Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a633030303a3a2f33342d3438203d3e2030.roa
File:                     326131333a633030373a633030303a3a2f33342d3438203d3e2030.roa (raw, json)
Hash identifier:          /v4SqfX+BigD9dMYATYfyaCFabkOlXsoTeJ2iudcdLE=
Subject key identifier:   2C:CC:08:EF:AA:54:F1:00:87:27:A2:2B:2E:D5:43:ED:B5:3B:5E:7A
Certificate issuer:       /CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
Certificate serial:       1988FA70EA0743A5D8EAFA017E872B2A96CC0232
Authority key identifier: D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a633030303a3a2f33342d3438203d3e2030.roa
Signing time:             Mon 16 Jun 2025 22:06:31 +0000
ROA not before:           Mon 16 Jun 2025 22:01:31 +0000
ROA not after:            Mon 15 Jun 2026 22:06:31 +0000
asID:                     0
IP address blocks:        2a13:c007:c000::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl
                          rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:88:fa:70:ea:07:43:a5:d8:ea:fa:01:7e:87:2b:2a:96:cc:02:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
        Validity
            Not Before: Jun 16 22:01:31 2025 GMT
            Not After : Jun 15 22:06:31 2026 GMT
        Subject: CN=2CCC08EFAA54F1008727A22B2ED543EDB53B5E7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a0:98:55:61:4e:72:e8:2e:cd:5f:0e:f0:b8:
                    88:db:35:26:70:a1:90:22:2d:fc:de:fe:9e:2f:ad:
                    d0:48:9f:62:bc:f5:4d:0a:2d:31:b8:2a:35:01:eb:
                    2d:63:20:e0:03:b0:6b:de:08:ce:0f:f4:56:7f:ac:
                    11:f6:a3:c7:22:c4:95:18:e7:9c:13:53:2f:b4:3b:
                    45:fc:c7:1d:e9:a4:b9:89:bd:db:79:07:3c:31:d0:
                    1c:53:b7:b5:4d:c8:cb:ab:18:03:e6:b3:db:7b:f6:
                    ff:ca:1a:c3:aa:42:f0:03:dd:f4:3c:5a:b1:86:f8:
                    1c:af:32:5b:5e:92:47:82:e4:1a:cb:16:37:97:24:
                    e2:85:ef:db:b5:9d:b7:03:47:16:e4:14:04:c1:6c:
                    e7:6c:b6:36:a4:55:dc:32:d6:d5:31:34:4d:6c:71:
                    41:0b:a8:5a:55:ed:52:94:86:4e:07:29:03:d0:11:
                    d9:5e:3f:64:cc:5d:1f:ca:48:89:c1:41:0c:2e:34:
                    6d:68:88:a0:5f:25:1c:98:46:89:6a:98:88:b6:b3:
                    b0:f7:45:ba:61:6b:1c:97:22:ec:04:63:fd:66:68:
                    c8:9a:05:9c:7d:15:2d:43:0f:71:f5:37:3b:39:d8:
                    63:68:91:de:0d:3f:18:ba:ca:e2:87:ff:8a:c0:c2:
                    e2:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:CC:08:EF:AA:54:F1:00:87:27:A2:2B:2E:D5:43:ED:B5:3B:5E:7A
            X509v3 Authority Key Identifier:
                keyid:D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a633030303a3a2f33342d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:c000::/34

