Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33623a353a3a2f36342d3634203d3e20333939313538.roa
File:                     326130303a646438303a33623a353a3a2f36342d3634203d3e20333939313538.roa (raw, json)
Hash identifier:          ue3HDRvTo8oemff653y+46wSp5i84FSNmS02uK/whKc=
Subject key identifier:   9D:19:DC:97:C7:23:D1:44:76:12:38:CD:FE:6A:7E:62:8C:D0:52:7C
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       7C99590CA0132A4BDA5AB2CBDB79781307EAC4A0
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33623a353a3a2f36342d3634203d3e20333939313538.roa
Signing time:             Sat 06 Jan 2024 10:34:13 +0000
ROA not before:           Sat 06 Jan 2024 10:29:13 +0000
ROA not after:            Sat 04 Jan 2025 10:34:13 +0000
asID:                     399158
IP address blocks:        2a00:dd80:3b:5::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:99:59:0c:a0:13:2a:4b:da:5a:b2:cb:db:79:78:13:07:ea:c4:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jan  6 10:29:13 2024 GMT
            Not After : Jan  4 10:34:13 2025 GMT
        Subject: CN=9D19DC97C723D144761238CDFE6A7E628CD0527C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2c:7c:e9:87:9e:ec:03:5f:6e:60:c9:57:61:
                    63:67:37:13:e6:09:4d:a2:ac:28:50:ed:dc:36:31:
                    8b:2e:93:ac:d9:40:72:cd:1d:7b:fc:eb:4f:85:ee:
                    83:50:50:ad:42:e9:12:6a:3c:92:f8:e2:b7:87:fd:
                    a2:9f:74:d0:c5:41:19:5c:59:fa:42:e2:da:26:41:
                    5b:a9:26:14:88:d9:8f:46:a4:13:e8:2d:10:cb:fa:
                    df:15:e7:ed:3f:50:6b:99:0e:b0:bd:51:cb:9c:3a:
                    1c:0b:93:a8:17:23:84:1a:c5:75:49:99:b4:cb:e7:
                    cc:47:d8:32:09:2e:a2:5d:d9:3e:e9:df:a3:d4:53:
                    6c:28:92:56:24:48:60:5d:24:f5:c3:47:18:97:28:
                    c1:54:2a:c0:fb:1a:bf:12:b9:4e:b8:91:9b:e7:50:
                    66:61:03:75:ac:a0:11:ab:15:20:c3:bb:96:31:76:
                    f0:59:06:01:c9:7a:a4:40:93:1b:81:cb:cd:d7:09:
                    66:8f:a6:65:c0:07:50:df:0a:67:cc:d9:91:cd:94:
                    51:cc:6b:07:dd:71:43:9d:e9:e1:70:13:ca:ee:b3:
                    11:1e:4c:a9:86:13:c3:01:09:fd:2f:63:77:36:e4:
                    b1:0a:22:74:05:e9:b7:d3:b8:27:bd:5a:d4:ae:08:
                    bb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:19:DC:97:C7:23:D1:44:76:12:38:CD:FE:6A:7E:62:8C:D0:52:7C
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33623a353a3a2f36342d3634203d3e20333939313538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3b:5::/64

    Signature Algorithm: sha256WithRSAEncryption
         64:e9:f0:f2:b2:c3:e2:72:45:35:e6:2d:67:4d:5d:86:e6:6d:
         9c:d7:fe:9f:9d:e0:d7:d2:56:44:4d:03:6b:3a:97:de:5c:7a:
         9c:e9:53:53:5f:ab:6c:a7:95:88:64:20:e3:20:41:dc:6c:3d:
         4b:dd:31:75:04:cb:bf:33:5f:df:b0:67:08:45:7c:38:28:39:
         11:d5:98:08:33:52:86:dc:f2:f8:eb:ea:5e:d1:0a:44:3b:cb:
         67:40:f9:7f:52:17:2f:c7:6d:68:a9:2c:78:2d:d2:ce:94:43:
         4c:d1:b6:61:96:fd:ec:af:c8:66:d1:fb:29:0a:33:5d:d1:60:
         82:db:58:95:52:d4:72:1b:76:0b:4a:68:70:bc:20:0b:f2:69:
         0d:38:c7:fc:c0:bd:bf:bb:5d:79:f7:6d:2f:27:38:78:4d:95:
         2a:ed:7a:a9:dd:9d:e9:42:13:4c:1d:8b:81:a7:77:2e:e5:f5:
         3e:27:80:ce:e6:14:01:9d:f5:2e:20:06:fc:cb:bd:4a:91:f3:
         9c:4a:50:c8:0b:10:38:51:12:9c:83:c1:61:8f:d0:48:10:9f:
         5e:42:6d:27:97:73:78:6d:25:75:b8:00:5b:ca:94:85:ca:67:
         f2:de:cf:61:3a:0c:8b:6a:7c:9f:44:8f:a3:4c:27:fe:f8:14:
         e2:6a:73:3c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUfJlZDKATKkvaWrLL23l4EwfqxKAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDAxMDYxMDI5MTNaFw0yNTAxMDQxMDM0MTNaMDMxMTAvBgNV
BAMTKDlEMTlEQzk3QzcyM0QxNDQ3NjEyMzhDREZFNkE3RTYyOENEMDUyN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/LHzph57sA19uYMlXYWNnNxPm
CU2irChQ7dw2MYsuk6zZQHLNHXv860+F7oNQUK1C6RJqPJL44reH/aKfdNDFQRlc
WfpC4tomQVupJhSI2Y9GpBPoLRDL+t8V5+0/UGuZDrC9UcucOhwLk6gXI4QaxXVJ
mbTL58xH2DIJLqJd2T7p36PUU2woklYkSGBdJPXDRxiXKMFUKsD7Gr8SuU64kZvn
UGZhA3WsoBGrFSDDu5YxdvBZBgHJeqRAkxuBy83XCWaPpmXAB1DfCmfM2ZHNlFHM
awfdcUOd6eFwE8rusxEeTKmGE8MBCf0vY3c25LEKInQF6bfTuCe9WtSuCLtdAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUnRncl8cj0UR2EjjN/mp+YozQUnwwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzYyM2EzNTNhM2EyZjM2MzQyZDM2MzQy
MDNkM2UyMDMzMzkzOTMxMzUzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAkBggrBgEFBQcBBwEB/wQVMBMwEQQCAAIwCwMJACoA3YAAOwAFMA0GCSqGSIb3
DQEBCwUAA4IBAQBk6fDyssPickU15i1nTV2G5m2c1/6fneDX0lZETQNrOpfeXHqc
6VNTX6tsp5WIZCDjIEHcbD1L3TF1BMu/M1/fsGcIRXw4KDkR1ZgIM1KG3PL46+pe
0QpEO8tnQPl/Uhcvx21oqSx4LdLOlENM0bZhlv3sr8hm0fspCjNd0WCC21iVUtRy
G3YLSmhwvCAL8mkNOMf8wL2/u115920vJzh4TZUq7Xqp3Z3pQhNMHYuBp3cu5fU+
J4DO5hQBnfUuIAb8y71KkfOcSlDICxA4URKcg8Fhj9BIEJ9eQm0nl3N4bSV1uABb
ypSFymfy3s9hOgyLanyfRI+jTCf++BTianM8
-----END CERTIFICATE-----