Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa
File:                     326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa (raw, json)
Hash identifier:          2WgWKutepro/eaC8s2ZXb2r/45cg+D3vfXPIjDDrXt4=
Subject key identifier:   7C:25:08:8E:0B:31:34:71:70:81:D9:4F:67:53:54:AB:07:77:89:AA
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       7B42010AAE4E9198A2C0F37B128D8343A65695FC
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa
Signing time:             Mon 02 Sep 2024 20:13:06 +0000
ROA not before:           Mon 02 Sep 2024 20:08:06 +0000
ROA not after:            Mon 01 Sep 2025 20:13:06 +0000
asID:                     199438
IP address blocks:        2a00:dd80:fb81::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:42:01:0a:ae:4e:91:98:a2:c0:f3:7b:12:8d:83:43:a6:56:95:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 20:08:06 2024 GMT
            Not After : Sep  1 20:13:06 2025 GMT
        Subject: CN=7C25088E0B3134717081D94F675354AB077789AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:de:3f:6c:54:47:b9:a7:ae:39:e7:ab:7d:3c:
                    d4:27:d6:ac:b9:38:7b:5a:5d:9b:e9:ee:03:79:65:
                    4a:03:9e:98:df:cb:18:a1:e7:30:c4:68:5b:10:ef:
                    cd:50:1b:74:b2:3e:f3:83:41:0c:96:82:2a:20:ab:
                    85:1a:b3:45:dc:d5:80:0a:bd:e4:2f:87:42:dc:39:
                    24:7b:4d:d5:95:c0:ab:f8:6e:0f:04:49:f8:11:82:
                    b7:17:d4:40:d9:4e:e9:ab:09:55:95:15:d9:78:8b:
                    21:92:fb:c9:7b:56:48:5e:a4:f7:d3:98:07:45:22:
                    46:5a:ca:de:c0:fe:e0:02:c8:10:9d:b2:e3:34:5c:
                    b7:dd:82:bb:5e:c9:ee:2f:e8:3e:e5:eb:39:a5:2d:
                    24:c7:f1:40:2e:4b:4a:20:c8:20:04:bb:13:79:5d:
                    65:18:5c:a5:b6:10:a7:c9:e5:87:17:57:03:34:2c:
                    52:b1:f6:3b:2b:ca:93:c6:13:e7:4b:2d:11:78:ea:
                    2f:66:80:ec:b5:7f:04:8e:93:a0:d8:f3:8d:dc:6a:
                    49:49:fc:15:a7:76:d8:db:f9:e3:cf:f0:e5:ab:7e:
                    07:46:c2:ac:b7:29:39:da:a2:b3:62:5c:4f:03:b5:
                    22:0c:71:ab:3f:09:2e:39:17:c5:a0:a1:d5:e3:58:
                    df:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:25:08:8E:0B:31:34:71:70:81:D9:4F:67:53:54:AB:07:77:89:AA
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:fb81::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:36:7f:c5:4d:34:fe:df:57:88:ca:a4:b1:90:71:85:59:8c:
         b3:6f:0d:cf:f3:6f:d9:b2:6e:03:c4:91:98:14:18:56:6e:7b:
         61:a6:35:0a:48:23:c0:f9:6a:19:f6:e8:b4:ca:40:e5:90:c2:
         27:79:78:78:aa:61:b4:86:e8:5f:bd:75:1c:68:48:41:17:93:
         f4:17:b7:1a:17:df:b3:c5:c8:f7:14:5d:85:72:4d:3d:0b:58:
         ac:1e:91:53:d5:a4:f7:02:6c:2d:44:8c:94:fb:fc:e8:5e:85:
         93:c7:f6:1d:22:e5:2c:9b:be:15:f3:f6:fb:59:07:bd:3d:ae:
         98:c2:fd:f7:ad:56:6c:cc:af:fc:c6:e6:b6:b1:7c:c6:b4:cd:
         dc:19:45:74:a6:3c:97:6f:f3:c0:c4:5c:3e:23:85:45:71:e4:
         0c:4d:46:0e:36:a5:5c:c6:44:f8:86:9a:d5:25:f6:e1:df:27:
         88:1e:33:7d:62:fc:69:3a:f1:62:e0:33:ae:4e:39:7d:43:c1:
         51:1c:15:08:91:1b:f3:af:cb:19:98:58:8e:96:cd:8b:0f:b5:
         95:b7:78:77:eb:00:ab:2c:34:4a:fa:63:4a:a5:13:0d:e3:6c:
         ba:69:d3:18:e8:58:06:15:70:63:74:6f:7a:f2:6f:28:ea:c0:
         bf:ad:12:6d
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIUe0IBCq5OkZiiwPN7Eo2DQ6ZWlfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMDA4MDZaFw0yNTA5MDEyMDEzMDZaMDMxMTAvBgNV
BAMTKDdDMjUwODhFMEIzMTM0NzE3MDgxRDk0RjY3NTM1NEFCMDc3Nzg5QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu3j9sVEe5p64556t9PNQn1qy5
OHtaXZvp7gN5ZUoDnpjfyxih5zDEaFsQ781QG3SyPvODQQyWgiogq4Uas0Xc1YAK
veQvh0LcOSR7TdWVwKv4bg8ESfgRgrcX1EDZTumrCVWVFdl4iyGS+8l7VkhepPfT
mAdFIkZayt7A/uACyBCdsuM0XLfdgrteye4v6D7l6zmlLSTH8UAuS0ogyCAEuxN5
XWUYXKW2EKfJ5YcXVwM0LFKx9jsrypPGE+dLLRF46i9mgOy1fwSOk6DY843caklJ
/BWndtjb+ePP8OWrfgdGwqy3KTnaorNiXE8DtSIMcas/CS45F8WgodXjWN9tAgMB
AAGjggIvMIICKzAdBgNVHQ4EFgQUfCUIjgsxNHFwgdlPZ1NUqwd3iaowHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2E2NjYyMzgzMTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzkzOTM0MzMzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YD7gTANBgkqhkiG9w0B
AQsFAAOCAQEAETZ/xU00/t9XiMqksZBxhVmMs28Nz/Nv2bJuA8SRmBQYVm57YaY1
CkgjwPlqGfbotMpA5ZDCJ3l4eKphtIboX711HGhIQReT9Be3Ghffs8XI9xRdhXJN
PQtYrB6RU9Wk9wJsLUSMlPv86F6Fk8f2HSLlLJu+FfP2+1kHvT2umML9961WbMyv
/MbmtrF8xrTN3BlFdKY8l2/zwMRcPiOFRXHkDE1GDjalXMZE+Iaa1SX24d8niB4z
fWL8aTrxYuAzrk45fUPBURwVCJEb86/LGZhYjpbNiw+1lbd4d+sAqyw0SvpjSqUT
DeNsumnTGOhYBhVwY3RvevJvKOrAv60SbQ==
-----END CERTIFICATE-----