Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233352e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          uhB+gsMVwfyY/IC2jgRgfRHu7kKP7UtP6dT5i2p32S8=
Subject key identifier:   99:12:31:05:0D:A3:51:93:89:4F:37:EC:DC:5F:FE:DD:4D:CB:1C:3E
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       66AA795BFC986CBFC2F408E0B11CA5EE0AA5889B
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 22:13:10 +0000
ROA not before:           Mon 02 Sep 2024 22:08:10 +0000
ROA not after:            Mon 01 Sep 2025 22:13:10 +0000
asID:                     36236
IP address blocks:        185.40.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:aa:79:5b:fc:98:6c:bf:c2:f4:08:e0:b1:1c:a5:ee:0a:a5:88:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 22:08:10 2024 GMT
            Not After : Sep  1 22:13:10 2025 GMT
        Subject: CN=991231050DA35193894F37ECDC5FFEDD4DCB1C3E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:80:10:e2:c7:45:51:d4:f0:82:ff:56:f2:48:
                    37:ac:65:cc:65:bc:65:69:09:13:37:ea:b1:ac:95:
                    a0:2e:1d:0b:95:06:ce:80:df:0d:8c:a3:09:20:a3:
                    6c:b2:13:c3:68:cf:01:28:b9:38:de:13:17:6e:40:
                    87:77:c1:7f:c9:1c:de:77:03:5c:ad:b1:6c:a6:2b:
                    12:d5:3e:b2:bf:4b:29:12:e1:3e:d8:f8:7f:fc:2e:
                    d0:4e:fe:72:8f:6d:63:50:18:33:a9:4f:85:98:19:
                    26:3a:c4:ab:40:da:60:aa:31:91:5d:7f:c4:82:80:
                    e8:84:ae:85:3b:88:e9:07:c8:c8:a9:19:cb:e5:21:
                    42:9c:25:28:d3:98:08:87:7e:13:9d:16:39:c6:09:
                    ec:e5:4a:7b:14:02:f8:71:02:f3:dc:e6:47:a6:ad:
                    f7:b3:06:c5:ed:d4:3a:ac:e2:ed:f9:a1:fd:53:39:
                    b3:22:80:57:1f:ad:52:d8:7c:60:bc:73:96:28:03:
                    ee:a0:8b:0b:e8:d7:b4:97:22:5f:44:a3:34:43:ad:
                    1e:9a:03:b7:2a:d4:b9:fa:b5:08:e7:06:f6:19:f8:
                    93:b5:ce:43:3b:4a:83:84:10:f1:57:cb:11:c9:d1:
                    6d:2e:b4:66:ab:f3:be:74:11:5b:fe:fa:30:eb:b7:
                    5d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:12:31:05:0D:A3:51:93:89:4F:37:EC:DC:5F:FE:DD:4D:CB:1C:3E
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:e5:98:b6:91:aa:c8:2e:0d:31:e9:df:ab:08:be:29:b7:35:
         1a:a7:42:95:00:95:45:f3:50:09:d5:8b:cf:9d:09:97:3d:b0:
         02:b4:9d:fc:bf:e0:fc:f5:c0:6e:57:32:8b:22:74:86:a0:af:
         57:ca:9f:ab:f5:9f:97:07:04:c1:f7:3f:93:f1:be:89:bf:d6:
         b4:1d:d2:89:3a:88:9a:e5:7f:ea:b3:3f:21:08:4a:a6:f2:08:
         47:6f:c0:c0:7b:17:c2:66:63:bb:8d:40:07:03:8a:e1:80:91:
         20:13:83:01:c5:73:5b:a3:98:05:49:d8:34:7b:f1:d6:88:83:
         0e:c9:c2:97:9e:0b:9e:a0:3b:cf:77:46:08:86:a8:05:2d:74:
         ed:a1:21:5d:37:ee:2b:c9:ac:b3:70:48:c8:80:88:77:9f:8e:
         e7:98:7a:d7:66:19:42:3a:c4:3c:4f:a1:72:f3:01:11:1a:1c:
         92:3e:ae:57:6d:e1:39:14:ad:ee:05:cf:ca:b3:a0:76:1a:38:
         e5:19:3b:d7:d1:8d:96:b4:79:65:e9:9f:61:68:d2:b8:61:33:
         f5:1b:ca:dd:f4:b8:ff:49:a4:98:58:7c:d3:b4:cf:52:b5:dd:
         78:4f:fd:15:4c:7e:6a:cc:a1:07:18:f6:ac:90:31:6e:a2:53:
         5e:0f:bc:7e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUZqp5W/yYbL/C9AjgsRyl7gqliJswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMjA4MTBaFw0yNTA5MDEyMjEzMTBaMDMxMTAvBgNV
BAMTKDk5MTIzMTA1MERBMzUxOTM4OTRGMzdFQ0RDNUZGRURENERDQjFDM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbgBDix0VR1PCC/1bySDesZcxl
vGVpCRM36rGslaAuHQuVBs6A3w2Mowkgo2yyE8NozwEouTjeExduQId3wX/JHN53
A1ytsWymKxLVPrK/SykS4T7Y+H/8LtBO/nKPbWNQGDOpT4WYGSY6xKtA2mCqMZFd
f8SCgOiEroU7iOkHyMipGcvlIUKcJSjTmAiHfhOdFjnGCezlSnsUAvhxAvPc5kem
rfezBsXt1Dqs4u35of1TObMigFcfrVLYfGC8c5YoA+6giwvo17SXIl9EozRDrR6a
A7cq1Ln6tQjnBvYZ+JO1zkM7SoOEEPFXyxHJ0W0utGar8750EVv++jDrt12hAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUmRIxBQ2jUZOJTzfs3F/+3U3LHD4wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjrMA0GCSqGSIb3DQEBCwUAA4IBAQCe5Zi2
karILg0x6d+rCL4ptzUap0KVAJVF81AJ1YvPnQmXPbACtJ38v+D89cBuVzKLInSG
oK9Xyp+r9Z+XBwTB9z+T8b6Jv9a0HdKJOoia5X/qsz8hCEqm8ghHb8DAexfCZmO7
jUAHA4rhgJEgE4MBxXNbo5gFSdg0e/HWiIMOycKXngueoDvPd0YIhqgFLXTtoSFd
N+4ryayzcEjIgIh3n47nmHrXZhlCOsQ8T6Fy8wERGhySPq5XbeE5FK3uBc/Ks6B2
GjjlGTvX0Y2WtHll6Z9haNK4YTP1G8rd9Lj/SaSYWHzTtM9Std14T/0VTH5qzKEH
GPaskDFuolNeD7x+
-----END CERTIFICATE-----