Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383130303a3a2f34302d3438203d3e2030.roa
File:                     326131333a633030373a383130303a3a2f34302d3438203d3e2030.roa (raw, json)
Hash identifier:          9TmRdtFuh9L1/cYO0eIjBNXNZCtbMYGiVPpJ+wymmgs=
Subject key identifier:   E1:D6:2F:67:CF:0D:8C:6B:9B:80:54:E1:E1:50:11:A2:2A:DB:D8:0F
Certificate issuer:       /CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
Certificate serial:       2A3BAC97DA90C40A0CEEDD5E4A81AE44EB347416
Authority key identifier: D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383130303a3a2f34302d3438203d3e2030.roa
Signing time:             Mon 16 Jun 2025 22:01:52 +0000
ROA not before:           Mon 16 Jun 2025 21:56:52 +0000
ROA not after:            Mon 15 Jun 2026 22:01:52 +0000
asID:                     0
IP address blocks:        2a13:c007:8100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl
                          rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:3b:ac:97:da:90:c4:0a:0c:ee:dd:5e:4a:81:ae:44:eb:34:74:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
        Validity
            Not Before: Jun 16 21:56:52 2025 GMT
            Not After : Jun 15 22:01:52 2026 GMT
        Subject: CN=E1D62F67CF0D8C6B9B8054E1E15011A22ADBD80F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:12:6d:9c:43:2e:06:f7:5a:6b:71:82:fe:d4:
                    f8:b5:3f:90:6c:f9:91:96:6b:e6:2a:9c:f4:2a:87:
                    8d:f5:a9:ce:e5:a2:05:e4:d6:0e:71:57:8e:69:cf:
                    ab:79:62:9d:7d:77:e9:91:c1:65:7b:1a:6d:4f:46:
                    a1:ad:aa:90:bf:53:1e:61:91:d6:0b:36:9b:ab:48:
                    8f:8a:f4:d1:6d:c2:2f:f8:da:e8:db:fd:23:f3:fe:
                    a2:78:cf:dc:4c:65:b0:3a:2d:60:7d:f2:36:aa:c3:
                    0c:57:da:eb:0d:28:da:df:b8:c4:bb:d4:d1:97:6f:
                    15:5c:c5:b5:83:18:e8:d4:98:35:23:85:69:58:a5:
                    3f:e7:b7:bb:07:13:87:49:88:8e:68:94:6e:cf:10:
                    26:6a:e1:e9:99:b8:b2:6c:f1:1f:3c:b7:29:32:ca:
                    be:07:2e:fe:89:ec:e7:58:37:5c:3c:3a:a0:20:1f:
                    39:4e:7a:a3:4d:35:91:fb:23:9f:b7:13:eb:00:ca:
                    62:19:46:6c:ea:3a:c7:21:21:8b:83:99:ad:2d:8c:
                    be:f0:3b:c0:21:b3:81:1f:9e:47:bc:c2:96:da:61:
                    f0:81:5d:09:aa:c0:3a:1f:30:d7:7e:6c:01:e5:13:
                    60:64:15:8b:93:e0:53:98:1d:51:b8:46:5e:69:79:
                    85:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D6:2F:67:CF:0D:8C:6B:9B:80:54:E1:E1:50:11:A2:2A:DB:D8:0F
            X509v3 Authority Key Identifier:
                keyid:D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383130303a3a2f34302d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8100::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:57:32:c9:a4:b3:0b:36:bc:7d:28:36:6a:b7:fd:3b:cf:3f:
