Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a31303a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a31303a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          lSf4wtOUUWCfRSKhCn1JG/FapBZv4a7VK5GT2NmpDfk=
Subject key identifier:   DB:6D:8A:89:01:00:32:FF:08:8F:EA:76:BF:C5:19:A4:A9:D8:97:EE
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       06A012BD6B0500EF5290ED2DB76FD359B223E88D
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a31303a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 20:13:07 +0000
ROA not before:           Mon 02 Sep 2024 20:08:07 +0000
ROA not after:            Mon 01 Sep 2025 20:13:07 +0000
asID:                     36236
IP address blocks:        2a00:dd80:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:a0:12:bd:6b:05:00:ef:52:90:ed:2d:b7:6f:d3:59:b2:23:e8:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 20:08:07 2024 GMT
            Not After : Sep  1 20:13:07 2025 GMT
        Subject: CN=DB6D8A89010032FF088FEA76BFC519A4A9D897EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:33:cc:85:97:23:e4:58:80:7e:2e:44:f3:ae:
                    98:86:7b:6a:fd:55:70:89:73:d9:c0:7e:18:12:f7:
                    57:0e:7f:a6:4e:ef:ea:e6:84:8a:c0:58:74:1a:75:
                    6c:cd:08:ab:08:a1:63:8d:46:15:8f:0e:6d:96:bf:
                    ee:21:50:27:87:a8:82:c0:92:d0:dd:4d:a2:f0:c7:
                    d0:ec:b4:bb:3c:9b:af:b1:90:bc:86:44:6c:7c:f4:
                    fe:01:12:f7:31:5c:14:f7:0b:5d:20:8f:8e:5d:e6:
                    c1:cd:b4:01:48:00:dc:6c:02:7b:97:ac:79:16:db:
                    94:34:f8:9e:16:ae:50:db:1d:28:c5:7d:79:5e:4b:
                    0e:09:fc:a0:ce:a1:f0:b2:03:bd:cb:d8:02:fa:c6:
                    56:db:a0:56:f9:19:df:5b:83:d1:7a:f3:07:8e:ee:
                    56:85:02:1b:79:60:0a:d7:5f:d1:c4:40:9a:9e:93:
                    51:76:da:20:22:f3:f0:ae:c3:f3:48:dc:85:db:88:
                    35:e0:00:43:af:39:76:26:4f:5d:45:64:83:8a:f9:
                    69:7d:20:0d:b5:90:ab:04:4f:0b:52:06:d4:c7:23:
                    dd:02:08:33:cd:73:b9:14:b4:50:86:c9:bf:7c:37:
                    8b:56:29:a3:7d:ca:80:98:fa:a8:6a:f1:31:36:2b:
                    2d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6D:8A:89:01:00:32:FF:08:8F:EA:76:BF:C5:19:A4:A9:D8:97:EE
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a31303a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:30:86:f8:c9:bb:7d:29:a9:86:cc:b3:54:15:3a:7e:01:9a:
         b6:fb:d2:67:ee:44:da:ca:0e:38:4d:fe:38:b9:c5:ca:e2:2a:
         9d:92:29:21:e0:b2:66:66:d1:15:07:43:14:13:83:29:70:36:
         80:83:0c:58:af:e4:c1:99:8a:e0:da:ae:72:3a:f3:91:9b:92:
         f0:74:cd:c9:68:10:2c:32:a6:10:87:47:1a:3d:ef:a2:4c:33:
         e0:88:ab:a1:43:09:91:da:66:8d:d4:1d:f0:8e:ff:d0:a8:36:
         2c:85:93:3d:6d:06:3a:c7:12:37:e9:a1:e7:f6:d0:b6:b6:a3:
         11:ff:68:f6:5a:cd:d3:cb:78:2c:14:3d:8f:71:97:a3:12:8a:
         0d:de:72:d8:da:d1:bc:19:d7:06:03:56:1f:3a:aa:19:21:ce:
         32:92:a6:a4:0d:e7:5d:5f:d1:1d:66:f7:43:1a:1b:fa:b6:86:
         7e:65:2e:aa:7d:6e:72:da:6b:ea:e9:3b:d0:4b:50:9b:4e:cc:
         61:38:65:ec:00:93:2f:21:e6:42:bb:27:2e:d0:8a:0d:e6:29:
         02:a9:99:5b:92:7a:41:2c:7f:cf:cd:bf:68:a4:6b:30:9c:ab:
         68:35:88:12:a1:1b:b2:f7:2f:b7:a4:91:7d:a2:c5:fe:19:d2:
         a1:b0:d2:46
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUBqASvWsFAO9SkO0tt2/TWbIj6I0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMDA4MDdaFw0yNTA5MDEyMDEzMDdaMDMxMTAvBgNV
BAMTKERCNkQ4QTg5MDEwMDMyRkYwODhGRUE3NkJGQzUxOUE0QTlEODk3RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXM8yFlyPkWIB+LkTzrpiGe2r9
VXCJc9nAfhgS91cOf6ZO7+rmhIrAWHQadWzNCKsIoWONRhWPDm2Wv+4hUCeHqILA
ktDdTaLwx9DstLs8m6+xkLyGRGx89P4BEvcxXBT3C10gj45d5sHNtAFIANxsAnuX
rHkW25Q0+J4WrlDbHSjFfXleSw4J/KDOofCyA73L2AL6xlbboFb5Gd9bg9F68weO
7laFAht5YArXX9HEQJqek1F22iAi8/Cuw/NI3IXbiDXgAEOvOXYmT11FZIOK+Wl9
IA21kKsETwtSBtTHI90CCDPNc7kUtFCGyb98N4tWKaN9yoCY+qhq8TE2Ky3FAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQU222KiQEAMv8Ij+p2v8UZpKnYl+4wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMTMwM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAEDANBgkqhkiG9w0BAQsFAAOC
AQEAAjCG+Mm7fSmphsyzVBU6fgGatvvSZ+5E2soOOE3+OLnFyuIqnZIpIeCyZmbR
FQdDFBODKXA2gIMMWK/kwZmK4NqucjrzkZuS8HTNyWgQLDKmEIdHGj3vokwz4Iir
oUMJkdpmjdQd8I7/0Kg2LIWTPW0GOscSN+mh5/bQtrajEf9o9lrN08t4LBQ9j3GX
oxKKDd5y2NrRvBnXBgNWHzqqGSHOMpKmpA3nXV/RHWb3Qxob+raGfmUuqn1uctpr
6uk70EtQm07MYThl7ACTLyHmQrsnLtCKDeYpAqmZW5J6QSx/z82/aKRrMJyraDWI
EqEbsvcvt6SRfaLF/hnSobDSRg==
-----END CERTIFICATE-----