Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a36303a3a2f36342d3634203d3e20333939313638.roa
File:                     326130303a646438303a33663a36303a3a2f36342d3634203d3e20333939313638.roa (raw, json)
Hash identifier:          X5l49U6FjbH/KKRaKvpUjN4MohmaEl+mdLiAsYfqHlI=
Subject key identifier:   3D:69:66:44:81:FD:FD:70:27:09:D5:28:B8:F2:D2:0F:8F:6D:8C:9C
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       2AD7D74EF9C4A64B87DC12D1A5C1A2095BF8726D
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a36303a3a2f36342d3634203d3e20333939313638.roa
Signing time:             Sat 06 Jan 2024 12:34:19 +0000
ROA not before:           Sat 06 Jan 2024 12:29:19 +0000
ROA not after:            Sat 04 Jan 2025 12:34:19 +0000
asID:                     399168
IP address blocks:        2a00:dd80:3f:60::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d7:d7:4e:f9:c4:a6:4b:87:dc:12:d1:a5:c1:a2:09:5b:f8:72:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jan  6 12:29:19 2024 GMT
            Not After : Jan  4 12:34:19 2025 GMT
        Subject: CN=3D69664481FDFD702709D528B8F2D20F8F6D8C9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ab:00:3c:39:24:c9:e5:b3:ca:2f:ce:d0:c8:
                    5a:0b:f3:7a:cf:02:e2:2c:6a:a5:c6:9d:ea:19:dd:
                    e6:0f:31:a0:7b:b6:93:7b:e4:f0:15:cd:0e:75:c3:
                    b8:75:90:42:43:fa:0d:2f:7d:d6:27:17:9c:04:0a:
                    44:cf:06:29:4c:d9:45:0f:35:89:d7:10:2b:aa:c1:
                    70:cb:1f:f2:b8:cb:00:b9:a8:9c:4f:ed:1f:2a:11:
                    a2:89:36:88:1e:7c:98:26:a5:68:da:c5:e2:c7:37:
                    e4:31:b2:5a:0f:a7:22:0d:60:0c:36:38:fa:69:8e:
                    f7:b2:0d:5c:08:77:a0:0c:25:46:96:d2:70:46:a5:
                    de:88:0a:05:81:de:ad:63:02:f2:5c:1c:45:cc:7d:
                    b2:1b:d3:92:13:00:2b:46:e1:10:be:d0:7f:0f:62:
                    8b:91:db:8f:fb:72:71:ec:a4:9a:72:10:a1:37:5b:
                    dc:78:9f:de:2c:fa:6a:07:d1:75:c1:c2:32:c7:5b:
                    65:55:e5:9d:18:42:74:c6:59:39:78:b0:03:05:82:
                    fb:e0:4e:0a:2c:8e:a4:22:d5:25:6a:da:2f:5d:fa:
                    12:7d:68:d2:02:87:45:63:bb:1a:5f:2a:59:3b:a9:
                    d2:35:df:54:fb:ab:f5:db:73:64:fc:5c:42:2e:48:
                    13:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:69:66:44:81:FD:FD:70:27:09:D5:28:B8:F2:D2:0F:8F:6D:8C:9C
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a36303a3a2f36342d3634203d3e20333939313638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3f:60::/64

    Signature Algorithm: sha256WithRSAEncryption
         5b:0a:35:2e:e1:4f:9d:e0:6e:82:a6:09:46:96:0e:96:e4:e9:
         51:e1:83:e8:77:bc:d0:d5:e9:2f:a9:f6:79:2d:ab:e5:cb:3c:
         f8:07:a1:af:16:20:38:d0:a7:4d:39:8e:f9:80:9d:6a:dc:8a:
         61:65:e5:88:90:89:0f:63:25:69:df:9e:be:ac:78:b7:b8:55:
         4e:dd:b2:5a:66:09:29:54:fa:79:9a:a9:be:5d:b6:9b:77:d3:
         4d:41:ed:bc:9c:2d:3e:91:bb:ef:66:d2:09:47:07:fa:05:b7:
         d8:d5:b0:4e:e1:8b:d8:3c:d1:b0:fc:56:2d:0a:4b:df:84:27:
         df:b1:98:c7:f8:f9:f6:9b:18:1d:a0:52:bf:0a:37:32:6e:87:
         33:fe:57:2a:a7:26:a9:9d:50:65:fe:26:84:d1:4f:33:e5:af:
         a4:ea:4c:fa:1e:ae:ab:21:63:93:7e:69:cc:58:71:11:36:38:
         40:83:94:e3:7e:36:3a:f2:40:3b:f6:18:ee:39:c4:6e:d1:70:
         77:f9:68:a4:28:26:a6:50:3a:2f:e9:91:d3:f5:92:43:f6:6a:
         64:91:ba:e1:5f:df:58:c9:de:66:57:d1:9d:72:fc:e5:f6:47:
         d6:90:21:28:66:49:27:3a:21:f0:88:35:29:06:45:67:1d:8e:
         d8:c4:08:e5
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUKtfXTvnEpkuH3BLRpcGiCVv4cm0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDAxMDYxMjI5MTlaFw0yNTAxMDQxMjM0MTlaMDMxMTAvBgNV
BAMTKDNENjk2NjQ0ODFGREZENzAyNzA5RDUyOEI4RjJEMjBGOEY2RDhDOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWqwA8OSTJ5bPKL87QyFoL83rP
AuIsaqXGneoZ3eYPMaB7tpN75PAVzQ51w7h1kEJD+g0vfdYnF5wECkTPBilM2UUP
NYnXECuqwXDLH/K4ywC5qJxP7R8qEaKJNogefJgmpWjaxeLHN+QxsloPpyINYAw2
OPppjveyDVwId6AMJUaW0nBGpd6ICgWB3q1jAvJcHEXMfbIb05ITACtG4RC+0H8P
YouR24/7cnHspJpyEKE3W9x4n94s+moH0XXBwjLHW2VV5Z0YQnTGWTl4sAMFgvvg
TgosjqQi1SVq2i9d+hJ9aNICh0VjuxpfKlk7qdI131T7q/Xbc2T8XEIuSBOhAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUPWlmRIH9/XAnCdUouPLSD49tjJwwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrgYIKwYB
BQUHAQsEgaEwgZ4wgZsGCCsGAQUFBzALhoGOcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY2M2EzNjMwM2EzYTJmMzYzNDJkMzYz
NDIwM2QzZTIwMzMzOTM5MzEzNjM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKgDdgAA/AGAwDQYJKoZI
hvcNAQELBQADggEBAFsKNS7hT53gboKmCUaWDpbk6VHhg+h3vNDV6S+p9nktq+XL
PPgHoa8WIDjQp005jvmAnWrcimFl5YiQiQ9jJWnfnr6seLe4VU7dslpmCSlU+nma
qb5dtpt3001B7bycLT6Ru+9m0glHB/oFt9jVsE7hi9g80bD8Vi0KS9+EJ9+xmMf4
+fabGB2gUr8KNzJuhzP+VyqnJqmdUGX+JoTRTzPlr6TqTPoerqshY5N+acxYcRE2
OECDlON+NjryQDv2GO45xG7RcHf5aKQoJqZQOi/pkdP1kkP2amSRuuFf31jJ3mZX
0Z1y/OX2R9aQIShmSSc6IfCINSkGRWcdjtjECOU=
-----END CERTIFICATE-----