Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233342e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233342e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          bmQDXDBuH3h6qP8B8ixEZV6yFFKIv8E9ZBKTX8JSRW4=
Subject key identifier:   16:A8:32:3A:AE:01:18:B6:91:7B:D3:2D:AB:30:FA:8F:F4:BE:FB:C7
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       10B84F49343CA0F4CE2920D862A9AAAF62C35D03
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233342e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 21:55:38 +0000
ROA not before:           Mon 02 Oct 2023 21:50:38 +0000
ROA not after:            Mon 30 Sep 2024 21:55:38 +0000
asID:                     36236
IP address blocks:        185.40.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b8:4f:49:34:3c:a0:f4:ce:29:20:d8:62:a9:aa:af:62:c3:5d:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 21:50:38 2023 GMT
            Not After : Sep 30 21:55:38 2024 GMT
        Subject: CN=16A8323AAE0118B6917BD32DAB30FA8FF4BEFBC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3b:37:20:b6:df:fa:e9:86:1e:cd:77:aa:76:
                    56:9c:e2:21:f7:2f:8b:62:fa:1f:ba:2f:cf:b8:8d:
                    15:57:ca:e5:97:26:72:ac:0c:a0:76:a3:f7:7a:71:
                    ec:40:a0:d0:ff:b5:6f:1f:2b:d6:21:57:79:fe:c8:
                    1b:d4:c6:21:da:db:c0:f2:1a:d2:a4:57:6b:79:27:
                    d4:03:1f:5a:43:7c:52:67:f3:55:f8:99:7a:47:0c:
                    50:e7:c5:fd:a7:e8:9c:01:ed:83:d2:ae:9b:81:32:
                    38:d1:71:7c:f5:15:a7:b1:b8:8f:37:6d:3c:4b:8b:
                    2c:91:8f:d8:0c:5d:ef:b7:c7:3c:09:c0:e8:81:0b:
                    1c:21:e2:5b:ff:1f:e6:9d:85:be:6a:82:56:4e:03:
                    10:eb:c0:95:64:d8:36:5d:17:9f:d7:cf:53:a8:54:
                    d3:08:e3:54:0c:ac:94:65:d1:ea:8b:7e:31:e3:2b:
                    83:8b:e4:c1:91:9c:14:e0:50:0b:d1:2f:3c:ae:97:
                    f8:d9:b8:f7:c0:8a:75:d4:73:cf:b1:76:65:b9:9d:
                    a7:83:ef:b5:5a:1c:fa:cd:a5:a4:c1:61:80:9e:d1:
                    e9:4f:1f:d1:23:69:a0:d7:9d:8c:be:7e:68:e1:4d:
                    e2:79:7f:78:30:12:79:27:37:3a:a2:91:00:b4:2f:
                    a2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A8:32:3A:AE:01:18:B6:91:7B:D3:2D:AB:30:FA:8F:F4:BE:FB:C7
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233342e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:5f:c1:e0:14:0e:0d:29:2c:e4:f7:d7:7a:e5:8f:85:2d:0d:
         16:d5:c1:38:6e:c6:c8:6c:c0:54:ce:bc:6a:bc:7f:3c:cb:37:
         b7:18:ad:02:db:40:bb:68:d1:24:cc:6d:f5:63:36:37:6f:f4:
         10:c9:7e:7a:f3:97:be:89:61:2d:ab:f7:62:21:63:1d:86:ce:
         ff:21:8e:f8:05:e2:a6:64:e7:d5:71:46:4e:a7:87:db:06:f3:
         9f:26:22:0c:a9:3b:3a:f4:9f:c5:17:d0:9f:25:70:ab:47:66:
         ce:c6:da:55:4e:73:b9:a0:87:a2:38:a1:95:08:d3:86:c1:15:
         cc:3c:88:34:4b:f1:18:5c:b4:2e:36:c4:b6:ae:56:b3:14:25:
         59:30:91:d6:6f:8a:bd:a4:f7:4d:1f:ef:ee:3c:fb:69:8a:70:
         60:8e:7c:dc:57:51:0a:b3:47:43:75:13:c9:7e:10:87:1d:b6:
         12:01:29:8c:fe:cf:69:55:f7:25:0e:62:e8:0d:cb:68:33:c6:
         ee:89:9f:b8:b1:66:d9:aa:21:98:4a:0b:04:62:45:ef:b3:2c:
         de:66:b9:4c:4c:c9:64:49:8f:b7:d2:1e:c8:82:0e:6b:17:74:
         4a:e1:31:5b:6a:7f:ca:ac:40:13:c6:11:41:3e:e7:45:45:2f:
         d6:4d:13:5a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUELhPSTQ8oPTOKSDYYqmqr2LDXQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMTUwMzhaFw0yNDA5MzAyMTU1MzhaMDMxMTAvBgNV
BAMTKDE2QTgzMjNBQUUwMTE4QjY5MTdCRDMyREFCMzBGQThGRjRCRUZCQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuOzcgtt/66YYezXeqdlac4iH3
L4ti+h+6L8+4jRVXyuWXJnKsDKB2o/d6cexAoND/tW8fK9YhV3n+yBvUxiHa28Dy
GtKkV2t5J9QDH1pDfFJn81X4mXpHDFDnxf2n6JwB7YPSrpuBMjjRcXz1FaexuI83
bTxLiyyRj9gMXe+3xzwJwOiBCxwh4lv/H+adhb5qglZOAxDrwJVk2DZdF5/Xz1Oo
VNMI41QMrJRl0eqLfjHjK4OL5MGRnBTgUAvRLzyul/jZuPfAinXUc8+xdmW5naeD
77VaHPrNpaTBYYCe0elPH9EjaaDXnYy+fmjhTeJ5f3gwEnknNzqikQC0L6LnAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUFqgyOq4BGLaRe9MtqzD6j/S++8cwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjqMA0GCSqGSIb3DQEBCwUAA4IBAQCnX8Hg
FA4NKSzk99d65Y+FLQ0W1cE4bsbIbMBUzrxqvH88yze3GK0C20C7aNEkzG31YzY3
b/QQyX5685e+iWEtq/diIWMdhs7/IY74BeKmZOfVcUZOp4fbBvOfJiIMqTs69J/F
F9CfJXCrR2bOxtpVTnO5oIeiOKGVCNOGwRXMPIg0S/EYXLQuNsS2rlazFCVZMJHW
b4q9pPdNH+/uPPtpinBgjnzcV1EKs0dDdRPJfhCHHbYSASmM/s9pVfclDmLoDcto
M8buiZ+4sWbZqiGYSgsEYkXvsyzeZrlMTMlkSY+30h7Igg5rF3RK4TFban/KrEAT
xhFBPudFRS/WTRNa
-----END CERTIFICATE-----