Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa
File:                     38382e3133352e37342e302f32342d3234203d3e20393833.roa (raw, json)
Hash identifier:          8MXHqE9/VoHMxJF+8TjS1kPlAjmtzNDu0ewmune/cxE=
Subject key identifier:   05:E6:E6:D4:FC:92:24:18:96:A6:75:D1:52:6C:B6:AA:B6:46:0A:95
Certificate issuer:       /CN=3de0b78633aaf10a9b22a1e925eebcd1ed76b0af
Certificate serial:       19C54F440846CB641D88FF7507B4C4F84E348E10
Authority key identifier: 3D:E0:B7:86:33:AA:F1:0A:9B:22:A1:E9:25:EE:BC:D1:ED:76:B0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa
Signing time:             Fri 19 Jun 2026 07:53:13 +0000
ROA not before:           Fri 19 Jun 2026 07:48:13 +0000
ROA not after:            Fri 18 Jun 2027 07:53:13 +0000
asID:                     983
IP address blocks:        88.135.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Jun 2026 06:17:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:c5:4f:44:08:46:cb:64:1d:88:ff:75:07:b4:c4:f8:4e:34:8e:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de0b78633aaf10a9b22a1e925eebcd1ed76b0af
        Validity
            Not Before: Jun 19 07:48:13 2026 GMT
            Not After : Jun 18 07:53:13 2027 GMT
        Subject: CN=05E6E6D4FC92241896A675D1526CB6AAB6460A95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3c:c1:10:1d:3b:d3:0b:6e:61:b2:08:2c:09:
                    4b:c0:c0:a7:10:9a:93:f7:35:1e:b9:43:bf:b9:16:
                    1f:d5:05:3d:02:42:9a:fb:57:66:32:d3:b6:12:54:
                    c2:e1:c1:9e:72:a6:52:ab:e3:e4:05:18:30:e6:51:
                    13:2e:f1:dc:4a:d3:7f:8b:7e:10:f6:83:c7:e6:41:
                    cd:09:d5:bd:41:15:9b:ee:12:ce:ee:ea:1c:d2:80:
                    08:52:05:7e:54:e9:c6:e5:33:e1:28:c8:04:ec:ca:
                    b8:b5:03:9f:b1:83:c2:81:17:56:30:7d:ad:a9:1e:
                    7a:ff:e7:7c:41:35:5f:f3:ac:b0:60:56:72:d5:77:
                    81:d3:79:a9:41:b8:a7:e0:f6:51:2a:9f:a8:83:2a:
                    b7:e5:db:73:c2:94:9b:ec:02:59:7f:e2:00:fe:03:
                    87:d7:61:93:0f:10:1b:16:ee:54:42:b0:0a:54:97:
                    90:27:4b:82:77:26:0b:7f:91:7b:f3:8c:2b:d4:65:
                    17:7a:10:c3:4c:46:ea:02:a2:3b:f4:b6:c8:ac:d8:
                    34:28:07:f4:aa:8d:51:c0:09:19:b0:b4:fd:16:ef:
                    9d:37:ba:48:10:22:72:7b:28:b1:44:81:0c:22:f0:
                    a8:af:3e:e7:f9:03:0b:07:62:8e:07:28:bb:48:d1:
                    79:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E6:E6:D4:FC:92:24:18:96:A6:75:D1:52:6C:B6:AA:B6:46:0A:95
            X509v3 Authority Key Identifier:
                keyid:3D:E0:B7:86:33:AA:F1:0A:9B:22:A1:E9:25:EE:BC:D1:ED:76:B0:AF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:5f:fb:18:3b:ca:51:70:72:a3:3b:dd:3c:d9:db:d0:7c:e9:
