Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa
File:                     326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa (raw, json)
Hash identifier:          IyF/ovs4LPxAEgVT+As7HsC2iaJl+4K5bP2w2R8r2xU=
Subject key identifier:   73:19:89:D0:E0:31:34:9F:03:49:B8:1B:47:87:76:51:CB:85:57:4A
Certificate issuer:       /CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
Certificate serial:       4FD00E597AEDB63BF313B42E2FBA8B6918EBD985
Authority key identifier: EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa
Signing time:             Thu 02 Apr 2026 20:27:54 +0000
ROA not before:           Thu 02 Apr 2026 20:22:54 +0000
ROA not after:            Thu 01 Apr 2027 20:27:54 +0000
asID:                     36236
IP address blocks:        2a00:dd80:d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl
                          rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:d0:0e:59:7a:ed:b6:3b:f3:13:b4:2e:2f:ba:8b:69:18:eb:d9:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb2c7e62503b0634eb4ab53f88c06950ac76dcd1
        Validity
            Not Before: Apr  2 20:22:54 2026 GMT
            Not After : Apr  1 20:27:54 2027 GMT
        Subject: CN=731989D0E031349F0349B81B47877651CB85574A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e7:71:07:d8:5b:17:9b:0e:ff:0e:47:71:a1:
                    74:fc:1d:d3:5c:53:ee:11:a6:f0:d4:02:1e:24:2a:
                    59:c2:ba:3d:2a:ec:52:87:f0:d4:20:61:00:9e:cf:
                    29:27:b2:1f:20:b2:8d:9b:c2:b0:90:26:55:bb:37:
                    60:81:50:40:2b:30:4d:67:d1:e1:57:6c:98:ff:4c:
                    17:c1:89:42:11:5b:f8:cb:7d:35:2e:9b:5d:fe:aa:
                    4c:2f:95:29:56:7f:72:b0:8e:39:8f:f0:0f:cb:06:
                    86:aa:51:68:d1:45:1f:b1:c0:c7:9a:bb:00:4d:85:
                    fb:c2:07:72:39:22:48:55:90:61:f5:bc:cc:eb:25:
                    c4:e8:bd:ab:0c:2c:fe:c4:4b:09:ae:bf:55:b8:00:
                    dc:aa:e9:b9:0f:b3:35:b4:4a:28:66:90:34:4a:c5:
                    07:98:11:77:8b:84:14:8f:c6:cb:0b:86:a0:78:42:
                    5a:e7:45:5d:00:0c:eb:9c:d0:3a:47:d2:d3:55:e8:
                    9d:88:89:ea:47:d7:e2:1c:a8:3d:6b:75:36:aa:69:
                    d8:7e:62:04:3d:40:50:ce:c8:a2:1a:39:be:42:32:
                    b6:69:26:cc:83:c4:87:5c:65:db:af:0b:c7:22:cf:
                    3d:2a:1b:b1:ea:e1:d0:87:81:0b:56:f8:2e:b3:86:
                    ee:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:19:89:D0:E0:31:34:9F:03:49:B8:1B:47:87:76:51:CB:85:57:4A
            X509v3 Authority Key Identifier:
                keyid:EB:2C:7E:62:50:3B:06:34:EB:4A:B5:3F:88:C0:69:50:AC:76:DC:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/EB2C7E62503B0634EB4AB53F88C06950AC76DCD1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6yx-YlA7BjTrSrU_iMBpUKx23NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848ade82d5de410183f68661084b86/1/326130303a646438303a643a3a2f34382d3438203d3e203336323336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:dd80:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:28:cf:10:73:b3:25:04:ff:3d:b0:11:17:7c:e3:72:e7:aa:
