Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa
File:                     38382e3133352e37342e302f32342d3234203d3e20393833.roa (raw, json)
Hash identifier:          y9YmktivJBbKPHh8hEM7zR9L9cZ6v0kH5w91NUKXhuA=
Subject key identifier:   A7:D5:79:FB:5E:7F:AE:00:FD:DC:30:7A:8A:28:A5:04:5D:7D:D7:51
Certificate issuer:       /CN=3de0b78633aaf10a9b22a1e925eebcd1ed76b0af
Certificate serial:       1ABAAF36DD721A0F9562A217C58024E675DA7DEC
Authority key identifier: 3D:E0:B7:86:33:AA:F1:0A:9B:22:A1:E9:25:EE:BC:D1:ED:76:B0:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa
Signing time:             Fri 16 Aug 2024 07:03:03 +0000
ROA not before:           Fri 16 Aug 2024 06:58:03 +0000
ROA not after:            Fri 15 Aug 2025 07:03:03 +0000
asID:                     983
IP address blocks:        88.135.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:ba:af:36:dd:72:1a:0f:95:62:a2:17:c5:80:24:e6:75:da:7d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de0b78633aaf10a9b22a1e925eebcd1ed76b0af
        Validity
            Not Before: Aug 16 06:58:03 2024 GMT
            Not After : Aug 15 07:03:03 2025 GMT
        Subject: CN=A7D579FB5E7FAE00FDDC307A8A28A5045D7DD751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fb:eb:68:b2:44:ca:06:03:56:c8:49:1b:3c:
                    8a:ce:82:00:4f:99:c9:c3:3e:49:31:ea:0a:bc:81:
                    55:b4:5c:13:ef:92:e0:15:0d:8a:69:1c:eb:de:44:
                    a5:b5:e8:cb:e0:d3:fa:c8:1f:d9:a4:a9:5c:c1:cc:
                    84:cc:ad:f5:1a:bd:d1:d7:c2:44:35:61:67:4d:59:
                    33:f5:96:14:eb:bc:12:2e:a0:a3:c5:ca:6e:ca:61:
                    04:8c:e3:60:f6:b5:7b:5c:d7:79:8b:14:8d:98:1f:
                    00:e1:e3:dd:8d:57:31:63:d1:de:45:b5:01:1b:de:
                    ab:bf:fb:25:a9:2a:39:9a:55:a6:41:d7:22:2c:dd:
                    0c:2d:bd:03:98:2d:16:1c:4e:3f:a8:80:3f:d9:31:
                    1a:7e:72:61:3e:c5:c8:f8:f7:9c:1b:5f:d5:c2:be:
                    8a:84:80:e1:71:15:67:b8:0c:12:75:de:90:29:1a:
                    93:36:47:49:90:a2:d4:2e:a4:05:2d:09:df:f5:2a:
                    30:d0:c1:08:45:3b:61:be:52:a4:12:72:f3:73:df:
                    10:a5:36:f5:cb:38:10:24:d5:18:06:0b:d0:56:1a:
                    32:ce:ca:d5:f5:b4:c0:9e:c0:51:0a:0c:67:0e:4a:
                    b3:c7:f8:c9:7e:3b:ba:25:a3:19:31:c3:2b:c1:16:
                    e2:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:D5:79:FB:5E:7F:AE:00:FD:DC:30:7A:8A:28:A5:04:5D:7D:D7:51
            X509v3 Authority Key Identifier:
                keyid:3D:E0:B7:86:33:AA:F1:0A:9B:22:A1:E9:25:EE:BC:D1:ED:76:B0:AF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/3DE0B78633AAF10A9B22A1E925EEBCD1ED76B0AF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeC3hjOq8QqbIqHpJe680e12sK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf914e0aa6019159f2fb270ca8/2/38382e3133352e37342e302f32342d3234203d3e20393833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:0c:bd:01:d0:08:b2:77:b0:20:75:23:1a:3a:80:ad:da:2a:
