Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39382e302f32342d3234203d3e203336323336.roa
File:                     34352e3135392e39382e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          pzd0rQs/84gL6er20gp98azaouaky1uDi0k0qrkdK+U=
Subject key identifier:   0E:95:D3:B3:33:12:2A:BD:19:B8:9D:CF:AB:CD:2B:FA:1F:CE:0F:21
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       0950D70F6D3B3FE27F78A25AEDA38494B2CD0F92
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39382e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Sep 2024 22:13:10 +0000
ROA not before:           Mon 02 Sep 2024 22:08:10 +0000
ROA not after:            Mon 01 Sep 2025 22:13:10 +0000
asID:                     36236
IP address blocks:        45.159.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:50:d7:0f:6d:3b:3f:e2:7f:78:a2:5a:ed:a3:84:94:b2:cd:0f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Sep  2 22:08:10 2024 GMT
            Not After : Sep  1 22:13:10 2025 GMT
        Subject: CN=0E95D3B333122ABD19B89DCFABCD2BFA1FCE0F21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:24:2c:3e:80:33:05:62:88:ab:44:af:51:e5:
                    1e:4f:9e:e4:83:eb:62:4a:c1:1a:a9:6f:54:97:31:
                    31:59:9c:6c:a7:5c:6e:7f:bf:70:33:33:8f:c3:3c:
                    8b:d4:f9:97:cd:7a:a1:4a:5c:e0:c1:dc:74:65:22:
                    a9:1f:9f:2e:46:b7:b0:f0:58:07:56:2b:22:74:50:
                    b5:bf:01:1d:a3:43:e6:06:2e:2a:88:e6:7f:7f:17:
                    d7:5c:dd:27:a0:48:ed:34:46:21:1a:1c:f9:9c:1b:
                    70:f3:53:74:42:dc:74:d7:3b:80:fa:f2:65:2f:50:
                    56:0f:80:2a:b7:29:ee:df:06:f6:1d:fa:98:68:53:
                    9f:e2:e0:60:57:76:7a:2c:05:bc:18:7e:e5:68:d0:
                    f5:52:49:c0:28:30:d5:11:c9:40:a0:ca:bd:02:b9:
                    0d:21:7d:97:4e:31:24:59:04:9a:52:ed:6f:17:6f:
                    e9:43:a2:bb:55:e9:b0:af:fb:2a:5a:bc:55:2a:6b:
                    98:65:11:d0:6b:30:d8:fe:05:cb:12:8e:7b:59:f5:
                    83:e6:36:c3:db:f0:f6:79:e7:df:37:d9:59:1a:d7:
                    a1:de:1a:5a:69:0a:13:b3:bb:81:41:1e:86:51:1d:
                    63:05:1c:9c:b0:1d:b7:8d:46:92:17:a2:04:55:55:
                    54:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:95:D3:B3:33:12:2A:BD:19:B8:9D:CF:AB:CD:2B:FA:1F:CE:0F:21
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39382e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:f8:26:f6:54:5c:00:5f:ab:fe:4b:9a:39:cf:55:2f:42:27:
         62:f4:9e:b3:3f:b0:69:55:ac:ce:e0:6b:03:88:b3:d4:a6:2e:
         e6:41:51:02:da:b4:34:d6:56:8d:26:42:9f:37:53:98:0d:64:
         5e:2d:0f:d0:d7:e9:10:04:20:8b:73:20:fb:c6:7c:b8:85:9c:
         8a:2e:18:c2:7b:f2:f7:fd:57:1c:76:8c:4e:97:5c:c9:06:94:
         48:32:ee:9a:96:5f:68:9a:eb:e5:ea:77:f5:1f:c5:a3:66:04:
         0b:a9:0d:1d:56:95:dd:fd:fc:4b:43:28:95:04:95:d7:93:32:
         46:4d:d0:4b:62:54:8b:6f:ba:47:ed:3a:00:70:e9:37:65:80:
         18:f6:90:84:31:00:4b:d3:36:37:53:bc:23:03:24:a4:4d:62:
         ba:91:e2:b9:17:fc:54:40:80:5a:97:64:0d:5d:eb:28:8e:3f:
         1f:1b:17:6e:de:c3:53:1e:3f:1d:d7:f9:89:b5:64:5c:9d:7c:
         02:0a:66:2b:99:3b:79:62:f5:ed:34:93:39:43:ef:d9:b0:29:
         71:1b:e4:4b:ae:7c:78:4b:4a:5c:0c:f5:84:c7:68:e2:84:2c:
         44:1a:38:53:81:85:fa:3b:61:6c:3c:9f:04:00:91:a6:c9:5c:
         c6:f1:3d:6b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUCVDXD207P+J/eKJa7aOElLLND5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNDA5MDIyMjA4MTBaFw0yNTA5MDEyMjEzMTBaMDMxMTAvBgNV
BAMTKDBFOTVEM0IzMzMxMjJBQkQxOUI4OURDRkFCQ0QyQkZBMUZDRTBGMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOJCw+gDMFYoirRK9R5R5PnuSD
62JKwRqpb1SXMTFZnGynXG5/v3AzM4/DPIvU+ZfNeqFKXODB3HRlIqkfny5Gt7Dw
WAdWKyJ0ULW/AR2jQ+YGLiqI5n9/F9dc3SegSO00RiEaHPmcG3DzU3RC3HTXO4D6
8mUvUFYPgCq3Ke7fBvYd+phoU5/i4GBXdnosBbwYfuVo0PVSScAoMNURyUCgyr0C
uQ0hfZdOMSRZBJpS7W8Xb+lDortV6bCv+ypavFUqa5hlEdBrMNj+BcsSjntZ9YPm
NsPb8PZ559832Vka16HeGlppChOzu4FBHoZRHWMFHJywHbeNRpIXogRVVVS1AgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUDpXTszMSKr0ZuJ3Pq80r+h/ODyEwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzQzNTJlMzEzNTM5MmUzOTM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAC2fYjANBgkqhkiG9w0BAQsFAAOCAQEApvgm9lRc
AF+r/kuaOc9VL0InYvSesz+waVWszuBrA4iz1KYu5kFRAtq0NNZWjSZCnzdTmA1k
Xi0P0NfpEAQgi3Mg+8Z8uIWcii4Ywnvy9/1XHHaMTpdcyQaUSDLumpZfaJrr5ep3
9R/Fo2YEC6kNHVaV3f38S0MolQSV15MyRk3QS2JUi2+6R+06AHDpN2WAGPaQhDEA
S9M2N1O8IwMkpE1iupHiuRf8VECAWpdkDV3rKI4/HxsXbt7DUx4/Hdf5ibVkXJ18
AgpmK5k7eWL17TSTOUPv2bApcRvkS658eEtKXAz1hMdo4oQsRBo4U4GF+jthbDyf
BACRpslcxvE9aw==
-----END CERTIFICATE-----