Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383230303a3a2f33392d3438203d3e2030.roa
File:                     326131333a633030373a383230303a3a2f33392d3438203d3e2030.roa (raw, json)
Hash identifier:          hhEj2TPgfyTRfuPypwsku9jubrEB+Go1ofo7gyUb+jE=
Subject key identifier:   E9:7A:E3:B7:71:D5:D1:C6:A6:73:78:B8:32:25:25:26:A1:32:CA:C5
Certificate issuer:       /CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
Certificate serial:       5DFA6DF824CC196E1A1EEB62AC382C4858BA5E26
Authority key identifier: D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383230303a3a2f33392d3438203d3e2030.roa
Signing time:             Mon 16 Jun 2025 22:04:58 +0000
ROA not before:           Mon 16 Jun 2025 21:59:58 +0000
ROA not after:            Mon 15 Jun 2026 22:04:58 +0000
asID:                     0
IP address blocks:        2a13:c007:8200::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl
                          rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:fa:6d:f8:24:cc:19:6e:1a:1e:eb:62:ac:38:2c:48:58:ba:5e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
        Validity
            Not Before: Jun 16 21:59:58 2025 GMT
            Not After : Jun 15 22:04:58 2026 GMT
        Subject: CN=E97AE3B771D5D1C6A67378B832252526A132CAC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:69:6c:49:dd:b0:e1:a8:fc:67:ef:2d:d1:6d:
                    bf:45:b9:9e:8b:77:14:65:10:c4:aa:87:ed:d6:09:
                    da:09:12:f1:18:13:07:b5:f5:a8:87:62:16:c2:d4:
                    66:42:06:36:67:91:31:9c:72:02:36:60:d6:2b:91:
                    26:35:61:32:3a:d2:f2:f5:35:dd:f6:72:57:b7:44:
                    f0:68:fd:d8:42:35:8e:a6:a4:67:ca:e7:cd:a5:45:
                    e9:09:c7:9f:5a:96:3b:69:b2:78:0f:82:2c:ea:30:
                    4e:3e:8d:9d:a5:ae:62:36:76:3e:1c:4a:c0:4d:29:
                    71:e0:85:41:76:e2:08:c8:ea:11:8f:36:f9:ae:41:
                    7a:86:06:0b:7b:bc:c6:6c:14:49:8d:37:2a:2f:de:
                    8c:f3:04:ed:01:1c:ce:ba:ee:61:cb:3b:b0:c5:17:
                    58:bc:10:85:9f:b5:4c:65:ad:21:3a:de:f1:ea:60:
                    e6:fc:27:08:9d:01:bf:b5:a9:2b:af:ee:c3:8f:fa:
                    46:46:8f:8e:d8:4d:d0:40:ba:04:65:d5:11:48:f6:
                    76:bc:85:ad:d4:ae:b5:1b:cc:8d:a6:90:bd:c7:98:
                    86:fc:33:fd:65:4b:f7:9a:a7:29:6b:81:8f:63:2d:
                    06:f3:0e:01:dc:7e:74:cd:ca:a7:f3:e8:eb:a5:6c:
                    00:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:7A:E3:B7:71:D5:D1:C6:A6:73:78:B8:32:25:25:26:A1:32:CA:C5
            X509v3 Authority Key Identifier:
                keyid:D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383230303a3a2f33392d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8200::/39

