Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          ukG7Bie3aaNyn7uBzakbxiOEk+5sWCfhONkdqIFtP/M=
Subject key identifier:   40:CB:0F:F7:6C:1C:11:74:51:82:9E:1B:01:6A:74:8B:8C:7E:5E:1A
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       45E83047019B07465EC3EE94DF0E0632B9BDB40C
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 20:13:06 +0000
ROA not before:           Mon 02 Sep 2024 20:08:06 +0000
ROA not after:            Mon 01 Sep 2025 20:13:06 +0000
asID:                     36236
IP address blocks:        2a00:dd80:3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e8:30:47:01:9b:07:46:5e:c3:ee:94:df:0e:06:32:b9:bd:b4:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 20:08:06 2024 GMT
            Not After : Sep  1 20:13:06 2025 GMT
        Subject: CN=40CB0FF76C1C117451829E1B016A748B8C7E5E1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:01:f6:73:10:b3:05:64:0f:d0:9c:70:0a:46:
                    58:a7:8c:9f:0d:c3:09:3c:78:64:48:ff:8f:89:c8:
                    93:ea:24:0b:44:fb:15:6e:b0:dc:1b:fe:cb:31:16:
                    6f:3a:e0:30:99:a8:59:9b:2e:9b:89:c6:99:e2:c7:
                    bb:c5:ae:d4:93:2f:a2:d2:d3:8b:32:63:e4:14:13:
                    0e:36:a8:75:a8:31:a2:f1:5f:53:13:f6:64:ec:1d:
                    45:cf:76:d4:67:e8:b4:21:62:40:14:8c:ac:65:6d:
                    a3:8f:2a:b9:8a:0e:ba:d1:9e:ca:9f:3b:5b:9d:c6:
                    a0:e3:12:33:33:27:c8:12:0b:47:39:45:cb:2f:aa:
                    99:30:27:77:89:d0:90:db:87:89:ad:63:3a:a9:aa:
                    bf:f0:69:57:c9:72:98:3e:2a:8a:cb:90:05:ee:60:
                    ff:68:47:1e:9e:b1:4b:41:ab:05:ba:41:bf:ef:1d:
                    c9:72:0d:8c:21:d8:66:36:15:d0:66:ef:13:45:b7:
                    dd:8c:c2:3f:fc:3e:42:b7:7b:31:4a:b4:fc:c8:9f:
                    44:d9:8f:59:3f:68:52:b0:fd:d8:43:74:1d:1b:b5:
                    16:8d:e6:17:09:dc:bc:e7:1a:45:bf:65:39:ed:b8:
                    37:01:44:6b:55:d0:a4:90:e6:94:95:a5:a7:9e:f0:
                    55:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CB:0F:F7:6C:1C:11:74:51:82:9E:1B:01:6A:74:8B:8C:7E:5E:1A
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:b0:ef:b4:3e:ee:52:ce:22:8a:6a:64:7d:25:a3:08:0d:f4:
         92:0f:85:0c:30:b6:53:a2:e8:f3:d0:36:f3:61:72:d3:a5:94:
         47:3a:ef:a9:e3:ed:2c:1c:48:9f:8a:72:9f:c9:94:29:24:09:
         72:b6:6e:2a:3b:5b:22:aa:7b:2a:2a:8a:cb:d1:f5:03:c4:88:
         9e:5e:67:a8:fe:50:51:2f:aa:dd:f4:29:f8:b3:ee:9e:4b:88:
         07:60:e5:95:c3:80:f3:62:b2:ad:38:0c:f7:d6:c4:5e:d7:38:
         66:b3:eb:b5:96:b6:b8:4e:60:e0:9c:18:21:51:66:fd:02:b0:
         03:d4:dd:7c:b7:1f:62:b2:37:fc:96:6d:f1:22:19:b5:ad:97:
         5c:2b:ef:25:38:48:e4:15:be:8c:c5:e8:fd:c9:8d:88:1c:d7:
         b5:77:11:f3:ad:ea:9a:5b:88:07:a2:1b:0c:c9:b6:a2:f1:56:
         d4:82:42:b2:fa:82:80:ef:c6:05:da:83:7d:0a:d6:97:a9:e7:
         4b:9b:c0:a4:d3:f7:3f:fb:73:13:a8:ce:4c:86:7f:4f:31:bb:
         ed:b8:d4:de:64:28:98:0f:82:6e:d3:73:b2:b5:4a:30:a5:0e:
         28:d6:23:3e:e6:1f:3f:47:6e:13:86:03:bb:99:2b:67:aa:90:
         a1:87:05:63
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIURegwRwGbB0Zew+6U3w4GMrm9tAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMDA4MDZaFw0yNTA5MDEyMDEzMDZaMDMxMTAvBgNV
BAMTKDQwQ0IwRkY3NkMxQzExNzQ1MTgyOUUxQjAxNkE3NDhCOEM3RTVFMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3AfZzELMFZA/QnHAKRlinjJ8N
wwk8eGRI/4+JyJPqJAtE+xVusNwb/ssxFm864DCZqFmbLpuJxpnix7vFrtSTL6LS
04syY+QUEw42qHWoMaLxX1MT9mTsHUXPdtRn6LQhYkAUjKxlbaOPKrmKDrrRnsqf
O1udxqDjEjMzJ8gSC0c5RcsvqpkwJ3eJ0JDbh4mtYzqpqr/waVfJcpg+KorLkAXu
YP9oRx6esUtBqwW6Qb/vHclyDYwh2GY2FdBm7xNFt92Mwj/8PkK3ezFKtPzIn0TZ
j1k/aFKw/dhDdB0btRaN5hcJ3LznGkW/ZTntuDcBRGtV0KSQ5pSVpaee8FXXAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUQMsP92wcEXRRgp4bAWp0i4x+XhowHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzYzM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAPDANBgkqhkiG9w0BAQsFAAOC
AQEAbbDvtD7uUs4iimpkfSWjCA30kg+FDDC2U6Lo89A282Fy06WURzrvqePtLBxI
n4pyn8mUKSQJcrZuKjtbIqp7KiqKy9H1A8SInl5nqP5QUS+q3fQp+LPunkuIB2Dl
lcOA82KyrTgM99bEXtc4ZrPrtZa2uE5g4JwYIVFm/QKwA9TdfLcfYrI3/JZt8SIZ
ta2XXCvvJThI5BW+jMXo/cmNiBzXtXcR863qmluIB6IbDMm2ovFW1IJCsvqCgO/G
BdqDfQrWl6nnS5vApNP3P/tzE6jOTIZ/TzG77bjU3mQomA+CbtNzsrVKMKUOKNYj
PuYfP0duE4YDu5krZ6qQoYcFYw==
-----END CERTIFICATE-----