Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233332e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          90aeaAGETjWTmNM4bWf9OEa1pDT6uqX4iBz8GR4A6d0=
Subject key identifier:   FA:23:B3:0B:78:40:05:AA:77:FC:AD:8A:C2:ED:BD:6F:12:83:5B:D9
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       5D1FA05DB5714EE3F386C7D7A66646BE945213D0
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 04 Aug 2025 22:13:58 +0000
ROA not before:           Mon 04 Aug 2025 22:08:58 +0000
ROA not after:            Mon 03 Aug 2026 22:13:58 +0000
asID:                     36236
IP address blocks:        185.40.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 12:42:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:1f:a0:5d:b5:71:4e:e3:f3:86:c7:d7:a6:66:46:be:94:52:13:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug  4 22:08:58 2025 GMT
            Not After : Aug  3 22:13:58 2026 GMT
        Subject: CN=FA23B30B784005AA77FCAD8AC2EDBD6F12835BD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:15:b0:e4:de:a3:27:85:48:cb:f9:3a:6e:13:
                    de:74:81:ac:97:2e:27:c4:cc:b7:b9:67:65:26:aa:
                    8f:c4:6a:c6:41:0a:7a:b8:1c:de:8c:0f:06:19:86:
                    ce:86:49:6d:71:c6:74:8d:65:fb:03:93:ec:9a:ab:
                    84:50:22:75:d9:cf:88:88:67:15:e4:f7:dd:fe:79:
                    13:94:b6:35:88:62:5a:ce:0a:37:72:f6:e8:67:49:
                    74:96:75:d3:70:cb:3c:96:cb:79:2e:54:ab:ba:c1:
                    34:a2:e4:cd:98:64:77:e9:d1:90:73:52:bb:1f:5a:
                    46:76:0f:7e:76:d1:58:50:0f:e5:e0:67:ce:da:2c:
                    12:27:8b:96:37:d3:56:e1:fa:d4:bb:d0:00:f9:3b:
                    d8:32:99:1f:b4:8f:12:b7:f0:04:3a:e1:1f:7e:57:
                    01:4d:8a:a4:a2:26:73:1d:97:c1:c4:04:00:38:ac:
                    15:c2:d2:ff:76:7a:b3:b3:2a:66:eb:65:5b:4c:0b:
                    61:a3:6d:cd:78:32:84:04:7e:80:88:2e:53:6b:36:
                    c4:02:ef:97:9a:e0:8b:0b:6d:09:93:ed:6c:4f:93:
                    e5:7a:57:c5:8d:b9:7a:23:9f:f2:bb:4b:b6:ad:16:
                    fe:68:13:03:15:18:3e:f8:fc:89:dd:dc:05:0e:31:
                    15:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:23:B3:0B:78:40:05:AA:77:FC:AD:8A:C2:ED:BD:6F:12:83:5B:D9
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233332e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:00:d1:bf:41:f6:ae:2a:18:23:49:48:ea:43:7b:82:c9:7b:
         0b:2e:08:5f:98:1c:ce:fe:6c:35:e2:14:95:fb:a1:8d:13:9a:
         da:49:1b:b9:09:d6:6c:ff:29:4f:4a:f2:98:77:9d:31:88:a5:
         9a:b6:d5:bf:07:86:a8:5e:b8:fa:19:86:4b:66:c9:da:1c:ed:
         a8:c9:41:96:a4:c6:c8:6d:5a:0a:9b:81:bd:4c:d8:55:f6:5e:
         50:b6:5e:2d:94:42:5b:b2:94:48:bb:1d:9a:ba:d7:ca:03:7e:
         4d:65:c1:2e:ef:53:06:2d:c0:0e:55:96:50:8b:dd:f2:d3:84:
         b7:5f:a0:b8:50:45:a8:ef:37:a3:ce:48:bd:97:87:14:c7:34:
         58:47:86:39:05:d5:5e:fc:71:35:59:bd:10:db:ba:89:9f:77:
         31:89:8a:e5:9a:dc:46:28:6b:06:f9:7d:98:6c:b0:4f:01:7c:
         94:11:90:a3:4f:81:6d:c5:4a:c1:1f:da:65:29:e8:cd:ee:ce:
         44:32:3a:32:86:48:76:d2:b4:3b:34:3b:57:6e:08:ec:89:8a:
         74:4f:ea:02:b6:da:02:68:3c:79:77:1f:77:5e:f8:5a:12:e6:
         a7:5f:55:13:cf:8b:7b:c6:f5:c2:0d:d9:71:77:ba:87:8b:46:
         76:5c:b9:8a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUXR+gXbVxTuPzhsfXpmZGvpRSE9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA4MDQyMjA4NThaFw0yNjA4MDMyMjEzNThaMDMxMTAvBgNV
BAMTKEZBMjNCMzBCNzg0MDA1QUE3N0ZDQUQ4QUMyRURCRDZGMTI4MzVCRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqFbDk3qMnhUjL+TpuE950gayX
LifEzLe5Z2Umqo/EasZBCnq4HN6MDwYZhs6GSW1xxnSNZfsDk+yaq4RQInXZz4iI
ZxXk993+eROUtjWIYlrOCjdy9uhnSXSWddNwyzyWy3kuVKu6wTSi5M2YZHfp0ZBz
UrsfWkZ2D3520VhQD+XgZ87aLBIni5Y301bh+tS70AD5O9gymR+0jxK38AQ64R9+
VwFNiqSiJnMdl8HEBAA4rBXC0v92erOzKmbrZVtMC2Gjbc14MoQEfoCILlNrNsQC
75ea4IsLbQmT7WxPk+V6V8WNuXojn/K7S7atFv5oEwMVGD74/Ind3AUOMRUFAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQU+iOzC3hABap3/K2Kwu29bxKDW9kwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjpMA0GCSqGSIb3DQEBCwUAA4IBAQBaANG/
QfauKhgjSUjqQ3uCyXsLLghfmBzO/mw14hSV+6GNE5raSRu5CdZs/ylPSvKYd50x
iKWattW/B4aoXrj6GYZLZsnaHO2oyUGWpMbIbVoKm4G9TNhV9l5Qtl4tlEJbspRI
ux2autfKA35NZcEu71MGLcAOVZZQi93y04S3X6C4UEWo7zejzki9l4cUxzRYR4Y5
BdVe/HE1Wb0Q27qJn3cxiYrlmtxGKGsG+X2YbLBPAXyUEZCjT4FtxUrBH9plKejN
7s5EMjoyhkh20rQ7NDtXbgjsiYp0T+oCttoCaDx5dx93XvhaEuanX1UTz4t7xvXC
Ddlxd7qHi0Z2XLmK
-----END CERTIFICATE-----