         ef:22:c6:29:5c:54:7b:e6:9d:8b:f7:a9:8a:c0:db:26:89:7c:
         b6:ad:08:37:43:19:e6:90:43:10:55:fa:6b:f8:66:8f:bf:5c:
         ff:fd:35:eb:78:30:28:d1:53:12:9f:2e:3e:e7:b4:51:c6:2b:
         65:34:f3:01:38:77:07:ab:8c:4b:10:73:68:81:f4:05:f0:1d:
         c8:5e:8d:f7:d3:e1:52:3e:75:b1:cd:7a:3d:41:17:22:c3:80:
         4e:23:c3:45:c0:dc:98:49:6b:31:6a:da:3b:0e:f9:89:e7:03:
         9a:c5:4f:18:2f:ec:27:bc:58:ba:4b:60:eb:4c:3b:ff:1a:46:
         e9:b7:2a:b0:a1:f6:c2:2a:38:c5:58:62:44:d7:22:59:0e:95:
         3f:59:a4:51:b1:bf:db:ab:62:da:3e:1c:be:93:16:37:0f:df:
         e1:34:0f:8d:6a:36:38:7a:c1:91:2d:0e:45:02:99:b0:bb:8d:
         9c:6d:e9:dd:fb:2d:a9:bc:c5:ff:a6:8e:57:60:78:d8:41:9a:
         b7:9b:d3:84:1c:4b:14:91:b5:dd:d2:b6:eb:3b:64:9c:96:be:
         2f:29:ec:ab:fc:8a:1b:19:06:ff:d7:2a:ae:79:e9:c4:f0:74:
         38:38:d6:de
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUT9AOWXrttjvzE7QuL7qLaRjr2YUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWIyYzdlNjI1MDNiMDYzNGViNGFiNTNmODhjMDY5NTBh
Yzc2ZGNkMTAeFw0yNjA0MDIyMDIyNTRaFw0yNzA0MDEyMDI3NTRaMDMxMTAvBgNV
BAMTKDczMTk4OUQwRTAzMTM0OUYwMzQ5QjgxQjQ3ODc3NjUxQ0I4NTU3NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF53EH2FsXmw7/DkdxoXT8HdNc
U+4RpvDUAh4kKlnCuj0q7FKH8NQgYQCezyknsh8gso2bwrCQJlW7N2CBUEArME1n
0eFXbJj/TBfBiUIRW/jLfTUum13+qkwvlSlWf3KwjjmP8A/LBoaqUWjRRR+xwMea
uwBNhfvCB3I5IkhVkGH1vMzrJcTovasMLP7ESwmuv1W4ANyq6bkPszW0SihmkDRK
xQeYEXeLhBSPxssLhqB4QlrnRV0ADOuc0DpH0tNV6J2IiepH1+IcqD1rdTaqadh+
YgQ9QFDOyKIaOb5CMrZpJsyDxIdcZduvC8cizz0qG7Hq4dCHgQtW+C6zhu4dAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQUcxmJ0OAxNJ8DSbgbR4d2UcuFV0owHwYDVR0j
BBgwFoAU6yx+YlA7BjTrSrU/iMBpUKx23NEwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGU4MmQ1ZGU0MTAxODNmNjg2NjEwODRiODYvMS9FQjJDN0U2MjUw
M0IwNjM0RUI0QUI1M0Y4OEMwNjk1MEFDNzZEQ0QxLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNnl4LVlsQTdCalRyU3JVX2lNQnBVS3gyM05FLmNlcjCBpAYIKwYB
BQUHAQsEgZcwgZQwgZEGCCsGAQUFBzALhoGEcnN5bmM6Ly9ycGtpLXJwcy5hcmlu
Lm5ldC9yZXBvc2l0b3J5LzhhODQ4YWRlODJkNWRlNDEwMTgzZjY4NjYxMDg0Yjg2
LzEvMzI2MTMwMzAzYTY0NjQzODMwM2E2NDNhM2EyZjM0MzgyZDM0MzgyMDNkM2Uy
MDMzMzYzMjMzMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYB
BQUHAQcBAf8EEzARMA8EAgACMAkDBwAqAN2AAA0wDQYJKoZIhvcNAQELBQADggEB
AIUozxBzsyUE/z2wERd843Lnqu8ixilcVHvmnYv3qYrA2yaJfLatCDdDGeaQQxBV
+mv4Zo+/XP/9Net4MCjRUxKfLj7ntFHGK2U08wE4dwerjEsQc2iB9AXwHchejffT
4VI+dbHNej1BFyLDgE4jw0XA3JhJazFq2jsO+YnnA5rFTxgv7Ce8WLpLYOtMO/8a
Rum3KrCh9sIqOMVYYkTXIlkOlT9ZpFGxv9urYto+HL6TFjcP3+E0D41qNjh6wZEt
DkUCmbC7jZxt6d37Lam8xf+mjldgeNhBmreb04QcSxSRtd3Stus7ZJyWvi8p7Kv8
ihsZBv/XKq556cTwdDg41t4=
-----END CERTIFICATE-----