Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a34303a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a34303a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          ApFDnjuE31xbLHLkLt565EK5YMcY2Re1LfiOVIjM+f0=
Subject key identifier:   C7:B1:3F:D3:9C:8E:94:8C:EC:C6:21:BA:B9:42:11:D8:AB:79:6E:3B
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       2A673BAFEDFEA50EAC6FB09B3817967B99DFCE2F
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a34303a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 20:13:08 +0000
ROA not before:           Mon 02 Sep 2024 20:08:08 +0000
ROA not after:            Mon 01 Sep 2025 20:13:08 +0000
asID:                     36236
IP address blocks:        2a00:dd80:40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:67:3b:af:ed:fe:a5:0e:ac:6f:b0:9b:38:17:96:7b:99:df:ce:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 20:08:08 2024 GMT
            Not After : Sep  1 20:13:08 2025 GMT
        Subject: CN=C7B13FD39C8E948CECC621BAB94211D8AB796E3B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4f:c4:bb:1c:da:83:80:93:c1:ef:09:5f:b7:
                    a1:c9:96:86:0a:47:37:66:32:f3:d0:02:24:ce:ba:
                    03:00:f0:2c:2e:51:68:61:92:5b:95:3b:e8:b0:17:
                    29:51:59:e1:bf:3d:3d:97:35:9a:01:d6:81:04:89:
                    35:e4:c3:b0:92:a4:f3:a4:1a:ed:2b:88:bd:73:85:
                    78:ad:36:db:67:ed:f6:bc:ba:58:ba:a9:12:16:a0:
                    a0:9a:b6:67:b8:06:58:b2:54:cc:ad:5e:68:f1:37:
                    c0:07:6b:44:5a:8b:a0:b2:8a:32:a4:3b:b1:42:85:
                    24:18:29:dd:c7:9e:4f:ee:24:c5:bd:58:a5:01:88:
                    85:20:88:76:ac:a5:e6:c6:02:13:97:17:75:11:3a:
                    97:e1:9a:0c:f2:b2:f6:e9:4b:29:a6:f1:b3:2a:06:
                    a5:da:e0:85:c5:40:ad:6e:49:4a:db:12:f5:d0:da:
                    a7:a4:12:57:2d:e8:e6:5d:30:7e:80:a7:a7:50:b4:
                    ca:8b:a1:e8:1d:db:84:93:dd:d0:26:a0:e2:a1:52:
                    94:10:60:2f:31:cb:4e:b1:7c:62:1b:9c:7c:47:74:
                    ee:d5:58:0b:8d:b7:fa:3d:30:10:b2:08:9b:13:a7:
                    99:e6:af:76:41:cf:38:59:f4:82:9c:d5:07:e2:63:
                    7f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:B1:3F:D3:9C:8E:94:8C:EC:C6:21:BA:B9:42:11:D8:AB:79:6E:3B
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a34303a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:bf:09:80:78:2c:7d:70:80:46:5f:89:02:3f:63:9c:ec:99:
         1d:01:16:ba:9b:db:5f:17:86:b6:cc:12:bf:ed:5e:bb:ba:ad:
         83:44:92:3f:ff:af:47:34:6a:b1:c5:8c:da:ad:a4:2b:6d:3a:
         77:08:25:c7:4b:1d:44:c5:12:3b:ed:28:83:d4:50:f0:2f:a2:
         3d:1f:a9:96:c9:ad:1c:35:e5:7d:e4:d6:8c:01:e8:a3:cf:16:
         6a:bb:38:bf:32:e3:dd:fa:cb:ea:15:f2:8e:00:19:87:a7:ad:
         30:d9:4d:e6:3a:e9:61:85:21:31:56:95:3d:ef:4d:64:0a:be:
         e0:68:c6:ed:9b:cd:85:1f:92:97:a0:a8:10:68:cc:9d:75:ef:
         44:82:31:c1:f9:8e:a7:4e:d9:3e:bc:b5:f8:a7:bf:61:0b:22:
         22:0c:fb:9b:2d:51:a4:e6:48:12:78:c9:b8:16:62:be:ca:7a:
         00:71:fd:d7:da:f1:1b:79:bc:40:16:66:2e:31:42:7d:43:a5:
         f1:b0:d6:79:a7:a4:0d:9b:81:ff:71:63:85:89:fe:35:06:59:
         67:9d:e1:db:86:bd:ee:fc:45:dd:8f:b3:7f:76:a1:98:92:d1:
         7a:19:4a:0e:dd:3b:3f:48:81:eb:8c:64:ec:fc:95:c8:ea:f8:
         54:da:54:31
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUKmc7r+3+pQ6sb7CbOBeWe5nfzi8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMDA4MDhaFw0yNTA5MDEyMDEzMDhaMDMxMTAvBgNV
BAMTKEM3QjEzRkQzOUM4RTk0OENFQ0M2MjFCQUI5NDIxMUQ4QUI3OTZFM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZT8S7HNqDgJPB7wlft6HJloYK
RzdmMvPQAiTOugMA8CwuUWhhkluVO+iwFylRWeG/PT2XNZoB1oEEiTXkw7CSpPOk
Gu0riL1zhXitNttn7fa8uli6qRIWoKCatme4BliyVMytXmjxN8AHa0Rai6CyijKk
O7FChSQYKd3Hnk/uJMW9WKUBiIUgiHaspebGAhOXF3UROpfhmgzysvbpSymm8bMq
BqXa4IXFQK1uSUrbEvXQ2qekElct6OZdMH6Ap6dQtMqLoegd24ST3dAmoOKhUpQQ
YC8xy06xfGIbnHxHdO7VWAuNt/o9MBCyCJsTp5nmr3ZBzzhZ9IKc1QfiY3/tAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUx7E/05yOlIzsxiG6uUIR2Kt5bjswHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzNDMwM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAQDANBgkqhkiG9w0BAQsFAAOC
AQEArL8JgHgsfXCARl+JAj9jnOyZHQEWupvbXxeGtswSv+1eu7qtg0SSP/+vRzRq
scWM2q2kK206dwglx0sdRMUSO+0og9RQ8C+iPR+plsmtHDXlfeTWjAHoo88Wars4
vzLj3frL6hXyjgAZh6etMNlN5jrpYYUhMVaVPe9NZAq+4GjG7ZvNhR+Sl6CoEGjM
nXXvRIIxwfmOp07ZPry1+Ke/YQsiIgz7my1RpOZIEnjJuBZivsp6AHH919rxG3m8
QBZmLjFCfUOl8bDWeaekDZuB/3FjhYn+NQZZZ53h24a97vxF3Y+zf3ahmJLRehlK
Dt07P0iB64xk7PyVyOr4VNpUMQ==
-----END CERTIFICATE-----