Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39372e302f32342d3234203d3e203336323336.roa
File:                     34352e3135392e39372e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          2vdHAqMLiciaaLBGDVHMKQ95H00DD306n4OCPUC1Xes=
Subject key identifier:   F8:2C:62:C8:3F:A9:A3:B5:68:6D:C2:04:E3:12:2A:C5:E7:0E:D5:56
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       495A6ED6050D70E7CB40534393D83DE7C3B0AE98
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39372e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 22:13:11 +0000
ROA not before:           Mon 02 Sep 2024 22:08:11 +0000
ROA not after:            Mon 01 Sep 2025 22:13:11 +0000
asID:                     36236
IP address blocks:        45.159.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:5a:6e:d6:05:0d:70:e7:cb:40:53:43:93:d8:3d:e7:c3:b0:ae:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 22:08:11 2024 GMT
            Not After : Sep  1 22:13:11 2025 GMT
        Subject: CN=F82C62C83FA9A3B5686DC204E3122AC5E70ED556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:90:0d:4b:a0:65:a9:2f:e9:7a:ff:b3:ae:85:
                    b6:87:f2:42:1e:66:62:d7:b9:e0:6f:1b:c4:73:07:
                    ea:92:3d:5d:68:08:f4:c2:b7:2b:51:90:ff:5e:47:
                    df:b6:46:a2:82:74:96:1e:70:6b:f1:47:f8:b8:13:
                    4d:50:ca:ee:73:4b:0c:4d:51:1d:24:8d:31:3b:7f:
                    f7:b4:dd:44:c8:0d:ee:fc:81:21:d6:88:39:f9:1b:
                    cf:c4:12:7e:b3:dd:06:b7:06:36:c4:9f:2d:f0:70:
                    ac:69:00:ba:cf:e6:b6:14:b0:8c:c8:c6:50:9f:c1:
                    8a:96:89:c2:87:c3:aa:63:3c:c7:b3:c5:64:95:24:
                    7e:d0:91:7c:cb:2d:b3:ec:b0:b8:5f:59:2e:01:34:
                    03:d9:1e:9a:44:62:07:2b:02:34:e7:4b:6e:32:29:
                    fc:ef:d7:b5:86:3c:5e:58:0c:7a:a8:84:13:ee:fc:
                    e7:ec:e7:db:1b:8a:b7:d5:6a:37:67:8a:ed:e3:4f:
                    15:38:b9:16:74:72:e9:43:e8:51:ec:fe:31:c1:a1:
                    5a:a5:42:20:9f:8c:c3:3f:ba:a7:ec:08:e1:52:e0:
                    60:78:a1:2f:f9:84:2b:c6:f1:34:10:5d:a3:f3:73:
                    dc:b4:c1:f4:c9:7c:23:9d:c7:87:96:c4:57:7a:52:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:2C:62:C8:3F:A9:A3:B5:68:6D:C2:04:E3:12:2A:C5:E7:0E:D5:56
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39372e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:42:bd:51:b5:88:1a:2c:7b:5c:7f:f7:f2:d5:b1:74:38:8e:
         67:02:e8:dc:e6:cc:69:ec:88:82:0b:ae:e9:11:4e:d5:95:50:
         03:9d:54:6e:69:42:34:c8:81:07:0d:d3:81:84:9e:d7:7a:a2:
         86:8f:27:01:60:4d:8d:66:3a:c0:4c:dc:e7:cc:54:85:33:bb:
         b1:2d:a4:78:d4:0c:02:48:65:8a:3d:35:50:6d:82:7e:2f:1d:
         76:96:fc:9e:e7:24:5c:5a:c3:01:c1:03:81:3f:db:0f:da:31:
         af:1c:e4:5b:61:55:60:89:27:08:1a:76:59:78:bf:b6:0b:8f:
         3d:5d:2b:97:98:02:71:6d:ca:36:74:4a:94:7b:16:25:b1:ce:
         19:3c:f6:71:8a:ec:6d:b8:c1:12:2f:43:06:b9:82:3c:cd:ff:
         98:16:5f:61:c2:03:07:dd:7e:0a:77:72:e3:8f:0c:c2:c2:38:
         32:df:94:b0:f6:8a:71:e5:82:02:6b:e7:dc:b9:59:13:e7:fc:
         42:db:b1:0e:8d:ba:ec:41:53:6a:9b:77:fa:1c:74:5f:63:78:
         4d:6b:32:02:fc:44:a1:ed:15:63:ca:73:1a:a4:68:84:26:9b:
         92:f0:8d:e2:4c:ed:64:27:b7:dd:ba:f5:a6:b1:29:e1:f6:ee:
         ed:6d:a6:7e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUSVpu1gUNcOfLQFNDk9g958OwrpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMjA4MTFaFw0yNTA5MDEyMjEzMTFaMDMxMTAvBgNV
BAMTKEY4MkM2MkM4M0ZBOUEzQjU2ODZEQzIwNEUzMTIyQUM1RTcwRUQ1NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLkA1LoGWpL+l6/7OuhbaH8kIe
ZmLXueBvG8RzB+qSPV1oCPTCtytRkP9eR9+2RqKCdJYecGvxR/i4E01Qyu5zSwxN
UR0kjTE7f/e03UTIDe78gSHWiDn5G8/EEn6z3Qa3BjbEny3wcKxpALrP5rYUsIzI
xlCfwYqWicKHw6pjPMezxWSVJH7QkXzLLbPssLhfWS4BNAPZHppEYgcrAjTnS24y
Kfzv17WGPF5YDHqohBPu/Ofs59sbirfVajdniu3jTxU4uRZ0culD6FHs/jHBoVql
QiCfjMM/uqfsCOFS4GB4oS/5hCvG8TQQXaPzc9y0wfTJfCOdx4eWxFd6Ug/zAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQU+CxiyD+po7VobcIE4xIqxecO1VYwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzQzNTJlMzEzNTM5MmUzOTM3MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAC2fYTANBgkqhkiG9w0BAQsFAAOCAQEALEK9UbWI
Gix7XH/38tWxdDiOZwLo3ObMaeyIgguu6RFO1ZVQA51UbmlCNMiBBw3TgYSe13qi
ho8nAWBNjWY6wEzc58xUhTO7sS2keNQMAkhlij01UG2Cfi8ddpb8nuckXFrDAcED
gT/bD9oxrxzkW2FVYIknCBp2WXi/tguPPV0rl5gCcW3KNnRKlHsWJbHOGTz2cYrs
bbjBEi9DBrmCPM3/mBZfYcIDB91+Cndy448MwsI4Mt+UsPaKceWCAmvn3LlZE+f8
QtuxDo267EFTapt3+hx0X2N4TWsyAvxEoe0VY8pzGqRohCabkvCN4kztZCe33br1
prEp4fbu7W2mfg==
-----END CERTIFICATE-----