Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39362e302f32332d3233203d3e203336323336.roa
File:                     34352e3135392e39362e302f32332d3233203d3e203336323336.roa (raw, json)
Hash identifier:          pcyg3ZmnTDV6tX4j5C7PKMxRJ37Q2gzqzFmx7zR1zU0=
Subject key identifier:   3A:FB:F0:E4:FB:C5:31:B1:06:66:B0:11:95:83:E5:D0:5A:8B:49:94
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       22043D862A90B2499C1DE337E6E10EA0DDEDE09E
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39362e302f32332d3233203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 22:13:11 +0000
ROA not before:           Mon 02 Sep 2024 22:08:11 +0000
ROA not after:            Mon 01 Sep 2025 22:13:11 +0000
asID:                     36236
IP address blocks:        45.159.96.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:04:3d:86:2a:90:b2:49:9c:1d:e3:37:e6:e1:0e:a0:dd:ed:e0:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 22:08:11 2024 GMT
            Not After : Sep  1 22:13:11 2025 GMT
        Subject: CN=3AFBF0E4FBC531B10666B0119583E5D05A8B4994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b7:57:c4:19:dc:0d:f9:d6:97:c8:6d:72:34:
                    3f:a6:e0:2e:69:15:32:2f:64:83:52:20:dd:1c:40:
                    da:ee:b5:af:3b:36:19:4a:09:0e:90:01:44:6b:d9:
                    16:11:c3:70:0a:a3:97:f7:f5:1e:2a:81:d0:67:09:
                    e0:97:d6:fd:80:e9:ae:d7:37:73:63:69:90:de:b4:
                    e0:a5:80:7b:82:c9:7b:2e:1a:aa:26:da:20:fa:32:
                    a0:73:d0:ce:b6:ab:ff:a8:9d:fa:92:05:4b:a9:81:
                    d2:6e:d2:35:fc:24:07:a7:b3:e9:30:2b:f2:8d:b3:
                    c7:c2:b5:35:9d:20:e8:8c:0a:66:83:d8:18:21:93:
                    f8:74:1f:0d:cb:9e:a6:80:31:f2:bb:01:24:5b:ef:
                    03:d4:b0:8a:0b:49:84:52:6d:1f:71:24:d5:eb:24:
                    f4:a6:6b:e9:bb:b8:6b:10:45:d7:d0:c9:b8:91:2f:
                    ae:3b:c2:d1:26:42:13:9d:c1:72:4e:ae:92:17:6d:
                    fb:34:72:8a:b2:73:2b:4b:21:a4:01:29:f7:0b:9c:
                    6b:12:70:2f:b4:8b:a8:25:7c:69:86:20:26:e2:0c:
                    2c:4c:48:92:f8:0d:49:5b:7e:e0:7b:7c:9b:86:36:
                    5d:a9:c8:c1:f7:7f:ab:27:e7:7a:a7:e6:3f:7e:d3:
                    dd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FB:F0:E4:FB:C5:31:B1:06:66:B0:11:95:83:E5:D0:5A:8B:49:94
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39362e302f32332d3233203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:dc:9e:b0:c0:0b:95:7b:b0:86:89:3b:4e:bd:c5:39:59:33:
         9a:c5:73:8d:e6:db:cc:f6:48:3a:fd:42:8a:d2:d3:b8:3d:79:
         95:b7:d9:2a:63:3f:07:08:d3:62:75:29:00:9a:26:54:87:25:
         95:4d:a5:b3:8d:19:ad:86:bf:c5:aa:80:af:df:9f:d1:ac:79:
         11:22:6e:65:0b:ff:8a:1d:16:3f:aa:ef:bc:5c:fc:3f:39:37:
         c5:5f:8d:67:d9:79:2e:ef:32:70:4e:a7:41:05:32:93:df:e8:
         74:b5:6a:9e:12:fd:20:f3:53:64:b3:8d:07:17:d2:bb:8e:46:
         9e:16:d3:7f:ce:31:f3:55:ae:82:07:c2:c3:94:54:45:f4:f5:
         bb:2d:60:88:91:f7:c2:32:43:80:0a:85:db:0a:83:02:c1:89:
         45:14:e6:b1:0a:dc:77:85:07:91:97:a3:25:fa:44:2f:dd:04:
         03:64:3b:4d:03:c5:35:11:0e:0c:d0:08:a9:54:d7:6e:0f:9d:
         79:4d:22:7c:2d:7d:b6:70:42:27:6d:19:b9:de:21:8a:aa:91:
         af:4e:28:24:e7:be:91:a7:ae:cd:6e:89:ae:c7:54:b6:03:c0:
         57:f1:7a:60:75:71:ca:f5:fd:eb:4f:e5:c1:0a:35:06:d5:75:
         a5:8b:4b:fd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUIgQ9hiqQskmcHeM35uEOoN3t4J4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMjA4MTFaFw0yNTA5MDEyMjEzMTFaMDMxMTAvBgNV
BAMTKDNBRkJGMEU0RkJDNTMxQjEwNjY2QjAxMTk1ODNFNUQwNUE4QjQ5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPt1fEGdwN+daXyG1yND+m4C5p
FTIvZINSIN0cQNruta87NhlKCQ6QAURr2RYRw3AKo5f39R4qgdBnCeCX1v2A6a7X
N3NjaZDetOClgHuCyXsuGqom2iD6MqBz0M62q/+onfqSBUupgdJu0jX8JAens+kw
K/KNs8fCtTWdIOiMCmaD2Bghk/h0Hw3LnqaAMfK7ASRb7wPUsIoLSYRSbR9xJNXr
JPSma+m7uGsQRdfQybiRL647wtEmQhOdwXJOrpIXbfs0coqycytLIaQBKfcLnGsS
cC+0i6glfGmGICbiDCxMSJL4DUlbfuB7fJuGNl2pyMH3f6sn53qn5j9+093dAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUOvvw5PvFMbEGZrARlYPl0FqLSZQwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzQzNTJlMzEzNTM5MmUzOTM2MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAS2fYDANBgkqhkiG9w0BAQsFAAOCAQEAidyesMAL
lXuwhok7Tr3FOVkzmsVzjebbzPZIOv1CitLTuD15lbfZKmM/BwjTYnUpAJomVIcl
lU2ls40ZrYa/xaqAr9+f0ax5ESJuZQv/ih0WP6rvvFz8Pzk3xV+NZ9l5Lu8ycE6n
QQUyk9/odLVqnhL9IPNTZLONBxfSu45GnhbTf84x81WuggfCw5RURfT1uy1giJH3
wjJDgAqF2wqDAsGJRRTmsQrcd4UHkZejJfpEL90EA2Q7TQPFNREODNAIqVTXbg+d
eU0ifC19tnBCJ20Zud4hiqqRr04oJOe+kaeuzW6JrsdUtgPAV/F6YHVxyvX960/l
wQo1BtV1pYtL/Q==
-----END CERTIFICATE-----