Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a35393a3a2f36342d3634203d3e20333939313638.roa
File:                     326130303a646438303a33663a35393a3a2f36342d3634203d3e20333939313638.roa (raw, json)
Hash identifier:          qhpn1gvlzYai84YXn92ibYIuIOQ7Dt7Gzn5Xm5sqIKw=
Subject key identifier:   54:79:F9:27:66:A3:9B:35:0B:9B:86:55:DE:70:0E:50:A0:A4:EA:CF
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       623F9960745A1B6DA83077B29A836871020BA52E
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a35393a3a2f36342d3634203d3e20333939313638.roa
Signing time:             Sat 06 Jan 2024 12:34:19 +0000
ROA not before:           Sat 06 Jan 2024 12:29:19 +0000
ROA not after:            Sat 04 Jan 2025 12:34:19 +0000
asID:                     399168
IP address blocks:        2a00:dd80:3f:59::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:3f:99:60:74:5a:1b:6d:a8:30:77:b2:9a:83:68:71:02:0b:a5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jan  6 12:29:19 2024 GMT
            Not After : Jan  4 12:34:19 2025 GMT
        Subject: CN=5479F92766A39B350B9B8655DE700E50A0A4EACF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:41:8a:15:70:1d:00:e6:97:97:f7:61:34:86:
                    a2:dc:a3:f2:82:e8:07:97:91:72:05:a6:9b:5c:4b:
                    a7:83:d1:ed:33:84:0a:bb:ea:79:f1:5a:4e:99:96:
                    b2:b5:2f:d4:2a:78:74:c1:25:80:b0:eb:ee:f5:92:
                    c4:0c:fb:39:0b:61:30:60:7c:ad:c4:94:82:77:94:
                    fd:ad:91:a4:9f:c3:f5:3f:62:e5:c1:6c:14:df:d7:
                    01:28:48:80:a9:61:c0:ff:70:90:c4:71:c5:3a:84:
                    06:00:fc:2c:3d:51:95:e4:9a:ab:a2:be:91:d0:6f:
                    69:cd:a4:e0:d0:c7:ef:aa:9c:09:9d:f7:f9:44:11:
                    20:43:e9:33:78:95:28:b4:07:d5:f1:d8:98:4c:81:
                    cf:7c:b0:f1:bf:28:31:63:40:48:cf:a0:04:d4:58:
                    f5:40:58:5a:62:31:d1:06:17:72:73:d4:ba:b5:27:
                    92:57:03:89:62:f9:a6:49:1c:2a:d2:52:bc:e3:26:
                    39:cd:ec:14:2c:8f:c3:f8:3a:ba:de:4e:1b:82:84:
                    38:71:4e:86:bd:b9:f0:c3:46:f6:c5:4e:a6:5a:94:
                    41:fb:bf:0f:ee:5b:01:97:4b:ed:31:5b:b5:ac:9f:
                    1b:48:75:33:ef:22:10:5e:73:8f:6b:a2:59:b1:02:
                    e7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:79:F9:27:66:A3:9B:35:0B:9B:86:55:DE:70:0E:50:A0:A4:EA:CF
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a35393a3a2f36342d3634203d3e20333939313638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3f:59::/64

    Signature Algorithm: sha256WithRSAEncryption
         8c:ff:5d:8b:87:a6:11:c3:d2:59:a4:76:65:ff:d4:2f:83:10:
         82:58:29:7b:0f:aa:50:c3:21:f0:ae:34:74:29:61:00:de:57:
         e5:2f:36:ce:3c:d1:ae:6c:63:ce:91:d3:c3:b6:35:53:c7:31:
         93:a6:da:06:64:3c:b2:7b:19:fd:90:2e:56:0e:d7:87:77:57:
         58:33:50:6a:3d:62:8e:24:f5:db:1a:ea:6f:98:28:b8:02:f4:
         ef:91:f5:78:c3:41:d5:0b:81:ee:87:f5:67:20:5b:86:c6:87:
         07:91:ee:21:99:64:3e:97:a2:bc:51:b9:f7:39:55:e4:00:11:
         ef:2f:b3:58:32:e7:83:81:c7:26:79:60:c9:4b:e3:91:da:bb:
         d2:e5:0f:ab:19:89:2b:ab:d6:43:fc:f2:bc:69:b9:91:75:32:
         58:fc:93:b1:27:1e:f5:92:19:db:ff:2d:6a:bc:53:90:6e:46:
         06:62:94:19:a0:2e:5e:b5:c6:b1:30:c3:95:8f:de:cb:9f:c4:
         0d:90:5a:95:16:75:7d:d0:d7:8d:41:7b:04:c7:a7:c2:9e:8c:
         9c:44:85:39:22:96:62:b8:c1:86:c7:00:99:29:4e:fb:78:fa:
         57:79:fa:1a:21:ce:5d:ff:36:8f:47:58:91:99:cb:81:4e:17:
         d5:6d:25:57
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUYj+ZYHRaG22oMHeymoNocQILpS4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDAxMDYxMjI5MTlaFw0yNTAxMDQxMjM0MTlaMDMxMTAvBgNV
BAMTKDU0NzlGOTI3NjZBMzlCMzUwQjlCODY1NURFNzAwRTUwQTBBNEVBQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNQYoVcB0A5peX92E0hqLco/KC
6AeXkXIFpptcS6eD0e0zhAq76nnxWk6ZlrK1L9QqeHTBJYCw6+71ksQM+zkLYTBg
fK3ElIJ3lP2tkaSfw/U/YuXBbBTf1wEoSICpYcD/cJDEccU6hAYA/Cw9UZXkmqui
vpHQb2nNpODQx++qnAmd9/lEESBD6TN4lSi0B9Xx2JhMgc98sPG/KDFjQEjPoATU
WPVAWFpiMdEGF3Jz1Lq1J5JXA4li+aZJHCrSUrzjJjnN7BQsj8P4OrreThuChDhx
Toa9ufDDRvbFTqZalEH7vw/uWwGXS+0xW7WsnxtIdTPvIhBec49rolmxAud/AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUVHn5J2ajmzULm4ZV3nAOUKCk6s8wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrgYIKwYB
BQUHAQsEgaEwgZ4wgZsGCCsGAQUFBzALhoGOcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY2M2EzNTM5M2EzYTJmMzYzNDJkMzYz
NDIwM2QzZTIwMzMzOTM5MzEzNjM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKgDdgAA/AFkwDQYJKoZI
hvcNAQELBQADggEBAIz/XYuHphHD0lmkdmX/1C+DEIJYKXsPqlDDIfCuNHQpYQDe
V+UvNs480a5sY86R08O2NVPHMZOm2gZkPLJ7Gf2QLlYO14d3V1gzUGo9Yo4k9dsa
6m+YKLgC9O+R9XjDQdULge6H9WcgW4bGhweR7iGZZD6XorxRufc5VeQAEe8vs1gy
54OBxyZ5YMlL45Hau9LlD6sZiSur1kP88rxpuZF1Mlj8k7EnHvWSGdv/LWq8U5Bu
RgZilBmgLl61xrEww5WP3sufxA2QWpUWdX3Q141BewTHp8KejJxEhTkilmK4wYbH
AJkpTvt4+ld5+hohzl3/No9HWJGZy4FOF9VtJVc=
-----END CERTIFICATE-----