Qyo6jHz+ccwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMTUwMzhaFw0yNDA5MzAyMTU1MzhaMDMxMTAvBgNV
BAMTKEMwNDcwNzgxODU1RDU3MzNFMDNDQzNFQzVGMkRGQzU2NkVBQUQwNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqfvfwH+jJLOS6MiJqFxb7/DiM
WnzpGQCRfv5cRQNx5V6jjpfJkTrBTBIPx3vx9Kc+IKuyEna/h8TiDSPh679C8RVb
B3H7xkaAKENYa7Ti+wlwewdX3UEasavoPNHVDJL8ACKh0mswoxnDbQb+KZahB9O7
mEXEl1fcvyZo3MFtdItIy2dxcX91YbmDMy8MY2mRQ7QJA76QNKY3m4FlExqNq7UK
CKFboHTvgSR8DaQ+KRsIwuHYLHD4TTJvo0q1y0d2jj63zPWIs4/SlmKS4gJSbaPa
kETxKoZXxHmfwoEHjLowDy6wXrldNnZaUUfw3S/5nvc2uFKhCpDlC2C8698lAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUwEcHgYVdVzPgPMPsXy38Vm6q0EUwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjpMA0GCSqGSIb3DQEBCwUAA4IBAQAaYSY8
5b7sKEH+J3bg1OeB1DRaeyjMR/A9kK+Zg2ALTcJZRzmmroybxViMR+wBE8PEPhrz
TybzlEP42l2JoikZmz5PeNlbMIGEAUGAgIEv1rs2KGfYsYOVRxdV8H5KialHmNIp
OQjAt0aNKkWw/ctEzgR45pr+WGmSd4i3ozDVBBL10LiHjrgnS+w9p4AKSRFUSOox
zCi1doPGcr6ixX6R/2kLx7FjD7GHJ6SInrWcwF9Kwu6XlynvHa/WcjEGKCZ+pfU3
l+WZxzghd7K0lz8kdkcsJ5iKX3fCH+Y/xrS/IRAnJcRxhPj/zj6mDEJRyzh3Fb4g
su8gyq5ISVZzDxAR
-----END CERTIFICATE-----