         58:11:d2:38:4f:db:cf:26:b2:4c:74:81:c9:93:49:92:51:fc:
         b9:80:ac:4d:d4:24:ce:9b:0e:dc:cb:0c:4c:fc:3b:1a:ea:fa:
         0e:03:f2:b1:8d:86:1a:b2:66:69:d2:ce:ed:84:df:40:ac:82:
         db:57:1f:5c:13:41:7f:54:7f:fe:cc:0d:cc:32:6d:67:de:7e:
         40:34:59:ad:5e:0b:79:dd:6e:2e:12:de:aa:85:27:29:32:4f:
         34:2e:bc:88:68:c7:61:bc:83:aa:74:4c:e2:62:84:1b:7c:11:
         3c:13:8c:17:ba:f4:2a:2d:99:6a:2b:6d:8f:41:f4:16:1e:43:
         43:e2:03:b5:5a:e1:6d:c6:55:ae:3c:af:a0:05:5a:4c:0d:6e:
         5a:75:af:dd:da:1d:9f:c8:b1:2c:cb:a1:c7:d3:51:c3:b7:5f:
         24:5f:0e:d5:95:38:37:d7:3f:21:64:86:49:f8:c9:59:9f:b6:
         33:83:c5:73:75:6e:f9:68:57:39:fe:ce:b7:15:23:f5:44:96:
         55:08:90:5d:1d:dd:25:b4:3f:48:20:87:04:97:ba:50:cf:d7:
         af:e8:b8:4c:54:3e:ea:d4:a7:ff:70:0a:e9:e1:57:08:db:27:
         64:51:32:b4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUGrqvNt1yGg+VYqIXxYAk5nXafewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2RlMGI3ODYzM2FhZjEwYTliMjJhMWU5MjVlZWJjZDFl
ZDc2YjBhZjAeFw0yNDA4MTYwNjU4MDNaFw0yNTA4MTUwNzAzMDNaMDMxMTAvBgNV
BAMTKEE3RDU3OUZCNUU3RkFFMDBGRERDMzA3QThBMjhBNTA0NUQ3REQ3NTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1++toskTKBgNWyEkbPIrOggBP
mcnDPkkx6gq8gVW0XBPvkuAVDYppHOveRKW16Mvg0/rIH9mkqVzBzITMrfUavdHX
wkQ1YWdNWTP1lhTrvBIuoKPFym7KYQSM42D2tXtc13mLFI2YHwDh492NVzFj0d5F
tQEb3qu/+yWpKjmaVaZB1yIs3QwtvQOYLRYcTj+ogD/ZMRp+cmE+xcj495wbX9XC
voqEgOFxFWe4DBJ13pApGpM2R0mQotQupAUtCd/1KjDQwQhFO2G+UqQScvNz3xCl
NvXLOBAk1RgGC9BWGjLOytX1tMCewFEKDGcOSrPH+Ml+O7oloxkxwyvBFuLvAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUp9V5+15/rgD93DB6iiilBF1911EwHwYDVR0j
BBgwFoAUPeC3hjOq8QqbIqHpJe680e12sK8wDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY5MTRlMGFhNjAxOTE1OWYyZmIyNzBjYTgvMi8zREUwQjc4NjMz
QUFGMTBBOUIyMkExRTkyNUVFQkNEMUVENzZCMEFGLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvUGVDM2hqT3E4UXFiSXFIcEplNjgwZTEyc0s4LmNlcjCBmwYIKwYB
BQUHAQsEgY4wgYswgYgGCCsGAQUFBzALhnxyc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGY5MTRlMGFhNjAxOTE1OWYyZmIyNzBjYTgv
Mi8zODM4MmUzMTMzMzUyZTM3MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTM4
MzMucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABYh0owDQYJKoZIhvcNAQELBQADggEBAAwMvQHQCLJ3sCB1
Ixo6gK3aKlgR0jhP288mskx0gcmTSZJR/LmArE3UJM6bDtzLDEz8Oxrq+g4D8rGN
hhqyZmnSzu2E30CsgttXH1wTQX9Uf/7MDcwybWfefkA0Wa1eC3ndbi4S3qqFJyky
TzQuvIhox2G8g6p0TOJihBt8ETwTjBe69CotmWorbY9B9BYeQ0PiA7Va4W3GVa48
r6AFWkwNblp1r93aHZ/IsSzLocfTUcO3XyRfDtWVODfXPyFkhkn4yVmftjODxXN1
bvloVzn+zrcVI/VEllUIkF0d3SW0P0gghwSXulDP16/ouExUPurUp/9wCunhVwjb
J2RRMrQ=
-----END CERTIFICATE-----