Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a34313a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a34313a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          JXY3VouIu6hzvbyLLP3+N5Jy37VeGG2+Oemjr8ft5qA=
Subject key identifier:   42:84:5F:AD:4A:4B:7C:11:AF:FF:14:EF:27:62:F1:42:C7:C5:7E:BE
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       29A43F0453CA81785929E1106FD262D4B0A525D2
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a34313a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 19:55:33 +0000
ROA not before:           Mon 02 Oct 2023 19:50:33 +0000
ROA not after:            Mon 30 Sep 2024 19:55:33 +0000
asID:                     36236
IP address blocks:        2a00:dd80:41::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a4:3f:04:53:ca:81:78:59:29:e1:10:6f:d2:62:d4:b0:a5:25:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 19:50:33 2023 GMT
            Not After : Sep 30 19:55:33 2024 GMT
        Subject: CN=42845FAD4A4B7C11AFFF14EF2762F142C7C57EBE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:23:cb:ee:91:db:58:52:d7:fc:99:4b:76:c0:
                    49:b0:e0:59:7b:9c:7e:84:94:19:e7:25:05:f2:21:
                    9a:b6:4c:ff:5c:96:11:79:fa:5b:4e:b0:ac:ff:fc:
                    e9:fb:e9:ee:35:21:fb:5b:fe:39:a4:45:fd:a2:85:
                    e2:fd:c9:81:57:7a:3a:e0:a5:33:cb:8f:bc:c1:7f:
                    a6:0e:4e:b1:8c:c0:69:41:7c:d2:0c:90:1c:8c:d2:
                    9f:c7:d7:48:ef:d5:04:4c:66:cc:db:42:37:f6:40:
                    51:d8:2a:9d:bd:f4:7e:20:7b:86:3d:a8:ba:1c:c4:
                    70:11:14:92:d6:ab:e9:04:36:d0:ef:3f:21:c3:52:
                    95:e7:95:b5:1c:06:6e:48:32:97:83:9d:de:83:03:
                    31:e9:83:fb:da:f5:94:e6:47:f2:ca:1e:61:60:de:
                    e1:06:42:70:d5:6d:af:b4:d8:5c:bf:bf:00:85:1c:
                    dd:a9:0c:c1:c6:ab:3c:6f:5f:0a:02:13:9a:a7:af:
                    cc:16:fa:28:5a:3d:0c:79:80:d5:b1:b8:4e:e7:5d:
                    1e:29:90:de:f0:75:8b:3d:b2:61:39:5c:2c:00:9a:
                    8f:e9:8c:00:78:d7:f1:41:d4:5b:d0:65:67:ee:dd:
                    3e:87:db:82:14:4a:a5:a8:8e:c8:e8:d1:ac:50:ef:
                    1f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:84:5F:AD:4A:4B:7C:11:AF:FF:14:EF:27:62:F1:42:C7:C5:7E:BE
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a34313a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:41::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:7b:99:da:62:b7:89:83:70:75:68:ea:0c:90:2b:5f:e6:f2:
         a0:6b:01:1d:68:6e:60:64:21:cb:14:6f:1a:b6:59:d0:11:eb:
         fb:97:51:6c:78:03:3a:9e:44:73:df:2d:f2:c2:1a:df:60:2f:
         2c:73:b4:74:4b:46:06:e2:1d:f2:72:36:8f:a5:14:36:09:ae:
         9e:c9:13:b2:b5:b1:02:eb:9e:7e:ba:71:91:be:9d:69:3a:1c:
         4b:93:65:c5:fb:05:53:c6:61:ad:50:a4:16:4a:0c:1a:ac:28:
         bf:21:90:8d:35:72:d6:83:e3:1d:ef:54:1e:87:69:5b:e9:18:
         94:5d:f5:3e:85:14:9e:af:8f:8c:4b:50:d7:0d:05:86:14:0e:
         ef:d7:ac:b5:04:be:01:4e:35:2f:c5:d9:b4:be:c2:b7:d2:e7:
         cd:79:cc:74:e3:15:8e:21:ff:a5:4f:b2:c4:c3:f4:cd:19:f6:
         29:1a:d8:15:05:b7:e2:d4:bc:21:89:a6:93:c3:6f:14:ad:f5:
         1e:4e:2a:49:51:27:82:40:cd:c5:df:91:c8:03:8b:b4:94:f2:
         69:4c:b8:50:fe:ae:12:de:6b:0b:97:85:c8:a2:ed:33:7f:ed:
         63:5c:8e:42:83:74:de:2c:ce:30:a3:40:1f:aa:29:d4:d3:5c:
         18:9e:e5:a8
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUKaQ/BFPKgXhZKeEQb9Ji1LClJdIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIxOTUwMzNaFw0yNDA5MzAxOTU1MzNaMDMxMTAvBgNV
BAMTKDQyODQ1RkFENEE0QjdDMTFBRkZGMTRFRjI3NjJGMTQyQzdDNTdFQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClI8vukdtYUtf8mUt2wEmw4Fl7
nH6ElBnnJQXyIZq2TP9clhF5+ltOsKz//On76e41Iftb/jmkRf2iheL9yYFXejrg
pTPLj7zBf6YOTrGMwGlBfNIMkByM0p/H10jv1QRMZszbQjf2QFHYKp299H4ge4Y9
qLocxHARFJLWq+kENtDvPyHDUpXnlbUcBm5IMpeDnd6DAzHpg/va9ZTmR/LKHmFg
3uEGQnDVba+02Fy/vwCFHN2pDMHGqzxvXwoCE5qnr8wW+ihaPQx5gNWxuE7nXR4p
kN7wdYs9smE5XCwAmo/pjAB41/FB1FvQZWfu3T6H24IUSqWojsjo0axQ7x8pAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUQoRfrUpLfBGv/xTvJ2LxQsfFfr4wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzNDMxM2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAQTANBgkqhkiG9w0BAQsFAAOC
AQEAnHuZ2mK3iYNwdWjqDJArX+byoGsBHWhuYGQhyxRvGrZZ0BHr+5dRbHgDOp5E
c98t8sIa32AvLHO0dEtGBuId8nI2j6UUNgmunskTsrWxAuuefrpxkb6daTocS5Nl
xfsFU8ZhrVCkFkoMGqwovyGQjTVy1oPjHe9UHodpW+kYlF31PoUUnq+PjEtQ1w0F
hhQO79estQS+AU41L8XZtL7Ct9LnzXnMdOMVjiH/pU+yxMP0zRn2KRrYFQW34tS8
IYmmk8NvFK31Hk4qSVEngkDNxd+RyAOLtJTyaUy4UP6uEt5rC5eFyKLtM3/tY1yO
QoN03izOMKNAH6op1NNcGJ7lqA==
-----END CERTIFICATE-----