Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
File:                     3138352e33342e302e302f32322d3232203d3e203336323336.roa (raw, json)
Hash identifier:          ItPDEJaaiheWVCDZyQwWvyIWZnQE045WogI2DJDuBVw=
Subject key identifier:   3B:16:FD:82:3E:BC:32:A4:2E:CE:95:FC:C6:12:19:54:A4:0A:2F:C1
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       5CC13FBE60C92740738B4E02ECB972E004B014DA
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa
Signing time:             Thu 26 Jun 2025 19:13:48 +0000
ROA not before:           Thu 26 Jun 2025 19:08:48 +0000
ROA not after:            Thu 25 Jun 2026 19:13:48 +0000
asID:                     36236
IP address blocks:        185.34.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c1:3f:be:60:c9:27:40:73:8b:4e:02:ec:b9:72:e0:04:b0:14:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jun 26 19:08:48 2025 GMT
            Not After : Jun 25 19:13:48 2026 GMT
        Subject: CN=3B16FD823EBC32A42ECE95FCC6121954A40A2FC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:11:0b:d2:af:c4:c3:7f:49:e9:3f:5c:da:39:
                    7f:99:9e:57:a5:7d:21:bb:b4:4f:fa:b7:70:dc:32:
                    cb:03:4e:23:16:9c:9a:f2:54:00:9b:40:48:63:c5:
                    5e:72:e9:aa:d9:ce:b7:9f:32:b9:63:7b:ac:cf:ef:
                    f2:b5:67:2d:d2:b3:92:2c:8a:54:a9:96:c5:3f:e8:
                    a1:11:4b:8c:d6:3b:60:4a:66:83:f9:64:3a:cf:46:
                    d9:30:4f:31:c4:db:67:25:f8:01:bd:2e:68:fb:e7:
                    e1:8a:bf:5d:d9:fa:35:2d:43:91:37:73:94:7c:f0:
                    bf:c9:55:7d:5e:dd:ca:df:43:2b:ae:be:40:2f:71:
                    64:e7:87:5c:16:df:39:52:5f:6f:4f:25:4c:3d:9c:
                    51:b3:d3:01:e4:fc:c0:f4:99:5d:d8:80:06:dc:ec:
                    e0:24:d3:54:32:6e:9d:93:68:8a:99:e2:6c:04:8f:
                    1d:6d:0d:1c:cc:24:5b:64:85:1d:c2:a6:ee:ca:66:
                    61:f8:5c:1c:d9:99:fa:42:68:38:13:14:99:00:3d:
                    7f:f7:6a:77:42:81:9d:bb:94:84:65:60:5a:ba:de:
                    6a:f5:ed:07:a1:be:56:5d:20:ff:46:25:43:94:ad:
                    ee:19:a6:05:45:b1:f7:f8:e3:41:a4:6e:73:c2:d5:
                    f6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:16:FD:82:3E:BC:32:A4:2E:CE:95:FC:C6:12:19:54:A4:0A:2F:C1
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e302e302f32322d3232203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:46:af:fa:fa:f0:f4:dc:a5:14:a4:ef:7b:90:a5:eb:9b:8d:
         f0:00:90:eb:aa:a3:68:96:e8:bc:b8:c9:87:45:24:be:f2:23:
         43:55:44:fb:49:d2:c0:6c:f6:d6:2e:23:51:41:e3:f5:02:d0:
         41:03:25:c6:48:af:e0:1b:9c:f3:d8:6b:1e:dc:25:ef:59:4c:
         ea:5d:78:27:db:d3:d2:4c:5b:90:e9:a1:d1:b9:dd:26:eb:a6:
         a4:83:dc:c3:a2:ea:05:26:f2:22:3e:72:bb:35:3f:7f:d2:16:
         4c:af:a3:cf:1c:05:d6:c6:ce:1f:b9:7b:43:b1:6d:c9:fe:09:
         4a:aa:6c:22:ee:63:fd:c0:75:b2:e8:c5:08:70:be:83:f2:e6:
         e6:5b:58:da:2c:9c:4a:fb:3e:99:f0:5e:cb:d8:03:25:fd:f3:
         e9:b4:b7:ac:5f:7b:b3:49:3f:03:74:1a:74:0d:50:f4:62:e1:
         f0:8f:16:00:eb:58:bb:cc:98:d5:17:ad:3e:5e:b9:9f:18:91:
         e8:c6:64:87:d4:b5:91:2f:bb:7d:37:ab:f2:69:9f:d5:64:db:
         7b:47:35:28:d8:b0:3c:6a:b1:a9:56:7c:9d:66:4b:9b:97:fe:
         10:34:a8:f7:9d:b7:42:7c:49:07:83:cd:a5:02:4c:a2:e9:2e:
         47:be:45:81
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUXME/vmDJJ0Bzi04C7Lly4ASwFNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA2MjYxOTA4NDhaFw0yNjA2MjUxOTEzNDhaMDMxMTAvBgNV
BAMTKDNCMTZGRDgyM0VCQzMyQTQyRUNFOTVGQ0M2MTIxOTU0QTQwQTJGQzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoEQvSr8TDf0npP1zaOX+Znlel
fSG7tE/6t3DcMssDTiMWnJryVACbQEhjxV5y6arZzrefMrlje6zP7/K1Zy3Ss5Is
ilSplsU/6KERS4zWO2BKZoP5ZDrPRtkwTzHE22cl+AG9Lmj75+GKv13Z+jUtQ5E3
c5R88L/JVX1e3crfQyuuvkAvcWTnh1wW3zlSX29PJUw9nFGz0wHk/MD0mV3YgAbc
7OAk01Qybp2TaIqZ4mwEjx1tDRzMJFtkhR3Cpu7KZmH4XBzZmfpCaDgTFJkAPX/3
andCgZ27lIRlYFq63mr17QehvlZdIP9GJUOUre4ZpgVFsff440GkbnPC1fbfAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUOxb9gj68MqQuzpX8xhIZVKQKL8EwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMwMmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEArkiADANBgkqhkiG9w0BAQsFAAOCAQEAMkav+vrw9Nyl
FKTve5Cl65uN8ACQ66qjaJbovLjJh0UkvvIjQ1VE+0nSwGz21i4jUUHj9QLQQQMl
xkiv4Buc89hrHtwl71lM6l14J9vT0kxbkOmh0bndJuumpIPcw6LqBSbyIj5yuzU/
f9IWTK+jzxwF1sbOH7l7Q7Ftyf4JSqpsIu5j/cB1sujFCHC+g/Lm5ltY2iycSvs+
mfBey9gDJf3z6bS3rF97s0k/A3QadA1Q9GLh8I8WAOtYu8yY1RetPl65nxiR6MZk
h9S1kS+7fTer8mmf1WTbe0c1KNiwPGqxqVZ8nWZLm5f+EDSo9523QnxJB4PNpQJM
oukuR75FgQ==
-----END CERTIFICATE-----