Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32332d3233203d3e203336323336.roa
File:                     3138352e33342e322e302f32332d3233203d3e203336323336.roa (raw, json)
Hash identifier:          +IUZvna3kU12Pv2/aTKqaB3aQZk2xuwR5hamVAOsPlo=
Subject key identifier:   5E:21:74:DD:8F:22:44:BE:88:7B:DB:10:8E:97:BD:78:9F:0D:89:87
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       3EC23450088904D35A2356FF0B6316AFD7A82024
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32332d3233203d3e203336323336.roa
Signing time:             Thu 24 Jul 2025 19:13:48 +0000
ROA not before:           Thu 24 Jul 2025 19:08:48 +0000
ROA not after:            Thu 23 Jul 2026 19:13:48 +0000
asID:                     36236
IP address blocks:        185.34.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 18:45:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:c2:34:50:08:89:04:d3:5a:23:56:ff:0b:63:16:af:d7:a8:20:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Jul 24 19:08:48 2025 GMT
            Not After : Jul 23 19:13:48 2026 GMT
        Subject: CN=5E2174DD8F2244BE887BDB108E97BD789F0D8987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a7:f4:21:f1:4f:77:ec:6c:02:bb:b6:67:91:
                    3e:cd:8e:2b:82:c4:7e:59:89:60:01:2a:ef:c9:fe:
                    2a:a1:96:88:f3:54:cd:5b:f6:ce:95:e0:fe:c7:9c:
                    8c:d0:d1:3e:cc:da:69:61:04:dd:a6:f2:4f:6b:68:
                    4b:aa:46:8b:92:6b:12:ed:df:7d:cb:a2:66:50:cd:
                    31:5d:82:b0:18:c5:b5:e9:5b:2d:a6:ba:b1:ff:5e:
                    e6:a9:d3:4c:93:9a:bb:8d:d4:09:0e:81:05:93:60:
                    77:ae:fd:b0:9f:b3:f8:5f:c7:4c:06:68:5a:2b:e1:
                    56:2b:4a:c0:87:d4:b8:24:94:de:b1:2e:9a:a3:16:
                    57:1a:35:1e:e0:f1:39:5a:44:e7:cb:fd:d8:ba:09:
                    5b:35:28:65:a3:e9:4e:3e:ec:d0:69:c7:ac:df:8d:
                    76:3d:36:97:87:21:08:97:d5:c0:68:8b:f6:ba:82:
                    c2:0c:3e:aa:f0:2b:48:76:97:7e:48:db:03:32:bd:
                    6b:c9:55:32:cf:4a:ab:73:54:82:d7:34:ad:27:48:
                    9a:6f:70:1c:ca:94:b4:a9:3f:ab:cb:d3:3a:c0:87:
                    a7:3c:a6:15:0e:71:ed:eb:b2:ee:d4:ae:0d:9b:47:
                    79:a6:1f:58:c7:f8:86:fd:b6:dc:11:5d:13:d3:cd:
                    02:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:21:74:DD:8F:22:44:BE:88:7B:DB:10:8E:97:BD:78:9F:0D:89:87
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e33342e322e302f32332d3233203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:e0:47:0a:c9:f3:3a:a8:85:28:85:eb:c8:97:41:c2:cc:8a:
         00:1e:0d:83:a6:a3:93:ec:8d:05:49:5b:f2:dd:79:3e:6f:4b:
         05:5a:e2:ec:60:2d:78:ab:c8:29:1b:51:30:ed:43:b6:46:4b:
         ac:5f:29:13:1b:88:5a:50:76:2d:f8:10:83:56:b2:46:a1:3e:
         7a:d0:81:27:01:e0:87:d5:9a:ff:d3:47:c9:4e:b5:55:66:79:
         24:e4:5e:f3:aa:77:a2:10:92:22:86:d8:8c:c5:d7:d7:ae:2e:
         2b:17:ae:2a:63:33:8e:75:83:38:71:36:99:8d:b8:c9:7b:47:
         38:3d:3a:76:47:57:90:68:ba:09:ba:ac:0f:8b:2c:2b:2a:84:
         0c:30:45:ba:da:b4:b5:48:ec:b4:4b:3b:fd:fc:49:60:e7:f2:
         2c:c7:e7:c5:2f:77:fc:80:f7:94:53:81:40:bc:07:e4:04:d9:
         d0:00:1e:2d:88:1a:4f:1d:de:f6:8f:02:1f:06:6a:04:06:74:
         2f:dd:92:08:99:52:08:82:ad:16:ee:22:04:3a:58:13:bb:50:
         3b:10:bb:a3:a8:7f:85:7e:ef:99:a1:d7:d1:c3:3d:c1:7a:8c:
         9a:79:5f:73:86:af:8d:ce:ec:45:ff:2d:c9:35:9b:3e:3b:f8:
         5f:d3:34:35
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUPsI0UAiJBNNaI1b/C2MWr9eoICQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA3MjQxOTA4NDhaFw0yNjA3MjMxOTEzNDhaMDMxMTAvBgNV
BAMTKDVFMjE3NEREOEYyMjQ0QkU4ODdCREIxMDhFOTdCRDc4OUYwRDg5ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5p/Qh8U937GwCu7ZnkT7NjiuC
xH5ZiWABKu/J/iqhlojzVM1b9s6V4P7HnIzQ0T7M2mlhBN2m8k9raEuqRouSaxLt
333LomZQzTFdgrAYxbXpWy2murH/Xuap00yTmruN1AkOgQWTYHeu/bCfs/hfx0wG
aFor4VYrSsCH1LgklN6xLpqjFlcaNR7g8TlaROfL/di6CVs1KGWj6U4+7NBpx6zf
jXY9NpeHIQiX1cBoi/a6gsIMPqrwK0h2l35I2wMyvWvJVTLPSqtzVILXNK0nSJpv
cBzKlLSpP6vL0zrAh6c8phUOce3rsu7Urg2bR3mmH1jH+Ib9ttwRXRPTzQLfAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUXiF03Y8iRL6Ie9sQjpe9eJ8NiYcwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBnQYIKwYB
BQUHAQsEgZAwgY0wgYoGCCsGAQUFBzALhn5yc3luYzovL3Jwa2ktcnBzLmFyaW4u
bmV0L3JlcG9zaXRvcnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYv
MS8zMTM4MzUyZTMzMzQyZTMyMmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzMzNjMy
MzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEAbkiAjANBgkqhkiG9w0BAQsFAAOCAQEAieBHCsnzOqiF
KIXryJdBwsyKAB4Ng6ajk+yNBUlb8t15Pm9LBVri7GAteKvIKRtRMO1DtkZLrF8p
ExuIWlB2LfgQg1ayRqE+etCBJwHgh9Wa/9NHyU61VWZ5JORe86p3ohCSIobYjMXX
164uKxeuKmMzjnWDOHE2mY24yXtHOD06dkdXkGi6CbqsD4ssKyqEDDBFutq0tUjs
tEs7/fxJYOfyLMfnxS93/ID3lFOBQLwH5ATZ0AAeLYgaTx3e9o8CHwZqBAZ0L92S
CJlSCIKtFu4iBDpYE7tQOxC7o6h/hX7vmaHX0cM9wXqMmnlfc4avjc7sRf8tyTWb
Pjv4X9M0NQ==
-----END CERTIFICATE-----