         b4:e2:36:3f:1b:e7:c8:c5:ec:30:24:9b:d3:64:f2:64:a6:a3:
         6b:f5:cc:c7:e7:83:f3:11:2d:bc:4c:bd:a7:39:08:0c:ec:6e:
         c9:49:e2:b2:26:b3:9c:76:51:6f:9f:0d:0e:62:c4:cf:97:38:
         ef:c9:5d:11:f6:55:3d:04:b0:d6:82:02:e0:7b:46:6b:17:28:
         38:b2:fd:c9:a9:2f:17:3a:44:a5:0e:fe:89:3f:82:bf:15:d9:
         ac:ff:19:b2:3e:0d:a3:b2:aa:e6:cf:96:02:ce:cd:a6:30:36:
         d4:09:7a:8b:c8:91:65:38:7d:88:8e:76:98:5c:0d:e2:8e:f4:
         c2:90:ae:ea:17:52:89:07:51:b8:fc:8f:d6:a7:33:58:db:c8:
         50:5e:3f:87:f7:34:ac:0c:df:3a:f1:6d:a8:b4:12:7e:6f:57:
         46:f3:88:e9:08:d9:1f:09:51:d0:fb:4c:98:f2:cd:1b:26:64:
         36:d4:e7:94:c6:15:35:28:c3:2f:67:bf:44:84:f7:3a:2c:7a:
         70:48:e9:22:d6:9f:c8:06:ac:c4:88:2e:4d:ed:d3:32:18:8c:
         e6:b4:ea:06:59:e5:ac:58:69:e8:bf:1b:a3:f0:dc:c9:3d:da:
         ee:6c:e3:f6
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUGcVPRAhGy2QdiP91B7TE+E40jhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2RlMGI3ODYzM2FhZjEwYTliMjJhMWU5MjVlZWJjZDFl
ZDc2YjBhZjAeFw0yNjA2MTkwNzQ4MTNaFw0yNzA2MTgwNzUzMTNaMDMxMTAvBgNV
BAMTKDA1RTZFNkQ0RkM5MjI0MTg5NkE2NzVEMTUyNkNCNkFBQjY0NjBBOTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVPMEQHTvTC25hsggsCUvAwKcQ
mpP3NR65Q7+5Fh/VBT0CQpr7V2Yy07YSVMLhwZ5yplKr4+QFGDDmURMu8dxK03+L
fhD2g8fmQc0J1b1BFZvuEs7u6hzSgAhSBX5U6cblM+EoyATsyri1A5+xg8KBF1Yw
fa2pHnr/53xBNV/zrLBgVnLVd4HTealBuKfg9lEqn6iDKrfl23PClJvsAll/4gD+
A4fXYZMPEBsW7lRCsApUl5AnS4J3Jgt/kXvzjCvUZRd6EMNMRuoCojv0tsis2DQo
B/SqjVHACRmwtP0W7503ukgQInJ7KLFEgQwi8KivPuf5AwsHYo4HKLtI0Xn9AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUBebm1PySJBiWpnXRUmy2qrZGCpUwHwYDVR0j
BBgwFoAUPeC3hjOq8QqbIqHpJe680e12sK8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY5MTRlMGFhNjAxOTE1OWYyZmIyNzBjYTgvMi8zREUwQjc4NjMz
QUFGMTBBOUIyMkExRTkyNUVFQkNEMUVENzZCMEFGLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvUGVDM2hqT3E4UXFiSXFIcEplNjgwZTEyc0s4LmNlcjCBmwYIKwYB
BQUHAQsEgY4wgYswgYgGCCsGAQUFBzALhnxyc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGY5MTRlMGFhNjAxOTE1OWYyZmIyNzBjYTgv
Mi8zODM4MmUzMTMzMzUyZTM3MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTM4
MzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABYh0owDQYJKoZIhvcNAQELBQADggEBAL9f+xg7ylFwcqM7
3TzZ29B86bTiNj8b58jF7DAkm9Nk8mSmo2v1zMfng/MRLbxMvac5CAzsbslJ4rIm
s5x2UW+fDQ5ixM+XOO/JXRH2VT0EsNaCAuB7RmsXKDiy/cmpLxc6RKUO/ok/gr8V
2az/GbI+DaOyqubPlgLOzaYwNtQJeovIkWU4fYiOdphcDeKO9MKQruoXUokHUbj8
j9anM1jbyFBeP4f3NKwM3zrxbai0En5vV0bziOkI2R8JUdD7TJjyzRsmZDbU55TG
FTUowy9nv0SE9zosenBI6SLWn8gGrMSILk3t0zIYjOa06gZZ5axYaei/G6Pw3Mk9
2u5s4/Y=
-----END CERTIFICATE-----