    Signature Algorithm: sha256WithRSAEncryption
         93:9b:d2:6a:9a:c0:c3:c1:7c:42:25:f8:eb:91:60:5b:63:9d:
         75:95:fa:75:7b:95:d2:2f:6f:96:08:50:83:c0:b6:f3:7b:a3:
         14:e7:e8:85:27:c5:9b:e8:ef:6a:a2:d5:61:9b:3b:de:6d:1f:
         70:d6:80:32:4a:21:27:b8:86:10:1b:c7:5b:40:45:0a:7a:70:
         cd:82:7b:2c:da:8a:4a:ec:ba:84:2d:e5:87:bf:3d:f9:e1:94:
         fc:e5:fa:92:a5:84:af:fe:8e:45:41:06:58:4c:3f:1a:94:23:
         c5:0b:e5:c2:78:f9:9e:56:97:b3:1f:3c:4a:9e:2c:4f:ff:4e:
         63:69:b2:81:31:01:b7:3c:c6:07:7b:6f:60:69:2c:93:19:bd:
         b1:bb:05:07:c6:cc:22:c6:f4:12:dd:4b:6f:53:78:61:76:95:
         ef:c4:6d:d1:ca:cd:49:cd:5c:6e:1f:eb:3d:1c:75:bc:cf:89:
         93:f9:5b:37:f9:79:6e:9c:d5:3e:93:86:cc:f8:19:51:6a:51:
         cc:be:aa:e8:87:72:c6:78:e2:0b:c0:6f:01:16:7e:28:1a:3f:
         82:a4:90:8e:23:b4:35:a1:aa:40:12:11:88:a0:30:f8:52:54:
         3a:9d:3c:f4:4b:af:fc:08:0e:4d:9a:ab:70:20:2f:a9:6d:ae:
         0a:10:8f:71
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUGYj6cOoHQ6XY6voBfocrKpbMAjIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ3MDBkOGU2ZjAyMjU3MWEwYjI2ZmNkNGM3MGMwNDA4
ZWE0ZmZjOTAeFw0yNTA2MTYyMjAxMzFaFw0yNjA2MTUyMjA2MzFaMDMxMTAvBgNV
BAMTKDJDQ0MwOEVGQUE1NEYxMDA4NzI3QTIyQjJFRDU0M0VEQjUzQjVFN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYoJhVYU5y6C7NXw7wuIjbNSZw
oZAiLfze/p4vrdBIn2K89U0KLTG4KjUB6y1jIOADsGveCM4P9FZ/rBH2o8cixJUY
55wTUy+0O0X8xx3ppLmJvdt5Bzwx0BxTt7VNyMurGAPms9t79v/KGsOqQvAD3fQ8
WrGG+ByvMltekkeC5BrLFjeXJOKF79u1nbcDRxbkFATBbOdstjakVdwy1tUxNE1s
cUELqFpV7VKUhk4HKQPQEdleP2TMXR/KSInBQQwuNG1oiKBfJRyYRolqmIi2s7D3
RbphaxyXIuwEY/1maMiaBZx9FS1DD3H1Nzs52GNokd4NPxi6yuKH/4rAwuJTAgMB
AAGjggImMIICIjAdBgNVHQ4EFgQULMwI76pU8QCHJ6IrLtVD7bU7XnowHwYDVR0j
BBgwFoAU1HANjm8CJXGgsm/NTHDAQI6k/8kwDgYDVR0PAQH/BAQDAgeAMIGGBgNV
HR8EfzB9MHugeaB3hnVyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvNmFiOTZlN2E2MTMwNDk4YWE5ODEzZDdlZTViYmVkMzEvMTEvRDQ3MDBEOEU2
RjAyMjU3MUEwQjI2RkNENEM3MEMwNDA4RUE0RkZDOS5jcmwwZAYIKwYBBQUHAQEE
WDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzFIQU5qbThDSlhHZ3NtX05USERBUUk2a184ay5jZXIwgaMGCCsG
AQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS82YWI5NmU3YTYxMzA0OThhYTk4MTNkN2VlNWJiZWQz
MS8xMS8zMjYxMzEzMzNhNjMzMDMwMzczYTYzMzAzMDMwM2EzYTJmMzMzNDJkMzQz
ODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYB
BQUHAQcBAf8EEjAQMA4EAgACMAgDBgYqE8AHwDANBgkqhkiG9w0BAQsFAAOCAQEA
k5vSaprAw8F8QiX465FgW2OddZX6dXuV0i9vlghQg8C283ujFOfohSfFm+jvaqLV
YZs73m0fcNaAMkohJ7iGEBvHW0BFCnpwzYJ7LNqKSuy6hC3lh789+eGU/OX6kqWE
r/6ORUEGWEw/GpQjxQvlwnj5nlaXsx88Sp4sT/9OY2mygTEBtzzGB3tvYGkskxm9
sbsFB8bMIsb0Et1Lb1N4YXaV78Rt0crNSc1cbh/rPRx1vM+Jk/lbN/l5bpzVPpOG
zPgZUWpRzL6q6IdyxnjiC8BvARZ+KBo/gqSQjiO0NaGqQBIRiKAw+FJUOp089Euv
/AgOTZqrcCAvqW2uChCPcQ==
-----END CERTIFICATE-----