Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33613a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a33613a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          TefJYI44lQKz9pANFsAOYPvCxX3A7ho76D8IhnS+gAQ=
Subject key identifier:   2B:D8:29:3D:DE:E7:00:8D:8B:22:04:7A:34:A8:6D:C1:DB:5D:08:5D
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       6AF79D13DD690FA0BF7D558AFC3AD76D32FB12C5
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33613a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 20:13:08 +0000
ROA not before:           Mon 02 Sep 2024 20:08:08 +0000
ROA not after:            Mon 01 Sep 2025 20:13:08 +0000
asID:                     36236
IP address blocks:        2a00:dd80:3a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f7:9d:13:dd:69:0f:a0:bf:7d:55:8a:fc:3a:d7:6d:32:fb:12:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 20:08:08 2024 GMT
            Not After : Sep  1 20:13:08 2025 GMT
        Subject: CN=2BD8293DDEE7008D8B22047A34A86DC1DB5D085D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:19:a2:1a:40:f4:c4:1f:b9:6c:1e:d7:e1:2c:
                    73:af:19:c5:1c:23:1c:ce:c8:58:c6:1e:a9:ba:23:
                    42:b1:04:c1:92:4c:db:63:9b:bf:4f:20:9b:e4:e9:
                    bc:36:7d:4f:8b:a6:fc:70:60:c2:5f:44:cd:41:de:
                    bb:95:48:3f:15:ef:6f:2a:1a:88:6e:84:ba:53:f7:
                    2b:19:c8:54:fb:35:89:1b:06:35:07:47:cc:ca:59:
                    88:04:62:dd:92:f8:4c:f9:85:ae:d3:01:bb:cf:c7:
                    04:c9:91:31:2f:df:f7:08:98:6a:d5:2e:36:ef:56:
                    74:78:af:e7:68:c9:11:46:49:b1:ee:6f:95:7d:03:
                    bd:a9:f6:37:8b:8c:00:5e:9e:33:00:ed:36:ec:26:
                    b8:7f:60:31:a3:6c:38:f5:c1:02:dc:46:12:d8:9b:
                    70:bc:e1:ad:4f:ee:4a:d3:ef:12:fa:08:64:ae:84:
                    08:c3:35:63:8d:2b:2f:6c:67:fc:35:e4:5c:de:79:
                    09:e2:60:b8:3b:8b:71:a3:87:33:4c:a6:83:53:99:
                    23:e7:29:a8:50:1a:18:84:ad:21:66:f0:60:02:e0:
                    4b:6a:c2:cc:0a:46:f2:77:06:8a:d1:bb:e4:12:1d:
                    66:d9:9a:bc:77:a0:c0:30:92:f9:0c:ed:72:df:49:
                    e0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D8:29:3D:DE:E7:00:8D:8B:22:04:7A:34:A8:6D:C1:DB:5D:08:5D
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33613a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3a::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:aa:36:7e:4f:c0:6c:d3:45:c1:87:c3:17:cc:cf:7e:b2:3b:
         d1:35:2b:c0:9f:53:00:dd:8a:0a:3b:30:92:93:23:e0:37:41:
         09:11:d3:b2:d4:c9:fc:28:dd:18:61:10:6d:b1:d7:80:93:a2:
         d8:c9:eb:32:75:10:a8:d9:bf:67:a3:66:bf:54:15:d1:b3:d1:
         8f:b9:78:61:6b:68:52:fc:c7:b4:dd:32:20:ec:85:80:fb:56:
         59:8c:b3:21:e0:de:f9:97:f2:54:df:b4:cd:7a:26:1f:83:32:
         67:20:ac:09:bf:b7:ec:f7:af:ac:e6:5d:d0:b2:ef:95:c8:7d:
         70:9c:25:a4:49:73:74:a1:bf:5f:7e:d7:c8:3d:bd:3e:de:9d:
         58:19:36:75:2e:cb:30:cd:19:a4:46:4e:59:96:99:d6:53:4f:
         3d:d7:fc:ca:3f:6c:d1:0a:88:17:f4:11:7a:97:86:b1:e2:0c:
         58:a0:b3:67:3f:ab:5e:00:a4:da:05:c7:ef:ba:c7:33:ae:e4:
         c3:e5:52:fc:51:e5:a8:05:83:d7:8b:33:9c:db:07:48:59:42:
         17:ca:9e:54:23:14:89:f3:4f:43:c3:66:c7:f7:7e:c5:10:92:
         94:75:47:99:3e:f8:46:6a:9a:6f:48:f5:16:71:06:56:03:bb:
         00:65:06:21
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUavedE91pD6C/fVWK/DrXbTL7EsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMDA4MDhaFw0yNTA5MDEyMDEzMDhaMDMxMTAvBgNV
BAMTKDJCRDgyOTNEREVFNzAwOEQ4QjIyMDQ3QTM0QTg2REMxREI1RDA4NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxGaIaQPTEH7lsHtfhLHOvGcUc
IxzOyFjGHqm6I0KxBMGSTNtjm79PIJvk6bw2fU+LpvxwYMJfRM1B3ruVSD8V728q
GohuhLpT9ysZyFT7NYkbBjUHR8zKWYgEYt2S+Ez5ha7TAbvPxwTJkTEv3/cImGrV
LjbvVnR4r+doyRFGSbHub5V9A72p9jeLjABenjMA7TbsJrh/YDGjbDj1wQLcRhLY
m3C84a1P7krT7xL6CGSuhAjDNWONKy9sZ/w15FzeeQniYLg7i3GjhzNMpoNTmSPn
KahQGhiErSFm8GAC4EtqwswKRvJ3BorRu+QSHWbZmrx3oMAwkvkM7XLfSeAJAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUK9gpPd7nAI2LIgR6NKhtwdtdCF0wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzYxM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAOjANBgkqhkiG9w0BAQsFAAOC
AQEAUKo2fk/AbNNFwYfDF8zPfrI70TUrwJ9TAN2KCjswkpMj4DdBCRHTstTJ/Cjd
GGEQbbHXgJOi2MnrMnUQqNm/Z6Nmv1QV0bPRj7l4YWtoUvzHtN0yIOyFgPtWWYyz
IeDe+ZfyVN+0zXomH4MyZyCsCb+37PevrOZd0LLvlch9cJwlpElzdKG/X37XyD29
Pt6dWBk2dS7LMM0ZpEZOWZaZ1lNPPdf8yj9s0QqIF/QRepeGseIMWKCzZz+rXgCk
2gXH77rHM67kw+VS/FHlqAWD14sznNsHSFlCF8qeVCMUifNPQ8Nmx/d+xRCSlHVH
mT74Rmqab0j1FnEGVgO7AGUGIQ==
-----END CERTIFICATE-----