Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa
File:                     326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa (raw, json)
Hash identifier:          zyWllPgxDAAVzqcKjLkj98pJEV2ihCRT3VTAol6IT34=
Subject key identifier:   92:57:F2:71:47:F4:D6:23:38:06:D5:9C:35:53:D7:BB:44:2F:76:EF
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       4C84D4D5540C68307ABFE22F687B01617B61C199
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa
Signing time:             Mon 04 Aug 2025 20:13:52 +0000
ROA not before:           Mon 04 Aug 2025 20:08:52 +0000
ROA not after:            Mon 03 Aug 2026 20:13:52 +0000
asID:                     199438
IP address blocks:        2a00:dd80:fb81::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:84:d4:d5:54:0c:68:30:7a:bf:e2:2f:68:7b:01:61:7b:61:c1:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug  4 20:08:52 2025 GMT
            Not After : Aug  3 20:13:52 2026 GMT
        Subject: CN=9257F27147F4D6233806D59C3553D7BB442F76EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b0:34:7a:3b:09:ec:de:d6:58:76:2d:29:d3:
                    2c:41:c5:48:15:7b:ca:cc:57:c3:b6:4f:3b:a3:45:
                    08:4d:75:57:e7:f9:3b:53:c5:83:d3:ca:5f:65:4c:
                    de:8b:c6:a3:b3:a2:ab:d7:e8:e5:09:ed:d6:4a:59:
                    50:f0:0c:75:22:e0:5a:ed:13:28:83:4c:06:8e:05:
                    be:8d:3a:f3:ab:bd:e2:7d:3b:5f:a1:06:f7:e3:f7:
                    23:93:79:a6:93:ae:1b:7f:dd:8f:df:38:93:c6:8a:
                    db:d6:eb:a4:d5:4a:ff:7a:82:b7:c0:09:0a:a9:67:
                    ed:6b:88:c1:d5:97:a8:a8:56:ac:78:92:13:5c:0f:
                    e3:13:7e:eb:c0:ae:13:a6:f1:22:6e:aa:27:a1:53:
                    c6:68:e1:ea:e0:b5:45:88:64:87:3d:8a:ca:c8:9a:
                    aa:b2:c6:92:ee:49:e9:69:9d:1c:b4:5f:fa:de:ff:
                    51:f1:19:73:0a:c9:70:5f:52:7c:73:d9:87:a3:70:
                    32:94:ad:6e:e9:5a:12:a5:06:67:3b:e8:c1:0a:bb:
                    26:c2:76:38:59:1f:6c:f8:a1:54:d7:f6:b1:6e:3c:
                    49:82:09:a2:4a:e0:0d:10:6e:e1:70:d6:b5:e9:c3:
                    8f:80:ae:1d:30:ea:07:29:ed:08:61:15:96:5d:26:
                    e6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:57:F2:71:47:F4:D6:23:38:06:D5:9C:35:53:D7:BB:44:2F:76:EF
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a666238313a3a2f34382d3438203d3e20313939343338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:fb81::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:05:cc:7d:5f:e1:7d:c5:56:eb:65:67:c7:41:16:53:a5:3a:
         8c:f6:6b:7b:63:e9:ac:db:5d:33:a4:7f:fb:fd:c8:8c:9a:11:
         4b:f8:16:8a:f0:df:e0:8c:b2:38:b8:01:92:57:80:ea:c6:2e:
         50:f3:6e:a7:69:5e:c6:77:f3:49:ac:41:4d:7e:d7:09:76:f2:
         d5:01:0d:c1:ed:c4:e8:be:cb:c5:38:59:a5:89:4b:7d:16:cf:
         d7:1a:4b:cb:a2:eb:c1:d0:fb:28:2e:1d:22:c9:ed:83:a6:2a:
         e0:83:3c:24:db:dd:37:5c:41:16:45:da:74:5b:53:aa:02:57:
         70:ab:c5:8a:4f:ed:97:5b:56:2d:50:36:b2:d8:03:1d:8c:24:
         f0:95:15:5e:0c:03:55:19:b6:94:98:97:85:ec:9e:f1:a0:7c:
         d2:28:3a:5f:20:3b:b2:b9:81:31:4c:2b:46:60:18:3a:c5:8e:
         d3:c8:f4:75:be:b6:fb:27:67:eb:b3:02:99:9b:3e:3d:7c:86:
         fd:76:fb:9f:f8:1f:2e:1e:f2:6f:30:64:ee:40:89:d2:a9:77:
         85:a8:08:27:d2:21:b7:5e:30:45:08:f9:b1:3b:26:f2:a9:49:
         73:bf:c3:1e:e5:2e:a2:d1:fe:f8:75:b5:b5:9d:4e:2c:5f:44:
         bb:9f:72:ad
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIUTITU1VQMaDB6v+IvaHsBYXthwZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA4MDQyMDA4NTJaFw0yNjA4MDMyMDEzNTJaMDMxMTAvBgNV
BAMTKDkyNTdGMjcxNDdGNEQ2MjMzODA2RDU5QzM1NTNEN0JCNDQyRjc2RUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlsDR6Owns3tZYdi0p0yxBxUgV
e8rMV8O2TzujRQhNdVfn+TtTxYPTyl9lTN6LxqOzoqvX6OUJ7dZKWVDwDHUi4Frt
EyiDTAaOBb6NOvOrveJ9O1+hBvfj9yOTeaaTrht/3Y/fOJPGitvW66TVSv96grfA
CQqpZ+1riMHVl6ioVqx4khNcD+MTfuvArhOm8SJuqiehU8Zo4ergtUWIZIc9isrI
mqqyxpLuSelpnRy0X/re/1HxGXMKyXBfUnxz2YejcDKUrW7pWhKlBmc76MEKuybC
djhZH2z4oVTX9rFuPEmCCaJK4A0QbuFw1rXpw4+Arh0w6gcp7QhhFZZdJuYjAgMB
AAGjggIvMIICKzAdBgNVHQ4EFgQUklfycUf01iM4BtWcNVPXu0Qvdu8wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBrAYIKwYB
BQUHAQsEgZ8wgZwwgZkGCCsGAQUFBzALhoGMcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2E2NjYyMzgzMTNhM2EyZjM0MzgyZDM0Mzgy
MDNkM2UyMDMxMzkzOTM0MzMzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YD7gTANBgkqhkiG9w0B
AQsFAAOCAQEAAgXMfV/hfcVW62Vnx0EWU6U6jPZre2PprNtdM6R/+/3IjJoRS/gW
ivDf4IyyOLgBkleA6sYuUPNup2lexnfzSaxBTX7XCXby1QENwe3E6L7LxThZpYlL
fRbP1xpLy6LrwdD7KC4dIsntg6Yq4IM8JNvdN1xBFkXadFtTqgJXcKvFik/tl1tW
LVA2stgDHYwk8JUVXgwDVRm2lJiXheye8aB80ig6XyA7srmBMUwrRmAYOsWO08j0
db62+ydn67MCmZs+PXyG/Xb7n/gfLh7ybzBk7kCJ0ql3hagIJ9Iht14wRQj5sTsm
8qlJc7/DHuUuotH++HW1tZ1OLF9Eu59yrQ==
-----END CERTIFICATE-----