Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa
File:                     326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa (raw, json)
Hash identifier:          c+Y9jzkYSsC69cpw9gswcWlu0yrCAIe22Z68JW/vKU8=
Subject key identifier:   AA:BC:A7:39:E5:7D:16:FD:70:D7:67:4F:18:31:D4:BE:07:BE:CF:39
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       47B1E3B77FA8B21EDF81644E93FDD181C70488CC
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa
Signing time:             Sat 06 Jan 2024 11:34:16 +0000
ROA not before:           Sat 06 Jan 2024 11:29:16 +0000
ROA not after:            Sat 04 Jan 2025 11:34:16 +0000
asID:                     399160
IP address blocks:        2a00:dd80:3e:4::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:b1:e3:b7:7f:a8:b2:1e:df:81:64:4e:93:fd:d1:81:c7:04:88:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jan  6 11:29:16 2024 GMT
            Not After : Jan  4 11:34:16 2025 GMT
        Subject: CN=AABCA739E57D16FD70D7674F1831D4BE07BECF39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a3:22:0e:4b:d5:66:78:68:2e:cc:2b:4b:f8:
                    72:8f:60:75:b1:4a:67:7d:ec:3c:cd:ff:a8:cc:13:
                    bb:61:4c:a3:6f:32:3c:f8:5e:ef:0a:ed:47:39:fe:
                    30:45:dd:6c:0d:d6:18:bf:fa:d1:1c:d1:32:be:c9:
                    ea:49:d3:e3:34:c4:b1:8e:5e:17:cc:92:74:b1:e6:
                    a9:cf:74:7e:63:fa:2b:b8:ee:38:c1:cb:b1:89:2d:
                    61:59:76:a3:17:c5:f4:2d:b0:2e:7d:47:40:e1:67:
                    59:c3:27:c6:cc:07:c5:e2:f4:e1:c0:20:31:7a:a4:
                    39:b1:88:c3:f8:51:df:2e:72:4d:8e:05:e3:d6:cf:
                    87:42:fb:35:2b:2a:cf:13:16:ec:9a:99:5a:00:ea:
                    26:ff:c6:3d:eb:5e:1e:09:9b:15:29:fa:66:55:a7:
                    68:56:3d:8b:73:3c:2f:f8:de:59:fa:41:d5:d4:75:
                    78:4b:83:62:1e:ea:d5:4b:70:02:90:14:2e:0a:4d:
                    2b:f6:88:97:58:ee:dc:45:36:b9:df:67:cd:72:ca:
                    7b:7c:2c:ca:ab:30:62:03:06:d2:df:77:45:9d:fa:
                    b8:bf:b7:a9:9a:17:c9:07:d5:49:d5:61:96:92:03:
                    fa:e6:bf:01:3f:0f:4d:16:e6:17:a4:0a:96:7b:5b:
                    43:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BC:A7:39:E5:7D:16:FD:70:D7:67:4F:18:31:D4:BE:07:BE:CF:39
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a343a3a2f36342d3634203d3e20333939313630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3e:4::/64

    Signature Algorithm: sha256WithRSAEncryption
         93:97:68:c0:20:40:ad:f9:0e:eb:b8:6e:9e:8c:1b:d1:83:49:
         81:91:57:ad:0f:67:6b:82:fe:a4:c6:01:56:70:bf:99:19:fe:
         0b:46:a4:1a:a4:fc:8d:6d:ac:b5:1f:53:a5:7d:8f:aa:34:54:
         35:3e:21:60:8d:aa:40:b1:44:5a:15:f3:d5:81:a6:65:68:b3:
         26:d6:cf:ee:2f:8c:6a:ed:ff:c1:36:45:6b:71:ea:ad:f0:d2:
         e8:e2:28:80:3a:c0:97:3d:42:0c:74:92:6b:e7:58:d7:9f:51:
         ed:57:90:40:44:2e:68:54:a7:e2:d0:98:6a:37:b3:3f:ba:04:
         39:9c:b7:81:4f:f6:ee:54:26:4e:b9:2f:7b:14:8f:ac:1f:2d:
         e9:ed:8b:25:bb:7a:8f:b7:e9:cc:8f:4d:c7:b2:fa:55:5d:26:
         94:64:e3:70:d2:07:e8:77:c5:72:b7:6b:de:1c:26:0b:c8:f2:
         f9:b0:0f:90:84:c0:e7:8e:d0:04:6a:a5:e8:f5:c3:e9:a6:98:
         61:1b:b0:a3:a0:07:a5:82:3d:ce:30:b7:09:bd:ef:28:8a:43:
         94:62:f0:b2:db:52:0c:9c:77:9e:ce:ed:9f:e9:04:24:03:d7:
         6b:39:9a:4c:1b:c9:a3:92:ae:93:04:36:27:ac:88:d0:73:7c:
         60:e9:7c:43
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUR7Hjt3+osh7fgWROk/3RgccEiMwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDAxMDYxMTI5MTZaFw0yNTAxMDQxMTM0MTZaMDMxMTAvBgNV
BAMTKEFBQkNBNzM5RTU3RDE2RkQ3MEQ3Njc0RjE4MzFENEJFMDdCRUNGMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQoyIOS9VmeGguzCtL+HKPYHWx
Smd97DzN/6jME7thTKNvMjz4Xu8K7Uc5/jBF3WwN1hi/+tEc0TK+yepJ0+M0xLGO
XhfMknSx5qnPdH5j+iu47jjBy7GJLWFZdqMXxfQtsC59R0DhZ1nDJ8bMB8Xi9OHA
IDF6pDmxiMP4Ud8uck2OBePWz4dC+zUrKs8TFuyamVoA6ib/xj3rXh4JmxUp+mZV
p2hWPYtzPC/43ln6QdXUdXhLg2Ie6tVLcAKQFC4KTSv2iJdY7txFNrnfZ81yynt8
LMqrMGIDBtLfd0Wd+ri/t6maF8kH1UnVYZaSA/rmvwE/D00W5hekCpZ7W0MPAgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUqrynOeV9Fv1w12dPGDHUvge+zzkwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY1M2EzNDNhM2EyZjM2MzQyZDM2MzQy
MDNkM2UyMDMzMzkzOTMxMzYzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAkBggrBgEFBQcBBwEB/wQVMBMwEQQCAAIwCwMJACoA3YAAPgAEMA0GCSqGSIb3
DQEBCwUAA4IBAQCTl2jAIECt+Q7ruG6ejBvRg0mBkVetD2drgv6kxgFWcL+ZGf4L
RqQapPyNbay1H1OlfY+qNFQ1PiFgjapAsURaFfPVgaZlaLMm1s/uL4xq7f/BNkVr
ceqt8NLo4iiAOsCXPUIMdJJr51jXn1HtV5BARC5oVKfi0JhqN7M/ugQ5nLeBT/bu
VCZOuS97FI+sHy3p7Yslu3qPt+nMj03HsvpVXSaUZONw0gfod8Vyt2veHCYLyPL5
sA+QhMDnjtAEaqXo9cPppphhG7CjoAelgj3OMLcJve8oikOUYvCy21IMnHeezu2f
6QQkA9drOZpMG8mjkq6TBDYnrIjQc3xg6XxD
-----END CERTIFICATE-----