Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e38392e302f32342d3234203d3e203336323336.roa
File:                     3137362e35382e38392e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          vZSrWTRLrRcms8ZOz3ZwPie5hd8sMD+gDjLmMCL2ZoI=
Subject key identifier:   41:74:10:DD:9A:EA:53:A8:FF:FE:76:77:EF:0B:C1:6E:0E:89:E9:DE
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       58086E1A1D14A27F27ECFFBDC96B640CD0693888
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e38392e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 04 Aug 2025 23:14:00 +0000
ROA not before:           Mon 04 Aug 2025 23:09:00 +0000
ROA not after:            Mon 03 Aug 2026 23:14:00 +0000
asID:                     36236
IP address blocks:        176.58.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 12:42:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:08:6e:1a:1d:14:a2:7f:27:ec:ff:bd:c9:6b:64:0c:d0:69:38:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug  4 23:09:00 2025 GMT
            Not After : Aug  3 23:14:00 2026 GMT
        Subject: CN=417410DD9AEA53A8FFFE7677EF0BC16E0E89E9DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9f:ca:3f:1d:83:5a:3d:85:83:9d:4b:db:f7:
                    02:1c:43:4c:05:7c:b6:f6:06:55:07:f2:a6:49:a4:
                    1c:8c:c9:3e:8f:44:ca:46:4f:fb:49:ca:e8:1f:91:
                    aa:2e:29:e8:a3:66:4d:1e:db:5e:7b:6a:86:3f:39:
                    0f:3e:e3:b2:e7:8a:d9:8b:b0:7b:92:e7:c0:0a:60:
                    b8:e1:30:52:f3:4c:07:8a:53:fc:ca:68:45:78:c1:
                    45:40:58:62:28:ea:51:8c:3b:f6:81:36:09:bc:52:
                    e5:30:0c:14:92:47:0a:2a:f5:2f:f7:e9:d6:33:3e:
                    50:0a:e9:3a:f3:92:f4:dc:ac:3d:be:ee:64:2e:1d:
                    ae:ec:64:83:39:71:93:28:59:09:17:c0:88:cd:57:
                    04:cf:dd:03:f6:fd:7d:5c:77:69:b7:a8:5d:52:cc:
                    60:5e:85:35:98:b0:98:6c:8e:88:7b:14:e3:c3:14:
                    8c:c9:1c:71:87:be:ed:23:56:5a:88:ca:45:f3:9b:
                    b0:98:11:68:07:4f:ef:fb:2f:79:7c:72:e0:9d:c4:
                    f0:2e:1c:da:08:18:91:84:d5:ac:4d:5d:16:39:89:
                    78:e5:06:93:c2:5d:c1:6d:db:16:2b:f4:2c:89:68:
                    b0:d0:56:90:9b:5c:5f:20:98:8d:d8:62:02:8b:c0:
                    ec:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:74:10:DD:9A:EA:53:A8:FF:FE:76:77:EF:0B:C1:6E:0E:89:E9:DE
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3137362e35382e38392e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:dd:8b:ac:49:29:4c:a4:8a:e9:bb:91:b3:cd:1b:60:b7:4f:
         e8:43:a4:fc:61:d6:d4:79:f0:96:6e:b3:64:7d:06:3f:62:70:
         9c:8a:53:26:90:d7:e8:73:a5:a5:3e:07:35:26:75:13:77:5c:
         69:91:e2:20:47:01:a7:e2:40:42:2b:f2:5d:eb:3f:05:56:f0:
         a7:57:83:94:ae:ec:45:ad:2a:95:7f:00:98:26:02:2a:89:a9:
         50:29:a8:d7:83:a6:a5:55:88:0f:1f:77:43:a0:2d:ee:c4:07:
         f8:83:0c:d2:6a:b1:4e:57:4f:2d:cc:9a:03:4a:c0:55:aa:f2:
         5e:f4:6d:e1:bb:d2:3f:8d:6a:9d:fc:39:35:56:42:43:5e:30:
         de:dd:d2:0d:fd:6a:f2:bc:74:22:1a:8f:25:5e:9c:1a:f1:ad:
         31:48:d1:dd:11:39:70:be:81:72:80:0a:f2:22:64:42:c8:59:
         6e:91:3e:c1:e6:2e:c9:17:fe:c3:5b:65:71:cb:4f:9d:9b:84:
         34:1d:2c:14:60:78:b7:e8:72:2b:d6:c4:b0:a7:b9:1d:70:66:
         e8:48:c3:c0:fd:be:be:ff:e5:f2:02:8a:42:c9:e7:62:6f:59:
         c2:39:af:b0:28:28:a0:45:42:59:b0:5f:e4:4f:6f:b2:33:5a:
         6b:53:a2:e2
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUWAhuGh0Uon8n7P+9yWtkDNBpOIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA4MDQyMzA5MDBaFw0yNjA4MDMyMzE0MDBaMDMxMTAvBgNV
BAMTKDQxNzQxMEREOUFFQTUzQThGRkZFNzY3N0VGMEJDMTZFMEU4OUU5REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBn8o/HYNaPYWDnUvb9wIcQ0wF
fLb2BlUH8qZJpByMyT6PRMpGT/tJyugfkaouKeijZk0e2157aoY/OQ8+47LnitmL
sHuS58AKYLjhMFLzTAeKU/zKaEV4wUVAWGIo6lGMO/aBNgm8UuUwDBSSRwoq9S/3
6dYzPlAK6TrzkvTcrD2+7mQuHa7sZIM5cZMoWQkXwIjNVwTP3QP2/X1cd2m3qF1S
zGBehTWYsJhsjoh7FOPDFIzJHHGHvu0jVlqIykXzm7CYEWgHT+/7L3l8cuCdxPAu
HNoIGJGE1axNXRY5iXjlBpPCXcFt2xYr9CyJaLDQVpCbXF8gmI3YYgKLwOyZAgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQUQXQQ3ZrqU6j//nZ37wvBbg6J6d4wHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBoAYIKwYB
BQUHAQsEgZMwgZAwgY0GCCsGAQUFBzALhoGAcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzNzM2MmUzNTM4MmUzODM5MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMz
NjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEALA6WTANBgkqhkiG9w0BAQsFAAOCAQEAFd2LrEkp
TKSK6buRs80bYLdP6EOk/GHW1Hnwlm6zZH0GP2JwnIpTJpDX6HOlpT4HNSZ1E3dc
aZHiIEcBp+JAQivyXes/BVbwp1eDlK7sRa0qlX8AmCYCKompUCmo14OmpVWIDx93
Q6At7sQH+IMM0mqxTldPLcyaA0rAVaryXvRt4bvSP41qnfw5NVZCQ14w3t3SDf1q
8rx0IhqPJV6cGvGtMUjR3RE5cL6BcoAK8iJkQshZbpE+weYuyRf+w1tlcctPnZuE
NB0sFGB4t+hyK9bEsKe5HXBm6EjDwP2+vv/l8gKKQsnnYm9ZwjmvsCgooEVCWbBf
5E9vsjNaa1Oi4g==
-----END CERTIFICATE-----