Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a393030303a3a2f33362d3438203d3e2030.roa
File:                     326131333a633030373a393030303a3a2f33362d3438203d3e2030.roa (raw, json)
Hash identifier:          IpqOgnJCnuHs3dbg22KA9hao6/QT7x8yp0d5Q6WeR40=
Subject key identifier:   4E:40:A7:2E:B2:57:DF:27:4C:3A:C5:AC:1A:46:35:87:14:72:5D:9C
Certificate issuer:       /CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
Certificate serial:       7C3537B195116E5E7EA92B31C660175A7BFD7FEB
Authority key identifier: D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a393030303a3a2f33362d3438203d3e2030.roa
Signing time:             Mon 16 Jun 2025 22:05:58 +0000
ROA not before:           Mon 16 Jun 2025 22:00:58 +0000
ROA not after:            Mon 15 Jun 2026 22:05:58 +0000
asID:                     0
IP address blocks:        2a13:c007:9000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl
                          rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:35:37:b1:95:11:6e:5e:7e:a9:2b:31:c6:60:17:5a:7b:fd:7f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
        Validity
            Not Before: Jun 16 22:00:58 2025 GMT
            Not After : Jun 15 22:05:58 2026 GMT
        Subject: CN=4E40A72EB257DF274C3AC5AC1A46358714725D9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:60:ef:b6:ec:59:ca:19:db:5f:cd:24:1f:70:
                    75:05:00:f5:7a:db:d1:c2:34:7d:cb:b3:ce:50:65:
                    3d:81:0f:48:bc:02:c8:6b:e0:d1:cd:e5:91:8a:62:
                    8e:87:cb:a5:2b:f2:77:4c:c7:d2:4c:2f:ba:fc:2b:
                    36:b5:35:e6:12:df:29:58:e3:4b:e7:50:05:ed:52:
                    ba:9a:f3:84:0f:3e:1c:e4:c0:86:a2:9d:b6:1c:a4:
                    64:16:ce:1a:aa:5d:91:93:72:cf:03:a6:a9:d1:cb:
                    61:c6:98:ad:50:d6:19:1f:21:3c:93:35:be:09:5e:
                    bc:2e:90:3c:56:14:7f:60:11:41:50:07:14:53:3a:
                    8d:3e:93:88:bf:7e:8a:e0:0f:7a:e1:51:7f:82:3d:
                    7b:4f:65:44:57:34:db:c3:fd:8d:91:6e:54:d1:a8:
                    55:8f:e7:3f:fc:7b:e3:df:6b:89:86:5e:aa:d8:13:
                    75:5f:ff:31:8e:69:f6:26:ad:a9:c5:50:15:5c:e0:
                    62:40:14:96:3a:04:99:42:00:39:00:70:4c:9e:8d:
                    4c:74:37:96:cd:8c:4f:21:01:03:02:46:e1:e3:53:
                    62:5e:fb:8e:6b:5f:ed:3f:9c:38:8a:9d:70:bd:28:
                    c5:95:dc:0f:5e:2c:49:2b:e6:2b:af:ca:34:21:de:
                    49:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:40:A7:2E:B2:57:DF:27:4C:3A:C5:AC:1A:46:35:87:14:72:5D:9C
            X509v3 Authority Key Identifier:
                keyid:D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a393030303a3a2f33362d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         91:9e:9a:25:0f:f2:5e:25:fb:a8:45:7f:80:1c:6f:ef:c9:c2:
