Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a36313a3a2f36342d3634203d3e20333939313638.roa
File:                     326130303a646438303a33663a36313a3a2f36342d3634203d3e20333939313638.roa (raw, json)
Hash identifier:          YMNMpRm3X5T0RA3fxigTyilaDYlENmcWlKRjjgADhzY=
Subject key identifier:   7B:6F:37:FE:50:69:26:65:73:D0:D2:E5:A4:A9:B1:08:44:CC:3C:7A
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       1DAFC9F5AE07A2D1C14F8A9BEF3DBA0C4E88D01F
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a36313a3a2f36342d3634203d3e20333939313638.roa
Signing time:             Sat 06 Jan 2024 12:34:19 +0000
ROA not before:           Sat 06 Jan 2024 12:29:19 +0000
ROA not after:            Sat 04 Jan 2025 12:34:19 +0000
asID:                     399168
IP address blocks:        2a00:dd80:3f:61::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:af:c9:f5:ae:07:a2:d1:c1:4f:8a:9b:ef:3d:ba:0c:4e:88:d0:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jan  6 12:29:19 2024 GMT
            Not After : Jan  4 12:34:19 2025 GMT
        Subject: CN=7B6F37FE5069266573D0D2E5A4A9B10844CC3C7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0c:f4:73:b0:be:69:74:46:6e:8f:fc:b3:d8:
                    ec:23:a4:67:a4:88:f5:4f:9e:78:c7:ce:55:48:9b:
                    61:50:50:c6:f7:ad:46:cf:ff:ee:01:29:2e:65:d2:
                    16:14:91:12:28:a5:cc:52:94:8a:7f:f1:74:69:23:
                    1e:b0:ff:1a:77:ff:63:8b:65:6c:94:8b:a9:88:3b:
                    a3:c0:df:76:e2:51:ef:70:1c:14:25:98:b5:57:c6:
                    9d:86:1e:15:b9:2b:19:9b:44:e7:af:f2:1d:1e:46:
                    ad:f3:d3:6d:82:83:4c:e7:f7:5a:12:37:a6:c9:47:
                    7b:33:6f:3d:1d:05:14:4b:ba:1c:e5:ac:5b:de:e9:
                    3e:6f:a6:28:de:9d:b1:c7:85:cb:b9:95:e2:bd:47:
                    66:55:a5:96:96:52:96:bc:b5:80:bf:b4:ed:ba:5b:
                    2a:f2:40:4f:d0:f3:44:89:ed:bf:2b:56:59:2b:a1:
                    c2:f4:9a:21:b4:d8:61:2e:09:65:9e:d3:c4:12:f6:
                    51:51:9d:40:2d:f7:91:d4:ba:88:6c:32:23:b8:a6:
                    8b:7c:72:61:e8:57:b3:2b:09:bc:50:7a:6b:75:a4:
                    83:ca:82:fd:5e:e2:4c:66:96:53:e7:f2:e9:d1:3a:
                    28:98:12:fa:33:14:31:1e:83:6d:06:aa:91:f1:c7:
                    a6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:6F:37:FE:50:69:26:65:73:D0:D2:E5:A4:A9:B1:08:44:CC:3C:7A
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a33663a36313a3a2f36342d3634203d3e20333939313638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:3f:61::/64

    Signature Algorithm: sha256WithRSAEncryption
         5b:23:d1:50:0a:6e:34:d6:dc:bc:a0:28:1b:e8:15:8b:db:d7:
         9c:a7:16:7a:a9:60:56:4b:46:83:f8:a6:63:b6:94:8d:02:dc:
         93:23:76:fb:a3:54:ec:95:87:58:65:87:fc:c4:86:0a:b4:c1:
         7c:87:1f:2f:4b:21:6b:d8:42:74:ce:9d:1d:1c:f7:e2:06:ee:
         92:c1:59:ae:04:26:d0:84:3f:f1:61:27:9c:8b:ee:29:6e:54:
         3f:a7:da:39:33:89:8e:57:5a:84:06:c3:0f:a8:8a:47:73:84:
         34:e5:89:9b:b2:50:d8:15:44:8b:35:12:6b:af:62:eb:62:7c:
         af:8b:10:a3:69:ed:0f:b0:66:32:ce:e8:cd:d3:b1:08:e5:1b:
         59:0c:0b:b4:2d:3b:35:b0:df:22:17:f2:53:48:c2:49:c4:1c:
         59:c7:fd:73:ab:d3:c0:06:46:5e:60:9e:1f:fd:4d:18:6a:d1:
         ad:60:d2:d2:67:2a:86:35:e0:c1:f9:54:4e:b9:78:8f:c7:a6:
         f0:64:84:6b:08:a5:71:2b:a7:2d:7d:48:2f:9f:81:89:0c:cd:
         91:f9:19:11:66:cc:e0:55:94:44:40:db:0d:f3:d9:9e:8b:35:
         5b:99:03:d6:16:ad:fb:cf:16:34:22:36:19:c6:a3:35:9f:81:
         2e:47:24:45
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUHa/J9a4HotHBT4qb7z26DE6I0B8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDAxMDYxMjI5MTlaFw0yNTAxMDQxMjM0MTlaMDMxMTAvBgNV
BAMTKDdCNkYzN0ZFNTA2OTI2NjU3M0QwRDJFNUE0QTlCMTA4NDRDQzNDN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1DPRzsL5pdEZuj/yz2OwjpGek
iPVPnnjHzlVIm2FQUMb3rUbP/+4BKS5l0hYUkRIopcxSlIp/8XRpIx6w/xp3/2OL
ZWyUi6mIO6PA33biUe9wHBQlmLVXxp2GHhW5KxmbROev8h0eRq3z022Cg0zn91oS
N6bJR3szbz0dBRRLuhzlrFve6T5vpijenbHHhcu5leK9R2ZVpZaWUpa8tYC/tO26
WyryQE/Q80SJ7b8rVlkrocL0miG02GEuCWWe08QS9lFRnUAt95HUuohsMiO4pot8
cmHoV7MrCbxQemt1pIPKgv1e4kxmllPn8unROiiYEvozFDEeg20GqpHxx6b1AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUe283/lBpJmVz0NLlpKmxCETMPHowHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrgYIKwYB
BQUHAQsEgaEwgZ4wgZsGCCsGAQUFBzALhoGOcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMzY2M2EzNjMxM2EzYTJmMzYzNDJkMzYz
NDIwM2QzZTIwMzMzOTM5MzEzNjM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKgDdgAA/AGEwDQYJKoZI
hvcNAQELBQADggEBAFsj0VAKbjTW3LygKBvoFYvb15ynFnqpYFZLRoP4pmO2lI0C
3JMjdvujVOyVh1hlh/zEhgq0wXyHHy9LIWvYQnTOnR0c9+IG7pLBWa4EJtCEP/Fh
J5yL7iluVD+n2jkziY5XWoQGww+oikdzhDTliZuyUNgVRIs1EmuvYutifK+LEKNp
7Q+wZjLO6M3TsQjlG1kMC7QtOzWw3yIX8lNIwknEHFnH/XOr08AGRl5gnh/9TRhq
0a1g0tJnKoY14MH5VE65eI/HpvBkhGsIpXErpy19SC+fgYkMzZH5GRFmzOBVlERA
2w3z2Z6LNVuZA9YWrfvPFjQiNhnGozWfgS5HJEU=
-----END CERTIFICATE-----