Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a32303a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a32303a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          YYSPT5hYtEA6G7UpDrw4UrBTLOao7s9WfrWT2NoDJEg=
Subject key identifier:   DF:08:CD:D4:FF:76:4A:C5:96:85:72:CB:56:C0:D1:A1:11:1A:E2:99
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       2045879D5EB4567168857B3CC2F732CB92FF7998
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a32303a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 20:13:07 +0000
ROA not before:           Mon 02 Sep 2024 20:08:07 +0000
ROA not after:            Mon 01 Sep 2025 20:13:07 +0000
asID:                     36236
IP address blocks:        2a00:dd80:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:45:87:9d:5e:b4:56:71:68:85:7b:3c:c2:f7:32:cb:92:ff:79:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 20:08:07 2024 GMT
            Not After : Sep  1 20:13:07 2025 GMT
        Subject: CN=DF08CDD4FF764AC5968572CB56C0D1A1111AE299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:33:50:ba:9b:fd:21:b5:fd:e6:14:d9:cb:fb:
                    5d:24:c8:df:33:c7:1e:f8:59:6c:ef:50:d7:cc:be:
                    17:cb:63:f6:a3:3f:a2:f3:45:6c:b1:88:01:77:7a:
                    c0:cc:73:7c:2d:18:8c:9a:56:88:09:a4:66:5e:9e:
                    94:11:8a:ba:ae:b1:26:9b:0c:f2:26:05:c3:81:5d:
                    c1:a1:54:97:87:74:de:33:a7:78:c0:45:c1:de:e6:
                    c2:8e:43:7a:c7:a9:0c:ae:2f:9f:0d:97:22:f7:ff:
                    61:01:92:08:47:d3:61:25:ad:65:42:aa:9d:05:61:
                    0d:26:58:62:46:ba:c7:08:27:3a:82:48:eb:ad:b6:
                    50:e1:88:90:0f:b5:c5:30:34:72:b1:33:66:05:f0:
                    74:91:5a:4d:d9:bc:a8:08:d3:5e:fe:9e:d0:31:b3:
                    87:3c:80:f8:92:12:ab:6e:cb:c7:82:46:a8:45:fd:
                    36:24:a5:ae:69:55:df:43:7d:a6:58:fe:86:aa:33:
                    24:a9:13:86:f0:4a:5e:61:37:3f:9a:22:1a:89:b9:
                    1e:84:aa:57:2d:06:b6:0c:e8:d0:4d:49:a6:eb:76:
                    17:ad:c6:4c:8b:5d:c1:7f:2e:93:30:e7:58:fa:ed:
                    99:34:8d:bc:01:11:91:ce:80:6a:81:0e:af:c8:be:
                    53:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:08:CD:D4:FF:76:4A:C5:96:85:72:CB:56:C0:D1:A1:11:1A:E2:99
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a32303a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:7e:0f:7a:22:c0:8d:26:74:85:86:b6:98:a6:92:47:70:9f:
         38:e5:b5:43:c2:8a:bd:c6:0d:76:9e:bb:af:ef:3a:d1:2c:e8:
         9c:59:e0:f2:8b:d0:f1:ab:06:d4:3e:1c:84:66:1d:a4:83:80:
         b6:b0:73:09:d8:4f:91:39:e8:ea:d1:97:39:81:d3:bc:20:84:
         8b:45:33:7f:3f:c7:a6:19:b0:56:e0:05:49:53:76:d9:09:f0:
         bd:14:5d:28:48:c5:a0:88:3e:82:cc:a0:21:85:09:ba:f3:ff:
         88:f3:d2:93:57:96:5e:a3:5b:d6:87:23:c9:df:35:57:47:8a:
         09:e5:ab:ef:4b:b7:5d:10:92:9a:50:a9:fc:11:c2:88:a6:88:
         62:f3:bd:49:08:a5:f3:8e:84:17:4f:39:71:2f:40:3b:d6:50:
         c7:dc:6a:ed:8b:0b:90:7c:20:1e:03:ab:e0:9d:0b:b6:bf:aa:
         db:c8:7a:0e:46:78:2e:75:32:8c:96:c4:84:e5:12:40:64:a1:
         2e:22:39:1a:85:84:88:c2:33:26:fa:4e:bc:14:50:8b:23:46:
         e2:4f:f3:22:67:aa:61:0f:a2:32:65:0f:3d:c1:f3:93:f1:d1:
         62:79:61:0a:66:1d:4c:c9:2e:d4:79:84:7b:36:01:a3:3c:db:
         38:50:4c:9d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUIEWHnV60VnFohXs8wvcyy5L/eZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMDA4MDdaFw0yNTA5MDEyMDEzMDdaMDMxMTAvBgNV
BAMTKERGMDhDREQ0RkY3NjRBQzU5Njg1NzJDQjU2QzBEMUExMTExQUUyOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDM1C6m/0htf3mFNnL+10kyN8z
xx74WWzvUNfMvhfLY/ajP6LzRWyxiAF3esDMc3wtGIyaVogJpGZenpQRirqusSab
DPImBcOBXcGhVJeHdN4zp3jARcHe5sKOQ3rHqQyuL58NlyL3/2EBkghH02ElrWVC
qp0FYQ0mWGJGuscIJzqCSOuttlDhiJAPtcUwNHKxM2YF8HSRWk3ZvKgI017+ntAx
s4c8gPiSEqtuy8eCRqhF/TYkpa5pVd9DfaZY/oaqMySpE4bwSl5hNz+aIhqJuR6E
qlctBrYM6NBNSabrdhetxkyLXcF/LpMw51j67Zk0jbwBEZHOgGqBDq/IvlOBAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQU3wjN1P92SsWWhXLLVsDRoREa4pkwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMjMwM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAIDANBgkqhkiG9w0BAQsFAAOC
AQEARn4PeiLAjSZ0hYa2mKaSR3CfOOW1Q8KKvcYNdp67r+860SzonFng8ovQ8asG
1D4chGYdpIOAtrBzCdhPkTno6tGXOYHTvCCEi0Uzfz/HphmwVuAFSVN22QnwvRRd
KEjFoIg+gsygIYUJuvP/iPPSk1eWXqNb1ocjyd81V0eKCeWr70u3XRCSmlCp/BHC
iKaIYvO9SQil846EF085cS9AO9ZQx9xq7YsLkHwgHgOr4J0Ltr+q28h6DkZ4LnUy
jJbEhOUSQGShLiI5GoWEiMIzJvpOvBRQiyNG4k/zImeqYQ+iMmUPPcHzk/HRYnlh
CmYdTMku1HmEezYBozzbOFBMnQ==
-----END CERTIFICATE-----