Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa
File:                     3138352e34302e3233352e302f32342d3234203d3e203336323336.roa (raw, json)
Hash identifier:          ZCQk9aSI4r6LeMYzgdtkI+Jp7yZsGeKjrc/LWdjFp2I=
Subject key identifier:   6B:3F:9B:65:53:7A:6B:C4:BE:43:8D:D2:DB:B2:22:DE:D6:CE:E4:7B
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       609E3095E2057095F315600FDAB870ECCEE4A03F
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa
Signing time:             Mon 04 Aug 2025 22:13:58 +0000
ROA not before:           Mon 04 Aug 2025 22:08:58 +0000
ROA not after:            Mon 03 Aug 2026 22:13:58 +0000
asID:                     36236
IP address blocks:        185.40.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 12:42:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:9e:30:95:e2:05:70:95:f3:15:60:0f:da:b8:70:ec:ce:e4:a0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug  4 22:08:58 2025 GMT
            Not After : Aug  3 22:13:58 2026 GMT
        Subject: CN=6B3F9B65537A6BC4BE438DD2DBB222DED6CEE47B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:78:59:0d:37:7c:ed:a9:67:13:fc:b8:44:85:
                    3a:ca:66:66:d9:75:2a:bf:cc:f8:af:48:a6:20:b4:
                    5a:b6:b8:b2:77:14:5c:75:0d:16:78:68:30:6a:38:
                    a4:97:8d:27:44:f7:ca:3f:08:27:78:f6:c7:1f:3d:
                    93:71:05:03:20:92:e8:91:7c:8f:26:b7:b4:d6:0c:
                    74:27:17:2b:f0:e6:ed:e6:3f:fa:2b:f0:2a:4c:f8:
                    11:56:16:4a:06:68:c1:ae:68:0a:4f:fb:9c:f7:28:
                    46:1f:11:fb:23:0f:fc:b5:d8:62:cc:8c:51:a8:20:
                    e6:d6:bb:5b:79:11:14:08:e1:41:fb:8e:a7:30:68:
                    a5:0a:55:68:db:0d:41:b9:2b:73:48:2f:b5:0e:8b:
                    53:cc:b0:2a:83:aa:9f:d2:a0:d2:f7:03:99:c8:4a:
                    12:a2:e0:56:3e:dd:35:34:ba:29:7b:c4:a0:8b:c6:
                    38:11:58:f8:07:6e:de:f4:a7:4c:a3:61:44:9b:cc:
                    40:dd:51:d6:06:58:37:f9:c6:8d:1c:41:45:c3:7a:
                    98:68:8c:25:d9:6a:8e:3f:be:18:89:69:0a:56:66:
                    bf:b5:84:2f:89:4a:17:de:e1:39:e7:55:4f:dd:b5:
                    0a:7c:0d:ca:58:f6:9c:5c:3b:b2:73:94:c9:16:c4:
                    ff:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:3F:9B:65:53:7A:6B:C4:BE:43:8D:D2:DB:B2:22:DE:D6:CE:E4:7B
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/3138352e34302e3233352e302f32342d3234203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:95:56:6b:b4:a7:61:3f:a2:8b:ca:0f:ca:53:a9:7b:f6:19:
         41:92:f5:8b:b7:d0:ed:af:24:c1:11:3e:d5:7e:86:9a:7a:fe:
         69:d6:7e:f1:60:fc:b6:2b:c6:ba:cf:84:35:e2:ae:34:e9:2e:
         67:74:77:32:be:33:c1:43:28:8e:97:2c:22:82:e8:4d:7d:c0:
         51:e2:96:83:31:be:78:5d:19:20:5f:8b:35:78:df:d6:fc:31:
         c4:38:6f:6a:31:55:02:42:c4:52:1f:d1:38:e7:e2:ce:4a:1a:
         b6:f3:f7:52:21:e6:38:f2:03:2b:1d:47:a1:8a:58:17:15:4e:
         1f:fa:cc:4c:28:9d:a9:d6:66:ff:d4:8d:71:09:9e:39:94:0a:
         87:86:68:34:f5:bb:62:53:b0:3a:b1:c5:6c:12:2a:5b:34:c1:
         cc:95:2c:4f:8a:47:c5:ba:ac:00:57:85:4e:62:1f:41:c6:65:
         88:fb:0f:f2:90:db:c7:59:49:55:19:f3:f6:f9:67:db:1f:f2:
         10:b7:d5:e4:36:5b:64:e0:1a:6d:d8:00:0a:00:12:de:57:65:
         a4:64:60:b3:b0:0a:03:46:58:22:ce:5b:4b:26:9d:e7:be:12:
         81:a2:8b:e6:30:7d:ae:a3:87:9d:79:65:2c:03:17:b2:fe:4e:
         9f:31:74:a2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIUYJ4wleIFcJXzFWAP2rhw7M7koD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA4MDQyMjA4NThaFw0yNjA4MDMyMjEzNThaMDMxMTAvBgNV
BAMTKDZCM0Y5QjY1NTM3QTZCQzRCRTQzOEREMkRCQjIyMkRFRDZDRUU0N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFeFkNN3ztqWcT/LhEhTrKZmbZ
dSq/zPivSKYgtFq2uLJ3FFx1DRZ4aDBqOKSXjSdE98o/CCd49scfPZNxBQMgkuiR
fI8mt7TWDHQnFyvw5u3mP/or8CpM+BFWFkoGaMGuaApP+5z3KEYfEfsjD/y12GLM
jFGoIObWu1t5ERQI4UH7jqcwaKUKVWjbDUG5K3NIL7UOi1PMsCqDqp/SoNL3A5nI
ShKi4FY+3TU0uil7xKCLxjgRWPgHbt70p0yjYUSbzEDdUdYGWDf5xo0cQUXDepho
jCXZao4/vhiJaQpWZr+1hC+JShfe4TnnVU/dtQp8DcpY9pxcO7JzlMkWxP+HAgMB
AAGjggIiMIICHjAdBgNVHQ4EFgQUaz+bZVN6a8S+Q43S27Ii3tbO5HswHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBogYIKwYB
BQUHAQsEgZUwgZIwgY8GCCsGAQUFBzALhoGCcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzEzODM1MmUzNDMwMmUzMjMzMzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAz
MzM2MzIzMzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuSjrMA0GCSqGSIb3DQEBCwUAA4IBAQCelVZr
tKdhP6KLyg/KU6l79hlBkvWLt9DtryTBET7Vfoaaev5p1n7xYPy2K8a6z4Q14q40
6S5ndHcyvjPBQyiOlywiguhNfcBR4paDMb54XRkgX4s1eN/W/DHEOG9qMVUCQsRS
H9E45+LOShq28/dSIeY48gMrHUehilgXFU4f+sxMKJ2p1mb/1I1xCZ45lAqHhmg0
9btiU7A6scVsEipbNMHMlSxPikfFuqwAV4VOYh9BxmWI+w/ykNvHWUlVGfP2+Wfb
H/IQt9XkNltk4Bpt2AAKABLeV2WkZGCzsAoDRlgizltLJp3nvhKBoovmMH2uo4ed
eWUsAxey/k6fMXSi
-----END CERTIFICATE-----