Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a393a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a393a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          vqZHst58wT6HG69TIyQyyd3Pz90lPl/5O9QBq6FtstE=
Subject key identifier:   E4:72:36:8D:BC:66:82:F4:71:A8:47:8E:8E:C8:B6:BB:D7:4C:C8:2C
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       7B989BF98CCC9A073904178DC3B70E6378B50A2B
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a393a3a2f34382d3438203d3e203336323336.roa
Signing time:             Mon 04 Aug 2025 20:13:52 +0000
ROA not before:           Mon 04 Aug 2025 20:08:52 +0000
ROA not after:            Mon 03 Aug 2026 20:13:52 +0000
asID:                     36236
IP address blocks:        2a00:dd80:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 12:42:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:98:9b:f9:8c:cc:9a:07:39:04:17:8d:c3:b7:0e:63:78:b5:0a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Aug  4 20:08:52 2025 GMT
            Not After : Aug  3 20:13:52 2026 GMT
        Subject: CN=E472368DBC6682F471A8478E8EC8B6BBD74CC82C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:73:68:ef:30:2b:73:2d:41:ec:03:72:f1:e5:
                    cf:5b:1e:ef:ac:53:d3:20:1a:1f:4f:de:b3:32:2f:
                    27:0f:56:a0:ea:a5:82:e5:91:27:ae:ae:88:db:4f:
                    45:07:0a:80:70:ca:ca:76:b1:45:76:6f:be:3d:68:
                    20:79:93:88:39:3d:08:0a:3f:7f:7b:09:c5:4a:ba:
                    72:f7:c2:36:a8:95:91:85:e3:fd:16:0e:72:1f:fc:
                    ce:48:f9:0d:9e:03:0f:55:2f:4e:2a:60:87:2a:e8:
                    33:2a:bd:8e:95:ea:14:f6:28:da:11:6c:26:eb:02:
                    de:ab:cf:81:30:2d:64:33:ca:2a:a6:2c:78:f7:c4:
                    6b:cd:a5:6d:1a:f0:11:79:35:fa:6e:92:1d:34:7c:
                    13:04:6b:d7:3a:2a:26:c7:4f:0a:f2:3c:32:ee:5e:
                    5b:08:9b:4d:18:71:46:77:e9:98:4e:4b:04:31:3f:
                    54:06:9c:e0:fb:3e:09:29:09:ac:3a:8a:f0:3f:ed:
                    70:53:6e:52:5f:61:90:a4:d6:1a:9a:e9:ed:22:ce:
                    8e:13:0e:c3:2c:11:00:a8:a6:0a:2d:33:4a:b3:ac:
                    94:47:2a:13:97:4d:0b:c7:75:7a:9c:09:f3:81:02:
                    f2:2d:2d:90:14:e1:ff:6c:97:c1:e6:18:3e:00:7f:
                    69:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:72:36:8D:BC:66:82:F4:71:A8:47:8E:8E:C8:B6:BB:D7:4C:C8:2C
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a393a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:78:5c:f7:18:42:a0:73:1e:ee:38:be:03:73:20:0f:92:c4:
         1d:9b:2b:ed:07:19:d8:81:55:ee:46:6b:1b:85:46:72:04:51:
         37:91:c7:91:59:08:3b:fa:1c:66:fa:59:7e:c4:41:aa:b5:f5:
         58:7a:61:c2:f3:ba:91:41:d4:1e:bc:6e:d3:3b:ce:a7:c3:57:
         57:c4:21:b8:10:62:1d:27:25:dc:13:da:71:7c:47:e3:ed:5f:
         ff:ae:bd:b9:30:69:ee:3b:5c:f0:dd:ab:11:03:dc:6a:11:db:
         a0:82:20:28:fc:ef:22:cc:0d:e6:08:45:70:67:d6:da:98:af:
         84:e3:74:7a:5b:14:14:96:99:12:08:19:2c:d4:94:fb:48:87:
         43:b4:16:e8:1e:5c:b6:23:0a:39:6c:f7:3f:47:a9:d5:69:e0:
         4b:e7:d9:6e:6f:04:84:4e:1d:d2:ea:a4:03:56:4e:92:b1:f5:
         a6:fe:4c:bf:63:c5:ed:d6:bf:d3:c1:a3:2a:2d:63:c0:cd:63:
         8b:6b:84:87:97:1c:57:52:48:4f:5c:b2:c1:74:a7:ab:30:10:
         4d:17:ef:38:4e:e6:df:80:36:27:76:f7:0a:89:7d:21:96:0d:
         9d:b0:22:34:5d:df:eb:43:c6:70:4e:ab:92:8a:1e:c4:6a:09:
         95:58:49:9e
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUe5ib+YzMmgc5BBeNw7cOY3i1CiswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNTA4MDQyMDA4NTJaFw0yNjA4MDMyMDEzNTJaMDMxMTAvBgNV
BAMTKEU0NzIzNjhEQkM2NjgyRjQ3MUE4NDc4RThFQzhCNkJCRDc0Q0M4MkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFc2jvMCtzLUHsA3Lx5c9bHu+s
U9MgGh9P3rMyLycPVqDqpYLlkSeurojbT0UHCoBwysp2sUV2b749aCB5k4g5PQgK
P397CcVKunL3wjaolZGF4/0WDnIf/M5I+Q2eAw9VL04qYIcq6DMqvY6V6hT2KNoR
bCbrAt6rz4EwLWQzyiqmLHj3xGvNpW0a8BF5Nfpukh00fBMEa9c6KibHTwryPDLu
XlsIm00YcUZ36ZhOSwQxP1QGnOD7PgkpCaw6ivA/7XBTblJfYZCk1hqa6e0izo4T
DsMsEQCopgotM0qzrJRHKhOXTQvHdXqcCfOBAvItLZAU4f9sl8HmGD4Af2n7AgMB
AAGjggInMIICIzAdBgNVHQ4EFgQU5HI2jbxmgvRxqEeOjsi2u9dMyCwwHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2EzOTNhM2EyZjM0MzgyZDM0MzgyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYB
BQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAN2AAAkwDQYJKoZIhvcNAQELBQADggEB
AAx4XPcYQqBzHu44vgNzIA+SxB2bK+0HGdiBVe5GaxuFRnIEUTeRx5FZCDv6HGb6
WX7EQaq19Vh6YcLzupFB1B68btM7zqfDV1fEIbgQYh0nJdwT2nF8R+PtX/+uvbkw
ae47XPDdqxED3GoR26CCICj87yLMDeYIRXBn1tqYr4TjdHpbFBSWmRIIGSzUlPtI
h0O0FugeXLYjCjls9z9HqdVp4Evn2W5vBIROHdLqpANWTpKx9ab+TL9jxe3Wv9PB
oyotY8DNY4trhIeXHFdSSE9cssF0p6swEE0X7zhO5t+ANid29wqJfSGWDZ2wIjRd
3+tDxnBOq5KKHsRqCZVYSZ4=
-----END CERTIFICATE-----