Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a31343a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a31343a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          nVaeHeXih9nxyc1Si8IMZ6n2lGu9/PVO2Xd2Cfhx428=
Subject key identifier:   8B:4B:9E:CF:1B:73:63:6D:65:76:7E:80:62:88:EC:4F:25:BE:7E:E3
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       5D0B3D7CE24958667C177BDD938FE5D2D1C03EC0
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a31343a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 04 Aug 2025 20:13:53 +0000
ROA not before:           Mon 04 Aug 2025 20:08:53 +0000
ROA not after:            Mon 03 Aug 2026 20:13:53 +0000
asID:                     36236
IP address blocks:        2a00:dd80:14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 12:42:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:0b:3d:7c:e2:49:58:66:7c:17:7b:dd:93:8f:e5:d2:d1:c0:3e:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug  4 20:08:53 2025 GMT
            Not After : Aug  3 20:13:53 2026 GMT
        Subject: CN=8B4B9ECF1B73636D65767E806288EC4F25BE7EE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d2:6e:07:92:72:7e:42:17:2b:ad:b7:ab:68:
                    5a:85:39:56:f9:8f:ee:da:26:ca:36:7d:37:fd:cd:
                    9a:ee:26:50:0f:68:14:19:6c:57:a9:49:9a:94:d8:
                    e7:55:13:d8:2a:b1:ad:58:68:d0:96:73:b8:7e:4c:
                    d7:46:67:a6:17:7c:2c:d5:4c:86:17:a8:93:e0:bc:
                    51:cd:c8:35:f9:d1:5c:ac:2b:c0:1c:53:57:2a:2d:
                    22:a4:a2:9e:c2:d7:f3:4b:e7:d0:01:70:c7:89:82:
                    4b:26:b1:c1:0c:01:c8:2c:c5:76:13:00:28:ab:00:
                    62:be:ea:d0:03:54:70:eb:c5:6c:81:4d:e2:da:df:
                    3c:92:da:34:27:d8:81:e4:31:93:f5:46:28:05:bc:
                    35:5a:c1:f4:0b:61:36:6d:34:35:8f:75:23:3e:c1:
                    1e:bd:90:e6:d4:3b:6d:60:c2:cf:23:11:26:fe:0a:
                    54:9a:1c:2a:0d:1d:7b:12:3b:f9:65:bd:f2:ba:65:
                    19:0a:47:70:81:b4:02:33:b9:b7:80:6b:f8:49:c3:
                    a4:ea:8f:ba:2a:c5:01:ac:9d:63:a1:03:22:2a:ef:
                    bf:c3:a0:60:b7:41:19:b0:cc:64:e0:06:bc:3f:6a:
                    75:52:39:11:de:48:43:bf:ab:71:be:28:e2:c8:43:
                    f9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4B:9E:CF:1B:73:63:6D:65:76:7E:80:62:88:EC:4F:25:BE:7E:E3
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a31343a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:14::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:13:60:1c:48:3e:9d:33:97:45:4c:b2:5e:c6:2f:9d:94:99:
         70:96:ee:ff:73:39:34:68:6e:c6:df:5e:26:4c:3a:3b:79:34:
         cb:63:4d:55:7c:12:e8:8b:fa:b8:7d:1d:17:20:71:18:f9:62:
         b9:f9:89:55:b0:bc:90:18:72:f0:fe:39:c2:2c:64:df:ef:fc:
         dd:40:84:0f:e8:1d:7a:c6:c1:43:49:2a:3d:c0:ca:9e:81:e3:
         9c:12:b8:51:ad:e8:9d:90:5a:7a:5c:82:91:40:7d:a2:70:f4:
         f6:82:61:99:a8:09:ca:86:2c:bc:e7:81:49:ed:49:3d:44:95:
         66:4d:17:fd:8b:0c:4c:1e:f0:b0:5a:21:38:35:50:9c:a4:bb:
         ec:54:f9:2d:3c:44:12:b4:af:5e:63:7f:0d:e0:67:a1:d0:40:
         1a:b2:0f:3f:8d:28:48:37:82:41:03:c2:c5:e8:87:18:e0:e8:
         5c:7d:b0:52:52:b2:64:2b:1e:e5:bf:b5:ab:50:fa:12:08:39:
         d5:5e:1e:db:16:72:20:6d:b6:42:6a:24:7d:f1:fa:be:77:84:
         11:90:cb:ed:5a:04:38:75:c1:cc:66:1b:75:9e:47:ee:68:65:
         bc:47:64:3f:a1:8c:4c:88:9c:fc:cc:bc:7b:72:a5:cc:bd:91:
         d9:c2:59:1a
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIUXQs9fOJJWGZ8F3vdk4/l0tHAPsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA4MDQyMDA4NTNaFw0yNjA4MDMyMDEzNTNaMDMxMTAvBgNV
BAMTKDhCNEI5RUNGMUI3MzYzNkQ2NTc2N0U4MDYyODhFQzRGMjVCRTdFRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG0m4HknJ+QhcrrberaFqFOVb5
j+7aJso2fTf9zZruJlAPaBQZbFepSZqU2OdVE9gqsa1YaNCWc7h+TNdGZ6YXfCzV
TIYXqJPgvFHNyDX50VysK8AcU1cqLSKkop7C1/NL59ABcMeJgksmscEMAcgsxXYT
ACirAGK+6tADVHDrxWyBTeLa3zyS2jQn2IHkMZP1RigFvDVawfQLYTZtNDWPdSM+
wR69kObUO21gws8jESb+ClSaHCoNHXsSO/llvfK6ZRkKR3CBtAIzubeAa/hJw6Tq
j7oqxQGsnWOhAyIq77/DoGC3QRmwzGTgBrw/anVSORHeSEO/q3G+KOLIQ/kFAgMB
AAGjggIpMIICJTAdBgNVHQ4EFgQUi0uezxtzY21ldn6AYojsTyW+fuMwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpgYIKwYB
BQUHAQsEgZkwgZYwgZMGCCsGAQUFBzALhoGGcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzMTM0M2EzYTJmMzQzODJkMzQzODIwM2Qz
ZTIwMzMzNjMyMzMzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoA3YAAFDANBgkqhkiG9w0BAQsFAAOC
AQEAlBNgHEg+nTOXRUyyXsYvnZSZcJbu/3M5NGhuxt9eJkw6O3k0y2NNVXwS6Iv6
uH0dFyBxGPliufmJVbC8kBhy8P45wixk3+/83UCED+gdesbBQ0kqPcDKnoHjnBK4
Ua3onZBaelyCkUB9onD09oJhmagJyoYsvOeBSe1JPUSVZk0X/YsMTB7wsFohODVQ
nKS77FT5LTxEErSvXmN/DeBnodBAGrIPP40oSDeCQQPCxeiHGODoXH2wUlKyZCse
5b+1q1D6Egg51V4e2xZyIG22QmokffH6vneEEZDL7VoEOHXBzGYbdZ5H7mhlvEdk
P6GMTIic/My8e3KlzL2R2cJZGg==
-----END CERTIFICATE-----