Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          pJKvL97ldAOTs+spBdQUWnDcAsRmuyt9buyEMw4c/WI=
Subject key identifier:   33:CA:DF:B1:DE:50:0A:70:A2:C8:14:FA:20:C3:63:29:66:FA:EC:90
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       71DACE33BF36D9D354583AC3C37C86F6FF44754B
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 19:55:32 +0000
ROA not before:           Mon 02 Oct 2023 19:50:32 +0000
ROA not after:            Mon 30 Sep 2024 19:55:32 +0000
asID:                     36236
IP address blocks:        2a00:dd80:3c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:da:ce:33:bf:36:d9:d3:54:58:3a:c3:c3:7c:86:f6:ff:44:75:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 19:50:32 2023 GMT
            Not After : Sep 30 19:55:32 2024 GMT
        Subject: CN=33CADFB1DE500A70A2C814FA20C3632966FAEC90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:17:4b:d4:72:60:7c:0d:85:27:df:82:2f:a3:
                    9a:39:f5:8c:1b:12:ed:8d:a6:a7:d2:fc:4a:b0:90:
                    86:3a:94:14:56:78:66:c3:75:a7:e8:47:5e:83:82:
                    68:be:c8:7d:a2:52:30:f4:19:db:e2:0a:f0:ac:0f:
                    ac:4e:49:17:9c:63:8d:89:2c:78:e8:a9:4c:e8:b3:
                    0d:33:19:69:d7:5d:e8:ba:2f:c8:64:6d:95:bf:a2:
                    34:ec:9f:3c:d9:72:d1:f4:88:16:37:cb:9c:a7:42:
                    1a:c0:af:89:41:ac:6f:89:05:38:cc:16:82:e4:f7:
                    54:98:2f:07:c7:22:ff:43:30:07:3c:3d:e1:86:3d:
                    77:66:98:cf:2d:cb:fe:a1:94:25:49:bf:30:b6:a1:
                    0d:54:63:d6:8b:7d:10:07:6a:69:34:b5:e0:f9:b4:
                    29:0e:c0:14:d4:99:9c:d9:86:da:63:18:eb:35:ae:
                    e0:e8:44:32:95:8f:80:a1:4d:c3:c5:55:e3:0c:d1:
                    3d:73:38:f6:bf:67:d3:3c:65:32:7f:e6:36:1a:cb:
                    6e:9c:f4:3b:53:a8:b5:02:96:22:0d:44:52:c4:f7:
                    fd:98:d3:d0:d7:a6:81:8d:b6:17:90:3a:fd:91:4c:
                    fa:d3:5b:0b:aa:38:94:a9:f3:eb:df:26:af:88:f5:
                    57:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:CA:DF:B1:DE:50:0A:70:A2:C8:14:FA:20:C3:63:29:66:FA:EC:90
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33633a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:2b:e2:4d:8e:1d:28:91:da:df:8a:e8:56:58:60:93:67:9d:
         69:65:e4:21:e4:7c:0d:a0:28:3a:3c:d7:cb:02:44:81:d0:8e:
         bd:eb:2b:02:c4:80:b6:b7:07:25:ad:7a:9c:6d:07:92:dd:4a:
         a2:8c:f0:11:8d:8b:56:6e:6c:54:88:38:b5:71:9f:5d:40:26:
         a2:2a:8d:d8:3a:ee:b8:1a:5b:2a:52:33:bc:41:fb:77:7d:96:
         0e:28:1a:a8:21:98:28:06:4f:fb:16:8e:b9:da:ca:21:89:59:
         95:fb:00:05:8e:5f:48:47:f1:9a:0a:d6:64:ed:58:91:03:cd:
         4d:8b:95:3d:1d:03:5d:ed:d8:75:61:5d:82:7c:fe:74:14:8f:
         d1:c7:b3:5d:57:d2:ee:0f:04:aa:73:79:52:8d:3b:4f:2c:35:
         c8:3c:62:22:e1:ea:59:0d:d5:ba:0d:3d:82:87:c7:c0:ff:fe:
         6b:ba:36:5f:c3:a1:05:85:83:38:3a:3f:84:8e:89:42:c2:45:
         fb:6c:dd:b6:dc:45:5d:b4:ed:ef:aa:d9:22:3a:e1:b4:f0:0e:
         74:4a:e6:3f:04:cc:85:e1:b1:ac:26:de:cb:3a:c2:98:39:6e:
         5f:d4:84:6f:a7:ef:ce:58:da:e0:da:2b:9a:8e:cf:4e:de:4f:
         7c:6c:d5:ae
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUcdrOM7822dNUWDrDw3yG9v9EdUswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIxOTUwMzJaFw0yNDA5MzAxOTU1MzJaMDMxMTAvBgNV
BAMTKDMzQ0FERkIxREU1MDBBNzBBMkM4MTRGQTIwQzM2MzI5NjZGQUVDOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/F0vUcmB8DYUn34Ivo5o59Ywb
Eu2NpqfS/EqwkIY6lBRWeGbDdafoR16Dgmi+yH2iUjD0GdviCvCsD6xOSRecY42J
LHjoqUzosw0zGWnXXei6L8hkbZW/ojTsnzzZctH0iBY3y5ynQhrAr4lBrG+JBTjM
FoLk91SYLwfHIv9DMAc8PeGGPXdmmM8ty/6hlCVJvzC2oQ1UY9aLfRAHamk0teD5
tCkOwBTUmZzZhtpjGOs1ruDoRDKVj4ChTcPFVeMM0T1zOPa/Z9M8ZTJ/5jYay26c
9DtTqLUCliINRFLE9/2Y09DXpoGNtheQOv2RTPrTWwuqOJSp8+vfJq+I9VcPAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUM8rfsd5QCnCiyBT6IMNjKWb67JAwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzYzM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAPDANBgkqhkiG9w0BAQsFAAOC
AQEALSviTY4dKJHa34roVlhgk2edaWXkIeR8DaAoOjzXywJEgdCOvesrAsSAtrcH
Ja16nG0Hkt1KoozwEY2LVm5sVIg4tXGfXUAmoiqN2DruuBpbKlIzvEH7d32WDiga
qCGYKAZP+xaOudrKIYlZlfsABY5fSEfxmgrWZO1YkQPNTYuVPR0DXe3YdWFdgnz+
dBSP0cezXVfS7g8EqnN5Uo07Tyw1yDxiIuHqWQ3Vug09gofHwP/+a7o2X8OhBYWD
ODo/hI6JQsJF+2zdttxFXbTt76rZIjrhtPAOdErmPwTMheGxrCbeyzrCmDluX9SE
b6fvzlja4Normo7PTt5PfGzVrg==
-----END CERTIFICATE-----