Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39392e302f32342d3234203d3e203336323336.roa
File:                     34352e3135392e39392e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          iTWQY/U3TGbRJSUEDA30AWnTigVw+xTs1BFSNx0EGzs=
Subject key identifier:   7D:A0:29:B9:FE:FD:31:86:7C:39:93:B9:9A:12:7E:48:2D:53:80:D5
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       09A337AAF3522859B938DFBD75DD72A05170D2AC
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39392e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 02 Oct 2023 21:55:38 +0000
ROA not before:           Mon 02 Oct 2023 21:50:38 +0000
ROA not after:            Mon 30 Sep 2024 21:55:38 +0000
asID:                     36236
IP address blocks:        45.159.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:a3:37:aa:f3:52:28:59:b9:38:df:bd:75:dd:72:a0:51:70:d2:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Oct  2 21:50:38 2023 GMT
            Not After : Sep 30 21:55:38 2024 GMT
        Subject: CN=7DA029B9FEFD31867C3993B99A127E482D5380D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:1c:16:7a:a4:ac:aa:cf:e6:5a:74:2b:70:fe:
                    4a:72:bb:68:af:0b:61:83:b3:31:53:59:8d:1f:37:
                    82:a6:06:32:8a:70:63:03:98:28:24:1c:31:e3:bb:
                    1a:24:ff:88:d1:30:7a:b6:22:97:9e:81:ec:16:1c:
                    26:1b:f2:02:0b:1f:f4:f2:8b:13:66:c0:ce:dd:53:
                    a7:9d:ec:9b:e9:e7:f1:99:ab:61:84:36:5c:14:e8:
                    76:d4:f4:57:1e:55:d0:8c:26:c6:80:76:85:46:de:
                    76:9e:f3:a5:6a:bf:8a:45:54:48:41:f8:bc:7e:ab:
                    eb:0b:a1:43:17:73:7a:7f:b8:4d:ed:1d:a8:af:6e:
                    43:bc:1c:93:a1:ba:e1:73:56:9c:91:8b:56:90:84:
                    0c:55:1f:49:3f:17:18:8c:90:2e:90:ee:36:f0:1b:
                    5d:34:80:8c:e7:30:9a:68:dc:0f:cb:ba:6f:aa:e9:
                    bf:a2:09:e5:3e:86:4e:e2:89:82:bb:a7:ff:49:58:
                    e6:ee:33:a2:05:58:ce:ca:1c:ec:47:56:e8:b3:d0:
                    24:03:32:48:3e:92:00:4d:cf:c5:4f:59:5e:2a:b9:
                    83:fe:ba:8c:ac:f7:2c:7c:2c:5c:6a:c7:93:5a:72:
                    01:09:23:b4:3c:a1:48:aa:47:19:25:8b:07:f1:a9:
                    73:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:A0:29:B9:FE:FD:31:86:7C:39:93:B9:9A:12:7E:48:2D:53:80:D5
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/34352e3135392e39392e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:18:d6:0b:43:29:6d:5d:96:fb:4c:3a:49:21:80:fd:74:c3:
         99:02:07:dc:e4:44:79:58:84:9e:ab:af:20:ea:28:9b:1b:92:
         16:ec:2f:87:86:6a:2b:d5:21:55:a3:84:f0:ab:80:ca:9f:5e:
         3a:aa:45:77:82:03:c3:99:d2:89:f1:17:e7:3d:fe:68:e2:4b:
         dc:13:61:7e:3c:9b:7d:11:ef:9d:fe:cd:f2:4e:a1:1c:3f:5a:
         95:0f:c7:fb:72:d9:7d:63:51:40:b7:68:bc:34:e8:f5:72:9f:
         b7:2a:93:fa:7a:14:2c:eb:92:c5:f9:5d:5f:95:b7:10:fe:38:
         e9:02:06:09:7a:5b:0d:b8:d1:51:52:10:1f:e8:d6:af:11:69:
         9e:dd:a7:dd:a7:cd:39:bd:5a:2d:72:f2:7f:7b:1d:3d:84:51:
         20:d7:d8:2c:27:01:dd:7f:f9:2a:37:8e:b4:05:28:d5:8c:a3:
         b3:c0:f7:90:44:af:1a:68:aa:67:6b:cd:07:32:e3:01:c9:a1:
         0c:c0:8c:43:de:5b:5b:67:55:43:db:bb:e8:36:c7:a9:2f:6a:
         fd:a7:2a:c7:96:a8:b1:a1:a8:3a:75:72:ac:dd:94:5b:ea:ec:
         6a:90:04:9d:e8:6f:e8:04:cc:10:fe:4e:2d:bc:cf:0e:ef:ad:
         c3:e9:46:a7
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUCaM3qvNSKFm5ON+9dd1yoFFw0qwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yMzEwMDIyMTUwMzhaFw0yNDA5MzAyMTU1MzhaMDMxMTAvBgNV
BAMTKDdEQTAyOUI5RkVGRDMxODY3QzM5OTNCOTlBMTI3RTQ4MkQ1MzgwRDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRHBZ6pKyqz+ZadCtw/kpyu2iv
C2GDszFTWY0fN4KmBjKKcGMDmCgkHDHjuxok/4jRMHq2IpeegewWHCYb8gILH/Ty
ixNmwM7dU6ed7Jvp5/GZq2GENlwU6HbU9FceVdCMJsaAdoVG3nae86Vqv4pFVEhB
+Lx+q+sLoUMXc3p/uE3tHaivbkO8HJOhuuFzVpyRi1aQhAxVH0k/FxiMkC6Q7jbw
G100gIznMJpo3A/Lum+q6b+iCeU+hk7iiYK7p/9JWObuM6IFWM7KHOxHVuiz0CQD
Mkg+kgBNz8VPWV4quYP+uoys9yx8LFxqx5NacgEJI7Q8oUiqRxkliwfxqXPtAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUfaApuf79MYZ8OZO5mhJ+SC1TgNUwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzQzNTJlMzEzNTM5MmUzOTM5MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAC2fYzANBgkqhkiG9w0BAQsFAAOCAQEAWBjWC0Mp
bV2W+0w6SSGA/XTDmQIH3OREeViEnquvIOoomxuSFuwvh4ZqK9UhVaOE8KuAyp9e
OqpFd4IDw5nSifEX5z3+aOJL3BNhfjybfRHvnf7N8k6hHD9alQ/H+3LZfWNRQLdo
vDTo9XKftyqT+noULOuSxfldX5W3EP446QIGCXpbDbjRUVIQH+jWrxFpnt2n3afN
Ob1aLXLyf3sdPYRRINfYLCcB3X/5KjeOtAUo1Yyjs8D3kESvGmiqZ2vNBzLjAcmh
DMCMQ95bW2dVQ9u76DbHqS9q/acqx5aosaGoOnVyrN2UW+rsapAEnehv6ATMEP5O
LbzPDu+tw+lGpw==
-----END CERTIFICATE-----