Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a33653a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          qFvq7S0ZCouPZvtTswJmO4F6fgOPyIXf8UBYQwmR2HY=
Subject key identifier:   7D:F3:33:6E:10:D3:D3:89:92:92:DF:A4:93:FA:58:05:B5:CC:91:38
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       6BF856733FFBE8A60B4793570FD361570DC4E52A
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 19:55:33 +0000
ROA not before:           Mon 02 Oct 2023 19:50:33 +0000
ROA not after:            Mon 30 Sep 2024 19:55:33 +0000
asID:                     36236
IP address blocks:        2a00:dd80:3e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:f8:56:73:3f:fb:e8:a6:0b:47:93:57:0f:d3:61:57:0d:c4:e5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 19:50:33 2023 GMT
            Not After : Sep 30 19:55:33 2024 GMT
        Subject: CN=7DF3336E10D3D3899292DFA493FA5805B5CC9138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d0:b5:cc:21:c9:5d:2a:84:ae:8e:4e:c0:95:
                    78:7c:f0:3d:eb:7a:f0:8b:bc:e5:71:03:c6:42:41:
                    28:98:14:ae:88:3e:73:3e:3c:cc:fe:22:02:f6:17:
                    31:08:46:78:7b:d4:ce:2d:8d:28:1c:09:c8:d1:f3:
                    5a:c4:91:d7:b7:8e:c5:e3:87:37:c0:ad:c4:1b:d1:
                    b8:a2:9b:0b:c5:f4:9e:e8:9a:4e:0c:c7:d4:0e:2e:
                    e5:bc:c9:d2:ee:73:4a:d7:b3:4a:23:05:cb:16:6d:
                    e7:85:8e:26:bd:c8:99:2e:b7:83:1e:f6:12:32:5f:
                    d8:fd:69:44:3c:c3:0d:af:c0:70:21:ec:36:8e:a8:
                    44:42:7f:a3:13:22:6c:ee:80:2c:ad:3c:1c:6b:ab:
                    63:ba:91:12:df:1f:82:ff:d0:fc:5a:85:f5:43:ea:
                    fe:d2:a0:aa:84:2a:0e:7f:57:9b:47:8b:af:b3:4a:
                    55:8a:d5:92:ed:33:65:b0:4a:8f:94:ab:b1:d1:37:
                    08:0d:0e:59:b0:f5:2b:68:8f:ff:04:84:a0:94:af:
                    8d:dd:a5:ad:0a:5b:fd:8c:40:e0:04:23:e2:83:03:
                    ce:d4:ac:e8:68:d9:19:cd:96:47:60:21:47:df:e7:
                    d2:66:f1:78:38:87:92:c7:9e:d3:d6:1b:66:df:3b:
                    48:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F3:33:6E:10:D3:D3:89:92:92:DF:A4:93:FA:58:05:B5:CC:91:38
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33653a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3e::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:e2:0a:c0:31:25:ca:60:92:c5:63:06:55:21:c1:04:cc:87:
         2d:c6:dd:8e:3a:22:3e:24:cf:e4:74:af:6a:fa:4b:b4:4d:8b:
         ba:86:52:44:ae:e5:aa:a6:01:4b:49:d7:72:68:04:0d:4b:37:
         6c:5a:bb:9a:75:83:16:c7:46:8e:13:a4:96:eb:e0:2d:f7:85:
         86:71:db:a8:c5:02:43:c2:0a:d9:c4:7b:9b:37:a9:fa:67:fd:
         f3:83:59:f0:06:1a:f3:11:f3:3b:ed:6d:c1:df:35:39:f2:ec:
         96:8f:2a:98:5e:ad:1a:86:8a:3a:4f:ce:b5:68:1f:6f:13:e7:
         d1:11:2f:fb:a2:fb:86:c6:a8:d9:7a:fa:c9:59:45:69:18:96:
         73:3f:77:de:bb:10:7c:2a:cb:48:c5:28:21:97:f5:9a:10:cf:
         df:3f:cf:3f:a6:95:e7:f9:6f:ee:48:a7:d4:21:bb:3b:b3:f1:
         8d:8b:5e:9d:1e:07:17:4d:3a:a9:74:e7:c2:81:18:10:30:c2:
         14:b3:b2:1f:c4:03:d2:8e:b3:ef:62:25:0f:10:da:22:77:09:
         48:ec:a4:dd:20:b1:09:b2:ab:8c:04:98:ec:17:45:65:d0:8b:
         0e:da:de:e3:ce:d7:a7:28:ea:8c:fc:6c:bb:6e:ec:77:1b:76:
         25:db:5c:fb
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUa/hWcz/76KYLR5NXD9NhVw3E5SowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIxOTUwMzNaFw0yNDA5MzAxOTU1MzNaMDMxMTAvBgNV
BAMTKDdERjMzMzZFMTBEM0QzODk5MjkyREZBNDkzRkE1ODA1QjVDQzkxMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC70LXMIcldKoSujk7AlXh88D3r
evCLvOVxA8ZCQSiYFK6IPnM+PMz+IgL2FzEIRnh71M4tjSgcCcjR81rEkde3jsXj
hzfArcQb0biimwvF9J7omk4Mx9QOLuW8ydLuc0rXs0ojBcsWbeeFjia9yJkut4Me
9hIyX9j9aUQ8ww2vwHAh7DaOqERCf6MTImzugCytPBxrq2O6kRLfH4L/0PxahfVD
6v7SoKqEKg5/V5tHi6+zSlWK1ZLtM2WwSo+Uq7HRNwgNDlmw9Stoj/8EhKCUr43d
pa0KW/2MQOAEI+KDA87UrOho2RnNlkdgIUff59Jm8Xg4h5LHntPWG2bfO0j9AgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUffMzbhDT04mSkt+kk/pYBbXMkTgwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY1M2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAPjANBgkqhkiG9w0BAQsFAAOC
AQEAd+IKwDElymCSxWMGVSHBBMyHLcbdjjoiPiTP5HSvavpLtE2LuoZSRK7lqqYB
S0nXcmgEDUs3bFq7mnWDFsdGjhOkluvgLfeFhnHbqMUCQ8IK2cR7mzep+mf984NZ
8AYa8xHzO+1twd81OfLslo8qmF6tGoaKOk/OtWgfbxPn0REv+6L7hsao2Xr6yVlF
aRiWcz933rsQfCrLSMUoIZf1mhDP3z/PP6aV5/lv7kin1CG7O7PxjYtenR4HF006
qXTnwoEYEDDCFLOyH8QD0o6z72IlDxDaIncJSOyk3SCxCbKrjASY7BdFZdCLDtre
487XpyjqjPxsu27sdxt2Jdtc+w==
-----END CERTIFICATE-----