         d5:05:1d:57:50:6a:97:c3:89:3f:61:8e:ab:2b:93:6a:ad:3c:
         35:36:a5:a3:67:c6:45:10:20:54:cf:9c:25:fc:f4:ba:43:21:
         f1:72:f3:bd:34:1c:e2:7b:36:c6:c4:c2:f2:34:1d:4f:c0:38:
         77:2b:67:0d:8d:c4:cd:2b:a2:0f:1d:bb:7c:d0:7b:e1:1d:b5:
         2f:79:bc:41:70:82:8a:f3:98:99:f2:66:54:29:4e:06:5d:78:
         a1:35:8d:cd:c4:ee:02:16:3b:af:3d:85:11:85:9e:6b:10:af:
         59:f5:98:9d:b5:99:25:1b:b9:2e:93:1e:cd:52:35:5e:61:0a:
         d6:60:1f:31:c9:13:63:2f:eb:72:9b:3b:43:dc:bc:0c:fe:5a:
         eb:45:60:2e:be:48:94:89:26:b7:da:58:82:e2:09:56:b2:48:
         8b:13:78:b4:ff:85:07:34:51:f3:2a:82:04:3d:de:c6:c0:e6:
         71:52:ad:c4:bc:f3:c8:8e:9b:4f:e2:0f:cb:3e:f7:65:32:f3:
         4e:4b:6f:18:b3:33:fb:1d:27:b1:6c:90:bd:bf:9c:fa:7f:6d:
         56:69:b4:91:df:14:c3:c6:23:03:5e:01:1f:1f:bc:32:fd:a6:
         5f:22:e5:83
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUfDU3sZURbl5+qSsxxmAXWnv9f+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ3MDBkOGU2ZjAyMjU3MWEwYjI2ZmNkNGM3MGMwNDA4
ZWE0ZmZjOTAeFw0yNTA2MTYyMjAwNThaFw0yNjA2MTUyMjA1NThaMDMxMTAvBgNV
BAMTKDRFNDBBNzJFQjI1N0RGMjc0QzNBQzVBQzFBNDYzNTg3MTQ3MjVEOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcYO+27FnKGdtfzSQfcHUFAPV6
29HCNH3Ls85QZT2BD0i8Ashr4NHN5ZGKYo6Hy6Ur8ndMx9JML7r8Kza1NeYS3ylY
40vnUAXtUrqa84QPPhzkwIainbYcpGQWzhqqXZGTcs8DpqnRy2HGmK1Q1hkfITyT
Nb4JXrwukDxWFH9gEUFQBxRTOo0+k4i/forgD3rhUX+CPXtPZURXNNvD/Y2RblTR
qFWP5z/8e+Pfa4mGXqrYE3Vf/zGOafYmranFUBVc4GJAFJY6BJlCADkAcEyejUx0
N5bNjE8hAQMCRuHjU2Je+45rX+0/nDiKnXC9KMWV3A9eLEkr5iuvyjQh3kmVAgMB
AAGjggImMIICIjAdBgNVHQ4EFgQUTkCnLrJX3ydMOsWsGkY1hxRyXZwwHwYDVR0j
BBgwFoAU1HANjm8CJXGgsm/NTHDAQI6k/8kwDgYDVR0PAQH/BAQDAgeAMIGGBgNV
HR8EfzB9MHugeaB3hnVyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvNmFiOTZlN2E2MTMwNDk4YWE5ODEzZDdlZTViYmVkMzEvMTEvRDQ3MDBEOEU2
RjAyMjU3MUEwQjI2RkNENEM3MEMwNDA4RUE0RkZDOS5jcmwwZAYIKwYBBQUHAQEE
WDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzFIQU5qbThDSlhHZ3NtX05USERBUUk2a184ay5jZXIwgaMGCCsG
AQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS82YWI5NmU3YTYxMzA0OThhYTk4MTNkN2VlNWJiZWQz
MS8xMS8zMjYxMzEzMzNhNjMzMDMwMzczYTM5MzAzMDMwM2EzYTJmMzMzNjJkMzQz
ODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYB
BQUHAQcBAf8EEjAQMA4EAgACMAgDBgQqE8AHkDANBgkqhkiG9w0BAQsFAAOCAQEA
kZ6aJQ/yXiX7qEV/gBxv78nC1QUdV1Bql8OJP2GOqyuTaq08NTalo2fGRRAgVM+c
Jfz0ukMh8XLzvTQc4ns2xsTC8jQdT8A4dytnDY3EzSuiDx27fNB74R21L3m8QXCC
ivOYmfJmVClOBl14oTWNzcTuAhY7rz2FEYWeaxCvWfWYnbWZJRu5LpMezVI1XmEK
1mAfMckTYy/rcps7Q9y8DP5a60VgLr5IlIkmt9pYguIJVrJIixN4tP+FBzRR8yqC
BD3exsDmcVKtxLzzyI6bT+IPyz73ZTLzTktvGLMz+x0nsWyQvb+c+n9tVmm0kd8U
w8YjA14BHx+8Mv2mXyLlgw==
-----END CERTIFICATE-----