Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa
File:                     326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa (raw, json)
Hash identifier:          Dy7wM9l0JXy1PAD9mWIhviSVc4TIX1EQVanWBwtPOow=
Subject key identifier:   94:D9:C0:19:4E:6F:B5:51:6E:67:C9:26:37:9E:7F:BA:38:0B:98:94
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       09DD038620F303F28FC98F9A560801E982C9C797
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa
Signing time:             Mon 02 Oct 2023 19:55:32 +0000
ROA not before:           Mon 02 Oct 2023 19:50:32 +0000
ROA not after:            Mon 30 Sep 2024 19:55:32 +0000
asID:                     199438
IP address blocks:        2a00:dd80:fb81::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:dd:03:86:20:f3:03:f2:8f:c9:8f:9a:56:08:01:e9:82:c9:c7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 19:50:32 2023 GMT
            Not After : Sep 30 19:55:32 2024 GMT
        Subject: CN=94D9C0194E6FB5516E67C926379E7FBA380B9894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e9:9e:1e:6d:2f:ba:8b:de:6e:61:28:61:50:
                    8c:38:6e:89:3a:2d:7d:b9:2c:a5:f2:dc:f9:68:9d:
                    f2:c2:c3:7f:e8:16:5c:87:39:eb:89:ae:55:c6:29:
                    d8:42:55:08:bf:fe:fa:8e:cc:58:e5:ec:e3:bc:ca:
                    91:0b:78:df:e4:ac:a3:ab:2b:44:39:c0:84:a6:3a:
                    51:ce:78:0b:ff:55:bc:78:40:37:28:f0:20:4c:a5:
                    7d:a6:2f:9f:d1:f0:1c:b7:53:62:09:1c:fb:0d:cd:
                    8d:e8:2d:94:ab:ac:36:a3:f3:92:ee:43:73:03:e2:
                    28:91:f5:eb:a3:f5:2e:ea:04:0b:93:cc:bd:cc:37:
                    15:b3:89:cb:fa:6b:37:98:91:4e:05:17:ff:86:16:
                    ee:70:4d:59:0e:24:83:8c:0d:a0:62:69:6a:68:f0:
                    ef:62:c7:6c:4d:ac:43:9e:57:0d:23:ba:2a:50:b9:
                    df:47:d5:88:8a:53:c8:a4:a5:c4:8a:24:8a:ef:b4:
                    fb:46:d0:e5:81:38:7b:1b:65:42:ca:a9:11:a8:21:
                    99:02:e8:01:73:38:53:25:fa:db:4b:42:54:0e:6a:
                    da:d9:a9:e4:cf:91:72:c7:91:b9:3c:a8:d2:0d:08:
                    3a:33:fb:72:14:81:ef:6d:20:94:a7:5f:76:fc:f0:
                    8d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D9:C0:19:4E:6F:B5:51:6E:67:C9:26:37:9E:7F:BA:38:0B:98:94
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:fb81::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:21:30:3e:1d:ac:53:17:74:74:0b:a7:85:eb:e6:ef:9c:6d:
         dc:2b:ab:54:7b:c9:01:27:d3:8d:8d:b7:e9:19:3c:3a:06:2a:
         70:0b:d9:39:17:78:98:3d:14:7d:2b:fd:12:d1:a5:73:b9:f3:
         b3:42:3c:b4:1a:dd:3d:0d:30:5a:f8:ad:f2:5a:d9:99:49:67:
         70:8c:c0:6b:9d:1f:00:2b:cd:e9:0e:50:df:98:a1:11:01:19:
         ce:1d:57:e9:de:b1:08:59:39:ec:69:7e:6b:92:ad:37:52:90:
         3c:c4:cb:93:3c:f8:6e:4a:8a:db:03:07:5c:c7:27:ba:45:3e:
         ee:f2:8a:35:da:25:58:b1:5b:14:1a:f7:6f:b0:8e:3d:e3:49:
         97:a0:11:62:22:af:65:4e:f3:bc:a0:44:c1:e6:d0:5a:0a:e5:
         41:d8:32:c6:a9:32:d4:1d:b7:84:be:e0:ae:40:17:5f:f9:5e:
         29:23:f2:57:9c:7a:aa:e7:37:70:37:c5:25:43:d9:31:cd:9e:
         78:f7:cc:2d:74:fb:98:d6:9d:0d:31:c7:81:c1:3d:1c:f9:22:
         2c:71:51:05:dd:6c:d1:9c:6a:7d:17:69:26:13:1c:10:f7:fa:
         c1:28:d2:23:cc:af:c7:ea:fa:b7:d3:c5:5d:60:59:c9:4a:1b:
         3a:0a:5f:3b
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIUCd0DhiDzA/KPyY+aVggB6YLJx5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIxOTUwMzJaFw0yNDA5MzAxOTU1MzJaMDMxMTAvBgNV
BAMTKDk0RDlDMDE5NEU2RkI1NTE2RTY3QzkyNjM3OUU3RkJBMzgwQjk4OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn6Z4ebS+6i95uYShhUIw4bok6
LX25LKXy3PlonfLCw3/oFlyHOeuJrlXGKdhCVQi//vqOzFjl7OO8ypELeN/krKOr
K0Q5wISmOlHOeAv/Vbx4QDco8CBMpX2mL5/R8By3U2IJHPsNzY3oLZSrrDaj85Lu
Q3MD4iiR9euj9S7qBAuTzL3MNxWzicv6azeYkU4FF/+GFu5wTVkOJIOMDaBiaWpo
8O9ix2xNrEOeVw0juipQud9H1YiKU8ikpcSKJIrvtPtG0OWBOHsbZULKqRGoIZkC
6AFzOFMl+ttLQlQOatrZqeTPkXLHkbk8qNINCDoz+3IUge9tIJSnX3b88I3vAgMB
AAGjggIvMIICKzAdBgNVHQ4EFgQUlNnAGU5vtVFuZ8kmN55/ujgLmJQwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2E2NjYyMzgzMTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzkzOTM0MzMzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YD7gTANBgkqhkiG9w0B
AQsFAAOCAQEAriEwPh2sUxd0dAunhevm75xt3CurVHvJASfTjY236Rk8OgYqcAvZ
ORd4mD0UfSv9EtGlc7nzs0I8tBrdPQ0wWvit8lrZmUlncIzAa50fACvN6Q5Q35ih
EQEZzh1X6d6xCFk57Gl+a5KtN1KQPMTLkzz4bkqK2wMHXMcnukU+7vKKNdolWLFb
FBr3b7COPeNJl6ARYiKvZU7zvKBEwebQWgrlQdgyxqky1B23hL7grkAXX/leKSPy
V5x6quc3cDfFJUPZMc2eePfMLXT7mNadDTHHgcE9HPkiLHFRBd1s0ZxqfRdpJhMc
EPf6wSjSI8yvx+r6t9PFXWBZyUobOgpfOw==
-----END CERTIFICATE-----