         07:f1:07:ce:ca:66:1a:b3:a2:d0:e7:26:20:3d:e8:1f:7c:3a:
         02:4a:8d:23:a8:ce:3f:7c:35:a6:4c:b8:64:14:f0:2f:08:e2:
         42:89:56:b2:d2:27:be:85:6c:37:3e:6f:c4:b5:ea:c4:4c:cb:
         ca:1a:64:e0:77:63:45:29:9a:5c:e3:9a:91:4e:67:31:7e:b5:
         2b:f2:3f:1e:eb:0e:df:d8:fe:42:1c:87:7f:fd:6a:6e:f7:71:
         4a:7c:00:19:e2:5a:35:f1:ae:ce:25:cd:e4:5b:f1:ff:17:84:
         4a:56:03:8d:25:08:8d:bb:57:dc:70:ea:25:12:77:75:a8:ba:
         0d:ba:dc:7b:f2:1d:4f:b3:b4:c6:35:63:a8:44:5d:ee:54:10:
         eb:73:d9:e0:43:56:b5:87:2d:69:99:8f:d4:b2:dd:d3:c4:6e:
         58:34:ba:9f:74:5d:10:44:31:28:14:e0:5b:e5:67:e7:7b:c0:
         c9:7a:e9:75:ce:74:94:f9:6e:3a:67:94:31:4e:e5:83:78:c6:
         2f:92:55:8b:83:92:ba:08:62:bc:99:90:0c:8d:6e:75:67:41:
         36:bc:83:dd:35:7b:9e:98:db:be:91:81:2c:21:ac:79:27:48:
         60:56:3c:ba
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUKjusl9qQxAoM7t1eSoGuROs0dBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ3MDBkOGU2ZjAyMjU3MWEwYjI2ZmNkNGM3MGMwNDA4
ZWE0ZmZjOTAeFw0yNTA2MTYyMTU2NTJaFw0yNjA2MTUyMjAxNTJaMDMxMTAvBgNV
BAMTKEUxRDYyRjY3Q0YwRDhDNkI5QjgwNTRFMUUxNTAxMUEyMkFEQkQ4MEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEm2cQy4G91prcYL+1Pi1P5Bs
+ZGWa+YqnPQqh431qc7logXk1g5xV45pz6t5Yp19d+mRwWV7Gm1PRqGtqpC/Ux5h
kdYLNpurSI+K9NFtwi/42ujb/SPz/qJ4z9xMZbA6LWB98jaqwwxX2usNKNrfuMS7
1NGXbxVcxbWDGOjUmDUjhWlYpT/nt7sHE4dJiI5olG7PECZq4emZuLJs8R88tyky
yr4HLv6J7OdYN1w8OqAgHzlOeqNNNZH7I5+3E+sAymIZRmzqOschIYuDma0tjL7w
O8Ahs4Efnke8wpbaYfCBXQmqwDofMNd+bAHlE2BkFYuT4FOYHVG4Rl5peYXzAgMB
AAGjggImMIICIjAdBgNVHQ4EFgQU4dYvZ88NjGubgFTh4VARoirb2A8wHwYDVR0j
BBgwFoAU1HANjm8CJXGgsm/NTHDAQI6k/8kwDgYDVR0PAQH/BAQDAgeAMIGGBgNV
HR8EfzB9MHugeaB3hnVyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvNmFiOTZlN2E2MTMwNDk4YWE5ODEzZDdlZTViYmVkMzEvMTEvRDQ3MDBEOEU2
RjAyMjU3MUEwQjI2RkNENEM3MEMwNDA4RUE0RkZDOS5jcmwwZAYIKwYBBQUHAQEE
WDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzFIQU5qbThDSlhHZ3NtX05USERBUUk2a184ay5jZXIwgaMGCCsG
AQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS82YWI5NmU3YTYxMzA0OThhYTk4MTNkN2VlNWJiZWQz
MS8xMS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzEzMDMwM2EzYTJmMzQzMDJkMzQz
ODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYB
BQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqE8AHgTANBgkqhkiG9w0BAQsFAAOCAQEA
aFcyyaSzCza8fSg2arf9O88/B/EHzspmGrOi0OcmID3oH3w6AkqNI6jOP3w1pky4
ZBTwLwjiQolWstInvoVsNz5vxLXqxEzLyhpk4HdjRSmaXOOakU5nMX61K/I/HusO
39j+QhyHf/1qbvdxSnwAGeJaNfGuziXN5Fvx/xeESlYDjSUIjbtX3HDqJRJ3dai6
Dbrce/IdT7O0xjVjqERd7lQQ63PZ4ENWtYctaZmP1LLd08RuWDS6n3RdEEQxKBTg
W+Vn53vAyXrpdc50lPluOmeUMU7lg3jGL5JVi4OSughivJmQDI1udWdBNryD3TV7
npjbvpGBLCGseSdIYFY8ug==
-----END CERTIFICATE-----