    Signature Algorithm: sha256WithRSAEncryption
         28:23:46:8c:5c:70:2d:31:aa:bb:24:60:a6:f8:d3:5a:f7:aa:
         ce:ef:fa:ae:bd:ed:0f:92:34:dd:9c:f2:cc:a7:08:96:1c:63:
         cd:ab:2e:21:cb:ae:48:36:a0:83:93:0e:16:ed:53:d8:c1:b4:
         00:ed:62:88:7b:47:6e:6c:2c:6f:b7:8b:08:88:d1:05:18:49:
         15:e2:21:e7:f1:6f:76:ae:e3:12:24:0b:00:d3:5b:85:b0:1a:
         99:8d:e3:96:1c:79:b1:c9:26:7a:e5:9a:4a:52:e8:ce:ab:94:
         1c:fa:08:af:78:39:0a:2a:6b:81:ff:b4:cb:a4:95:a5:b8:bd:
         86:b1:50:ab:41:99:5f:a9:c8:72:c2:62:53:df:34:06:43:1f:
         73:26:7d:ee:e1:6c:cb:ca:bd:86:64:71:f0:9a:f1:b1:74:a4:
         42:76:fa:4b:a6:7d:88:b1:6f:7f:d4:fd:db:e2:39:ab:9a:bf:
         cb:81:7b:47:cc:36:b7:c6:6c:db:f9:10:8a:26:ba:a2:61:a2:
         1d:0f:32:3b:08:a5:07:9f:4d:4d:38:f1:fe:93:f6:ed:02:89:
         ed:d1:04:6e:75:24:3f:e5:3c:ca:0e:30:e7:78:4d:36:d0:76:
         46:2c:c7:0c:b8:1b:5f:1e:19:24:5f:1c:ce:fd:6f:c7:4f:35:
         6a:a6:d3:ce
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUXfpt+CTMGW4aHutirDgsSFi6XiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ3MDBkOGU2ZjAyMjU3MWEwYjI2ZmNkNGM3MGMwNDA4
ZWE0ZmZjOTAeFw0yNTA2MTYyMTU5NThaFw0yNjA2MTUyMjA0NThaMDMxMTAvBgNV
BAMTKEU5N0FFM0I3NzFENUQxQzZBNjczNzhCODMyMjUyNTI2QTEzMkNBQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGaWxJ3bDhqPxn7y3Rbb9FuZ6L
dxRlEMSqh+3WCdoJEvEYEwe19aiHYhbC1GZCBjZnkTGccgI2YNYrkSY1YTI60vL1
Nd32cle3RPBo/dhCNY6mpGfK582lRekJx59aljtpsngPgizqME4+jZ2lrmI2dj4c
SsBNKXHghUF24gjI6hGPNvmuQXqGBgt7vMZsFEmNNyov3ozzBO0BHM667mHLO7DF
F1i8EIWftUxlrSE63vHqYOb8JwidAb+1qSuv7sOP+kZGj47YTdBAugRl1RFI9na8
ha3UrrUbzI2mkL3HmIb8M/1lS/eapylrgY9jLQbzDgHcfnTNyqfz6OulbAAVAgMB
AAGjggImMIICIjAdBgNVHQ4EFgQU6Xrjt3HV0camc3i4MiUlJqEyysUwHwYDVR0j
BBgwFoAU1HANjm8CJXGgsm/NTHDAQI6k/8kwDgYDVR0PAQH/BAQDAgeAMIGGBgNV
HR8EfzB9MHugeaB3hnVyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvNmFiOTZlN2E2MTMwNDk4YWE5ODEzZDdlZTViYmVkMzEvMTEvRDQ3MDBEOEU2
RjAyMjU3MUEwQjI2RkNENEM3MEMwNDA4RUE0RkZDOS5jcmwwZAYIKwYBBQUHAQEE
WDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzFIQU5qbThDSlhHZ3NtX05USERBUUk2a184ay5jZXIwgaMGCCsG
AQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS82YWI5NmU3YTYxMzA0OThhYTk4MTNkN2VlNWJiZWQz
MS8xMS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzIzMDMwM2EzYTJmMzMzOTJkMzQz
ODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYB
BQUHAQcBAf8EEjAQMA4EAgACMAgDBgEqE8AHgjANBgkqhkiG9w0BAQsFAAOCAQEA
KCNGjFxwLTGquyRgpvjTWveqzu/6rr3tD5I03ZzyzKcIlhxjzasuIcuuSDagg5MO
Fu1T2MG0AO1iiHtHbmwsb7eLCIjRBRhJFeIh5/Fvdq7jEiQLANNbhbAamY3jlhx5
sckmeuWaSlLozquUHPoIr3g5Ciprgf+0y6SVpbi9hrFQq0GZX6nIcsJiU980BkMf
cyZ97uFsy8q9hmRx8JrxsXSkQnb6S6Z9iLFvf9T92+I5q5q/y4F7R8w2t8Zs2/kQ
iia6omGiHQ8yOwilB59NTTjx/pP27QKJ7dEEbnUkP+U8yg4w53hNNtB2RizHDLgb
Xx4ZJF8czv1vx081aqbTzg==
-----END CERTIFICATE-----