Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233352e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          OHupAIfiwNMezii+EFnHL/YhF5JP35nuyWQexJTZkHs=
Subject key identifier:   7F:30:11:A0:CF:BA:A1:AD:68:23:CE:FF:A5:5A:EF:80:EF:83:61:3F
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       252D2BA98EAB44B6F08EA7458D8C3D1D467E72AE
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 21:55:38 +0000
ROA not before:           Mon 02 Oct 2023 21:50:38 +0000
ROA not after:            Mon 30 Sep 2024 21:55:38 +0000
asID:                     36236
IP address blocks:        185.40.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:2d:2b:a9:8e:ab:44:b6:f0:8e:a7:45:8d:8c:3d:1d:46:7e:72:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 21:50:38 2023 GMT
            Not After : Sep 30 21:55:38 2024 GMT
        Subject: CN=7F3011A0CFBAA1AD6823CEFFA55AEF80EF83613F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:42:4a:0e:b1:4f:79:d2:e1:e6:b8:6c:09:8a:
                    a3:f7:77:6d:e1:a1:f3:bb:d9:42:4c:7c:66:e7:0a:
                    e6:fa:93:3e:73:1b:36:ac:16:11:dd:ef:a5:eb:d9:
                    cc:60:92:47:d7:d0:6f:3b:94:29:c5:bb:e7:7a:ef:
                    1a:8a:a2:66:76:58:7e:75:23:b8:5e:92:43:41:18:
                    c3:8a:4e:ca:44:b3:92:bc:71:19:c7:ca:5b:46:44:
                    c6:6b:af:38:11:94:ae:81:e4:73:32:fd:c0:e7:5b:
                    c8:6f:9f:b0:6d:d8:75:0c:5b:02:06:8c:02:30:a7:
                    1f:fc:80:69:22:bc:70:0b:5b:da:d3:9f:0c:05:4d:
                    42:06:20:c0:09:d1:e2:d1:50:5e:b8:38:49:4b:8b:
                    c6:a8:17:da:5e:48:3c:89:f2:32:f3:17:7b:8c:fd:
                    9b:bc:af:f1:13:f0:09:70:b3:f2:3f:d0:90:88:a4:
                    6d:5c:5b:01:7a:8d:24:73:e8:3a:0a:fe:40:13:c0:
                    eb:b4:4c:05:fa:70:09:bf:80:c2:31:69:9a:fe:6e:
                    b4:e6:1b:58:46:f5:b3:65:d8:34:a0:db:20:77:ff:
                    f9:a1:93:17:81:d8:89:71:bf:69:c0:39:b0:65:30:
                    28:ec:a3:fe:a7:a5:df:ef:bf:cb:82:cb:9e:ff:b2:
                    32:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:30:11:A0:CF:BA:A1:AD:68:23:CE:FF:A5:5A:EF:80:EF:83:61:3F
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:41:49:50:fe:bf:7a:5e:dd:4f:ff:40:93:7b:d8:30:ac:12:
         ef:6e:ff:f1:73:5d:47:69:fa:6e:01:53:60:4b:f3:2e:f5:12:
         dc:5d:c2:d3:b0:de:79:81:9e:80:71:ab:72:b0:bf:d5:01:df:
         a3:e3:84:67:d9:c9:3a:a8:a9:29:10:1a:f1:22:57:3c:de:eb:
         5d:5d:a0:11:85:b6:a8:48:65:4d:49:ff:54:96:15:4f:14:49:
         99:c6:b1:24:67:a5:87:30:92:57:9e:cb:e1:07:4f:a2:33:52:
         7f:72:26:56:b7:bd:9e:3a:65:1f:c6:e4:48:4c:7f:04:10:c3:
         18:a1:9f:8b:ec:4a:a7:8f:14:d7:9f:75:95:c6:c1:dd:1a:1c:
         e4:7d:78:78:bc:36:9c:d8:af:ca:fd:95:84:df:a0:98:94:e9:
         8a:38:83:32:69:ed:77:bf:6e:b7:e6:9d:78:69:dc:f2:53:07:
         21:d8:a0:8a:60:cb:55:7e:83:84:ae:c8:04:d5:dd:20:0e:d7:
         4a:cb:ef:99:b2:ba:c4:d9:5b:ed:35:0c:71:21:e8:84:9c:e1:
         20:09:76:11:f5:c2:d9:75:6d:45:f1:42:24:17:2b:a4:de:ad:
         ba:90:f6:06:b1:c4:3d:f7:d5:0a:64:a3:47:d4:46:c7:96:11:
         ec:68:5f:02
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUJS0rqY6rRLbwjqdFjYw9HUZ+cq4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMTUwMzhaFw0yNDA5MzAyMTU1MzhaMDMxMTAvBgNV
BAMTKDdGMzAxMUEwQ0ZCQUExQUQ2ODIzQ0VGRkE1NUFFRjgwRUY4MzYxM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7QkoOsU950uHmuGwJiqP3d23h
ofO72UJMfGbnCub6kz5zGzasFhHd76Xr2cxgkkfX0G87lCnFu+d67xqKomZ2WH51
I7hekkNBGMOKTspEs5K8cRnHyltGRMZrrzgRlK6B5HMy/cDnW8hvn7Bt2HUMWwIG
jAIwpx/8gGkivHALW9rTnwwFTUIGIMAJ0eLRUF64OElLi8aoF9peSDyJ8jLzF3uM
/Zu8r/ET8Alws/I/0JCIpG1cWwF6jSRz6DoK/kATwOu0TAX6cAm/gMIxaZr+brTm
G1hG9bNl2DSg2yB3//mhkxeB2Ilxv2nAObBlMCjso/6npd/vv8uCy57/sjInAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUfzARoM+6oa1oI87/pVrvgO+DYT8wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjrMA0GCSqGSIb3DQEBCwUAA4IBAQAhQUlQ
/r96Xt1P/0CTe9gwrBLvbv/xc11HafpuAVNgS/Mu9RLcXcLTsN55gZ6AcatysL/V
Ad+j44Rn2ck6qKkpEBrxIlc83utdXaARhbaoSGVNSf9UlhVPFEmZxrEkZ6WHMJJX
nsvhB0+iM1J/ciZWt72eOmUfxuRITH8EEMMYoZ+L7EqnjxTXn3WVxsHdGhzkfXh4
vDac2K/K/ZWE36CYlOmKOIMyae13v2635p14adzyUwch2KCKYMtVfoOErsgE1d0g
DtdKy++ZsrrE2VvtNQxxIeiEnOEgCXYR9cLZdW1F8UIkFyuk3q26kPYGscQ999UK
ZKNH1EbHlhHsaF8C
-----END CERTIFICATE-----