Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a363a3a2f36342d3634203d3e20333939313630.roa
File:                     326130303a646438303a33653a363a3a2f36342d3634203d3e20333939313630.roa (raw, json)
Hash identifier:          jyNyLQew0yY0m4XrTRHAyJOgoMC1F1w9zGk0uRHlXuw=
Subject key identifier:   83:AA:A7:D0:23:40:74:4C:8B:CE:FA:A7:98:4F:0B:FE:31:75:0A:75
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       3BB966ACDFA310A8FE23E303C958D433A733D0DD
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a363a3a2f36342d3634203d3e20333939313630.roa
Signing time:             Sat 06 Jan 2024 11:34:16 +0000
ROA not before:           Sat 06 Jan 2024 11:29:16 +0000
ROA not after:            Sat 04 Jan 2025 11:34:16 +0000
asID:                     399160
IP address blocks:        2a00:dd80:3e:6::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b9:66:ac:df:a3:10:a8:fe:23:e3:03:c9:58:d4:33:a7:33:d0:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jan  6 11:29:16 2024 GMT
            Not After : Jan  4 11:34:16 2025 GMT
        Subject: CN=83AAA7D02340744C8BCEFAA7984F0BFE31750A75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:55:9b:ff:80:96:46:71:8a:df:ce:d6:f5:ba:
                    94:d7:7a:4d:64:94:e7:61:57:64:78:bb:3f:19:9e:
                    d1:64:d1:7d:c5:66:66:3b:4f:b7:72:69:e4:ca:6c:
                    1f:38:e3:54:09:b2:1c:46:2e:6e:d0:4c:e1:c4:07:
                    15:8e:d4:32:14:0c:b5:fc:20:5b:85:e8:2b:bc:db:
                    fc:db:be:8a:4e:59:fb:90:e2:72:c2:bd:d5:44:ee:
                    7b:91:ba:ae:da:e0:28:c3:49:3a:b6:3c:ca:e7:10:
                    50:63:45:1c:92:67:51:79:77:ca:a4:b9:51:44:0d:
                    30:91:75:26:8f:82:b3:9b:51:ba:1a:db:ea:75:5d:
                    33:61:f0:71:d1:4b:ea:32:d1:e6:b3:9f:6e:96:71:
                    d3:aa:c7:36:01:a8:3c:37:63:1e:7d:51:54:0e:ce:
                    70:53:5c:2a:a1:68:c8:36:48:59:47:01:ce:ee:5c:
                    84:f2:83:f8:e4:2f:d1:2d:e6:32:34:1d:ae:54:20:
                    47:dc:6f:26:5a:a5:13:d9:04:a3:8e:2d:8e:9a:4f:
                    57:99:af:f8:22:89:c8:c9:ed:98:92:98:16:f9:2b:
                    00:b2:f4:1a:cf:8c:d2:5b:c3:e5:7c:24:f4:46:ae:
                    10:a6:aa:57:f1:5c:de:63:c3:9e:52:a7:dc:8d:97:
                    13:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AA:A7:D0:23:40:74:4C:8B:CE:FA:A7:98:4F:0B:FE:31:75:0A:75
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a363a3a2f36342d3634203d3e20333939313630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3e:6::/64

    Signature Algorithm: sha256WithRSAEncryption
         4f:bb:89:57:e2:5b:c2:e5:0c:c2:6d:e9:39:27:94:ca:da:32:
         f0:21:89:ad:32:19:bb:de:5e:17:49:be:9e:e0:ef:18:a5:cc:
         ff:f4:72:21:4e:f9:a2:22:50:89:27:4e:7d:d9:66:1e:59:f1:
         29:54:5b:c0:4d:2f:67:e6:f8:d0:a3:bd:4f:17:6f:d7:00:cd:
         69:f0:9e:8b:53:c4:56:6a:9d:2f:ad:30:90:77:3e:61:f4:c1:
         a0:81:13:ff:2f:64:53:7c:17:ae:07:cf:63:13:5f:68:93:31:
         62:4e:6c:0d:0f:ad:62:96:69:3d:76:d2:ff:88:9d:48:6a:ad:
         96:44:b6:b4:d6:79:c3:5c:40:40:11:0d:50:04:23:42:ff:79:
         fc:03:9e:fd:55:80:03:ac:6a:27:6e:68:96:d4:36:cb:75:13:
         31:7d:63:ec:d0:33:3d:ea:d9:53:a4:3b:d5:bc:64:94:71:95:
         d4:d3:39:5d:f6:6d:5d:fa:aa:9f:57:75:8a:f9:40:64:38:9a:
         3c:e7:b7:98:b1:fc:2c:19:f7:c9:3b:7f:30:fb:00:92:9d:42:
         f4:66:6f:d8:22:5b:37:7d:ab:5d:95:a2:98:72:37:8f:41:56:
         8f:3e:38:0a:e0:7a:df:7f:f7:03:94:da:50:0a:79:16:93:f1:
         9a:57:46:83
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgIUO7lmrN+jEKj+I+MDyVjUM6cz0N0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDAxMDYxMTI5MTZaFw0yNTAxMDQxMTM0MTZaMDMxMTAvBgNV
BAMTKDgzQUFBN0QwMjM0MDc0NEM4QkNFRkFBNzk4NEYwQkZFMzE3NTBBNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmVZv/gJZGcYrfztb1upTXek1k
lOdhV2R4uz8ZntFk0X3FZmY7T7dyaeTKbB8441QJshxGLm7QTOHEBxWO1DIUDLX8
IFuF6Cu82/zbvopOWfuQ4nLCvdVE7nuRuq7a4CjDSTq2PMrnEFBjRRySZ1F5d8qk
uVFEDTCRdSaPgrObUboa2+p1XTNh8HHRS+oy0eazn26WcdOqxzYBqDw3Yx59UVQO
znBTXCqhaMg2SFlHAc7uXITyg/jkL9Et5jI0Ha5UIEfcbyZapRPZBKOOLY6aT1eZ
r/giicjJ7ZiSmBb5KwCy9BrPjNJbw+V8JPRGrhCmqlfxXN5jw55Sp9yNlxO9AgMB
AAGjggIxMIICLTAdBgNVHQ4EFgQUg6qn0CNAdEyLzvqnmE8L/jF1CnUwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY1M2EzNjNhM2EyZjM2MzQyZDM2MzQy
MDNkM2UyMDMzMzkzOTMxMzYzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAkBggrBgEFBQcBBwEB/wQVMBMwEQQCAAIwCwMJACoA3YAAPgAGMA0GCSqGSIb3
DQEBCwUAA4IBAQBPu4lX4lvC5QzCbek5J5TK2jLwIYmtMhm73l4XSb6e4O8Ypcz/
9HIhTvmiIlCJJ0592WYeWfEpVFvATS9n5vjQo71PF2/XAM1p8J6LU8RWap0vrTCQ
dz5h9MGggRP/L2RTfBeuB89jE19okzFiTmwND61ilmk9dtL/iJ1Iaq2WRLa01nnD
XEBAEQ1QBCNC/3n8A579VYADrGonbmiW1DbLdRMxfWPs0DM96tlTpDvVvGSUcZXU
0zld9m1d+qqfV3WK+UBkOJo857eYsfwsGffJO38w+wCSnUL0Zm/YIls3fatdlaKY
cjePQVaPPjgK4Hrff/cDlNpQCnkWk/GaV0aD
-----END CERTIFICATE-----