Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          /qEJeMmFuqju1pMUlY0OOqaK4rJaz614jTHUSETfw4Q=
Subject key identifier:   C5:BF:43:01:03:D5:B0:AA:64:6B:01:09:C8:CC:64:69:44:17:A9:30
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       61D23366DB25E38DCEA61F3E4E9D121D979393AA
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa
Signing time:             Thu 01 May 2025 19:47:16 +0000
ROA not before:           Thu 01 May 2025 19:42:16 +0000
ROA not after:            Thu 30 Apr 2026 19:47:16 +0000
asID:                     36236
IP address blocks:        2a00:dd80:d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 15:56:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:d2:33:66:db:25:e3:8d:ce:a6:1f:3e:4e:9d:12:1d:97:93:93:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: May  1 19:42:16 2025 GMT
            Not After : Apr 30 19:47:16 2026 GMT
        Subject: CN=C5BF430103D5B0AA646B0109C8CC64694417A930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1a:e1:31:38:43:e9:b7:f7:b0:0c:de:e7:67:
                    2d:c8:a3:8a:98:fa:45:49:2e:bf:9e:b8:9d:c2:34:
                    40:31:65:54:29:a7:8b:7e:f5:90:7a:d5:c2:04:e6:
                    e1:01:ae:1e:fc:40:10:34:e2:28:e5:82:77:2e:66:
                    9b:29:f4:d5:e4:34:dc:f1:d4:5a:71:80:78:7b:ac:
                    15:16:a1:4f:1b:d9:b6:48:1a:c3:d0:4f:b8:ed:03:
                    e7:3f:5e:17:e0:e7:f2:c8:8a:68:ff:62:77:0e:55:
                    32:19:3b:8d:48:c1:bd:b3:0b:af:de:27:7e:b3:d2:
                    7d:0b:94:84:bc:65:09:5e:f3:4a:04:8b:b8:de:2e:
                    d7:6c:dc:c5:16:22:ce:c8:66:3f:ae:cb:f2:8d:09:
                    60:dc:aa:cf:0a:3e:5d:1b:e5:7b:e2:81:c6:ed:e3:
                    e8:8b:ad:24:5a:12:45:54:56:7c:e4:b1:2f:0c:1a:
                    65:6e:b1:ac:e2:ea:41:31:86:71:12:e6:f3:08:64:
                    67:a6:3c:7c:d6:e0:56:0a:75:2f:8a:31:1f:25:b1:
                    1d:cc:da:2f:b4:79:55:37:44:c0:a6:fd:7b:75:ff:
                    7b:72:21:d9:c8:5d:7a:4d:10:cd:c4:8b:14:4b:f0:
                    8b:e3:52:54:7c:46:ab:c5:12:8f:ab:c3:b1:fc:d6:
                    ab:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BF:43:01:03:D5:B0:AA:64:6B:01:09:C8:CC:64:69:44:17:A9:30
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:b5:e6:07:02:0a:f5:0f:49:86:4d:b3:6c:31:7c:a2:d7:a6:
         12:c2:eb:91:39:11:9d:0d:b2:ad:ff:35:74:53:87:5d:68:8e:
         9c:a2:ca:da:0b:f1:b7:1f:42:3e:7a:b6:6a:8b:13:b8:20:83:
         24:33:cb:47:95:cf:99:69:b3:d7:76:37:59:c8:ee:fa:43:af:
         b2:7c:04:b1:51:10:c9:6e:8d:00:ac:e0:95:0f:54:89:09:4b:
         34:77:8e:bc:3e:6d:ee:9c:45:f1:ed:df:5f:0f:6e:f2:f8:a9:
         cb:cf:9f:53:01:52:68:fa:9a:3d:ec:ed:0b:3d:13:9e:8a:67:
         aa:e7:9c:b0:24:66:47:10:0e:0b:c4:17:a0:c3:64:d5:4f:6c:
         f0:88:3a:fb:7d:10:13:b7:45:df:a0:fa:16:17:7d:41:cb:22:
         05:5e:6a:c5:84:0c:c4:66:a4:b0:dd:79:b3:89:ca:0e:2e:ae:
         16:d4:26:52:85:fa:ad:1b:7f:6d:89:4a:d8:5e:05:ef:82:b9:
         c4:cb:24:40:db:69:76:87:60:2c:f2:20:e7:e8:05:28:31:09:
         b3:5d:08:70:79:fb:f9:ea:f0:bd:bc:34:b9:48:b3:93:43:e0:
         9a:f3:05:e5:0e:f9:d7:00:0d:6a:06:f3:5f:b8:15:6a:cc:53:
         88:3e:ac:1b
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUYdIzZtsl443Oph8+Tp0SHZeTk6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA1MDExOTQyMTZaFw0yNjA0MzAxOTQ3MTZaMDMxMTAvBgNV
BAMTKEM1QkY0MzAxMDNENUIwQUE2NDZCMDEwOUM4Q0M2NDY5NDQxN0E5MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAGuExOEPpt/ewDN7nZy3Io4qY
+kVJLr+euJ3CNEAxZVQpp4t+9ZB61cIE5uEBrh78QBA04ijlgncuZpsp9NXkNNzx
1FpxgHh7rBUWoU8b2bZIGsPQT7jtA+c/Xhfg5/LIimj/YncOVTIZO41Iwb2zC6/e
J36z0n0LlIS8ZQle80oEi7jeLtds3MUWIs7IZj+uy/KNCWDcqs8KPl0b5Xvigcbt
4+iLrSRaEkVUVnzksS8MGmVusazi6kExhnES5vMIZGemPHzW4FYKdS+KMR8lsR3M
2i+0eVU3RMCm/Xt1/3tyIdnIXXpNEM3EixRL8IvjUlR8RqvFEo+rw7H81qvBAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQUxb9DAQPVsKpkawEJyMxkaUQXqTAwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2E2NDNhM2EyZjM0MzgyZDM0MzgyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYB
BQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAN2AAA0wDQYJKoZIhvcNAQELBQADggEB
AI+15gcCCvUPSYZNs2wxfKLXphLC65E5EZ0Nsq3/NXRTh11ojpyiytoL8bcfQj56
tmqLE7gggyQzy0eVz5lps9d2N1nI7vpDr7J8BLFREMlujQCs4JUPVIkJSzR3jrw+
be6cRfHt318PbvL4qcvPn1MBUmj6mj3s7Qs9E56KZ6rnnLAkZkcQDgvEF6DDZNVP
bPCIOvt9EBO3Rd+g+hYXfUHLIgVeasWEDMRmpLDdebOJyg4urhbUJlKF+q0bf22J
StheBe+CucTLJEDbaXaHYCzyIOfoBSgxCbNdCHB5+/nq8L28NLlIs5ND4JrzBeUO
+dcADWoG81+4FWrMU4g+rBs=
-----END CERTIFICATE-----