Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39362e302f32332d3233203d3e203336323336.roa
File:                     34352e3135392e39362e302f32332d3233203d3e203336323336.roa (raw, json)
Hash identifier:          zp4nvZ+6T+dXnAX0ZZPlc+Xo2hx6Krq87J6ypstqUes=
Subject key identifier:   69:3A:D6:5B:32:66:C8:69:16:24:1D:A2:40:91:95:5C:D6:91:58:03
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       50BE113C9893A77F92053DAD258E31FD40FD2957
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39362e302f32332d3233203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 21:55:38 +0000
ROA not before:           Mon 02 Oct 2023 21:50:38 +0000
ROA not after:            Mon 30 Sep 2024 21:55:38 +0000
asID:                     36236
IP address blocks:        45.159.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:be:11:3c:98:93:a7:7f:92:05:3d:ad:25:8e:31:fd:40:fd:29:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 21:50:38 2023 GMT
            Not After : Sep 30 21:55:38 2024 GMT
        Subject: CN=693AD65B3266C86916241DA24091955CD6915803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bc:2c:fa:0a:7e:2f:26:5e:b9:5c:9e:d0:c1:
                    c5:52:a9:dd:ae:53:dd:62:20:cb:20:12:ef:b8:38:
                    94:62:6f:50:99:57:d6:20:b7:ee:bc:e8:c5:ff:b5:
                    f3:b8:87:ef:8e:0c:f0:d5:41:84:31:95:1e:97:8a:
                    ea:c3:08:96:5d:a3:a5:63:f0:e4:ed:ba:5c:da:4e:
                    5e:d6:0f:62:52:28:26:0e:a5:77:78:26:f2:3d:f9:
                    ef:6f:da:7f:a1:42:ae:5f:1c:fe:89:11:6b:d2:f5:
                    5f:5d:c8:c3:45:25:d4:63:cb:c4:08:26:65:8d:e0:
                    0b:c1:75:43:59:09:d9:b6:96:7c:28:e0:ca:39:73:
                    b7:e4:50:39:ec:41:7d:ff:bc:64:2d:4b:ae:4f:ae:
                    65:74:66:63:43:46:b9:59:a6:44:0f:3a:00:8e:0b:
                    0d:42:76:e4:48:e2:95:b5:c8:28:cd:5b:15:86:d0:
                    73:3c:64:ae:d8:66:7d:a4:71:cd:8a:77:c8:5f:42:
                    a9:37:5d:92:c4:e4:a3:3e:2d:81:fc:5a:5a:73:ae:
                    6a:2a:f1:3e:8f:34:1f:d9:1f:aa:70:10:06:4e:e8:
                    3a:e9:91:8d:56:d7:ce:c0:d4:c0:47:16:3a:ed:af:
                    cf:fe:43:42:84:bd:43:bc:30:d4:9a:7a:bc:14:c8:
                    0b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:3A:D6:5B:32:66:C8:69:16:24:1D:A2:40:91:95:5C:D6:91:58:03
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39362e302f32332d3233203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:76:c0:da:3d:21:d9:96:e8:c0:5e:5b:9e:4e:c0:32:05:a0:
         7a:0e:85:34:f0:84:77:12:0e:0c:65:af:61:2b:aa:06:02:c5:
         8b:f7:14:57:5b:a1:39:29:18:72:42:f9:b4:b8:ab:26:39:c2:
         38:10:88:15:aa:68:fb:b3:09:dc:6c:11:42:03:d4:7e:8c:2a:
         ae:b8:4c:40:e4:1c:36:68:6e:50:1c:ae:b0:41:ee:f8:ca:7a:
         86:7a:d5:4a:55:3f:da:fb:43:84:91:66:1e:49:c9:2e:e3:fe:
         92:57:94:d8:08:a5:5b:ef:7b:d1:c2:fe:f5:02:28:fb:13:0c:
         05:5c:9e:77:0a:1f:87:37:8c:06:12:13:c5:5b:c4:f2:0e:b3:
         41:4c:46:e2:fa:2c:45:22:23:ef:57:2d:77:5e:44:a4:40:ef:
         da:61:c1:9f:26:a7:c0:ea:8b:a9:f7:10:84:1a:96:27:6d:90:
         c8:85:56:32:c9:32:81:01:c5:c1:7e:f7:76:c3:7a:24:eb:1a:
         9e:ba:71:87:68:c7:cc:d7:9f:88:3f:79:5a:c8:33:71:63:d6:
         71:dd:62:56:21:5f:84:8f:ad:61:93:ac:6b:7f:38:e5:2d:91:
         7e:d2:f8:dd:d3:12:34:e8:cc:00:9b:44:89:07:88:e4:47:62:
         c4:10:35:85
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUUL4RPJiTp3+SBT2tJY4x/UD9KVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMTUwMzhaFw0yNDA5MzAyMTU1MzhaMDMxMTAvBgNV
BAMTKDY5M0FENjVCMzI2NkM4NjkxNjI0MURBMjQwOTE5NTVDRDY5MTU4MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJvCz6Cn4vJl65XJ7QwcVSqd2u
U91iIMsgEu+4OJRib1CZV9Ygt+686MX/tfO4h++ODPDVQYQxlR6XiurDCJZdo6Vj
8OTtulzaTl7WD2JSKCYOpXd4JvI9+e9v2n+hQq5fHP6JEWvS9V9dyMNFJdRjy8QI
JmWN4AvBdUNZCdm2lnwo4Mo5c7fkUDnsQX3/vGQtS65PrmV0ZmNDRrlZpkQPOgCO
Cw1CduRI4pW1yCjNWxWG0HM8ZK7YZn2kcc2Kd8hfQqk3XZLE5KM+LYH8Wlpzrmoq
8T6PNB/ZH6pwEAZO6DrpkY1W187A1MBHFjrtr8/+Q0KEvUO8MNSaerwUyAsNAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUaTrWWzJmyGkWJB2iQJGVXNaRWAMwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzQzNTJlMzEzNTM5MmUzOTM2MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAS2fYDANBgkqhkiG9w0BAQsFAAOCAQEAa3bA2j0h
2ZbowF5bnk7AMgWgeg6FNPCEdxIODGWvYSuqBgLFi/cUV1uhOSkYckL5tLirJjnC
OBCIFapo+7MJ3GwRQgPUfowqrrhMQOQcNmhuUByusEHu+Mp6hnrVSlU/2vtDhJFm
HknJLuP+kleU2AilW+970cL+9QIo+xMMBVyedwofhzeMBhITxVvE8g6zQUxG4vos
RSIj71ctd15EpEDv2mHBnyanwOqLqfcQhBqWJ22QyIVWMskygQHFwX73dsN6JOsa
nrpxh2jHzNefiD95WsgzcWPWcd1iViFfhI+tYZOsa3845S2RftL43dMSNOjMAJtE
iQeI5EdixBA1hQ==
-----END CERTIFICATE-----