Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35ca3140-11fa-467b-b947-c88e9275d128.roa
File:                     35ca3140-11fa-467b-b947-c88e9275d128.roa (raw, json)
Hash identifier:          2r8sNGFVr8jz7m7A2U7SIhNIbjlZAc2SEj5opU8vRho=
Subject key identifier:   14:AB:36:8F:31:07:9D:29:AA:20:99:9D:22:55:AF:16:E2:4B:65:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       71F03ECD34A50B04CF4804F8A0E923E5E5FEB0F1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35ca3140-11fa-467b-b947-c88e9275d128.roa
Signing time:             Wed 16 Apr 2025 00:30:11 +0000
ROA not before:           Wed 16 Apr 2025 00:30:11 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f0:3e:cd:34:a5:0b:04:cf:48:04:f8:a0:e9:23:e5:e5:fe:b0:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 16 00:30:11 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=13250c3f3ceb6cbd204e66eadb12dfa41b5714a8f810551a54705e611a6c55ea, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:63:82:fb:bf:f4:9e:51:fc:d9:b9:6a:25:06:
                    91:7e:0b:07:26:fd:a0:9a:82:39:1e:85:fd:ed:1b:
                    6e:74:3f:63:39:3f:22:54:52:61:a8:7f:59:eb:56:
                    a6:cd:99:e7:c5:cc:64:18:5b:89:84:05:c8:73:b1:
                    a5:b2:75:f7:72:d8:76:28:d8:70:80:ba:fa:b2:51:
                    9b:ef:12:96:a4:1f:a9:0e:5c:15:3d:8b:4c:5d:42:
                    a3:77:89:fb:f6:28:ef:93:80:ed:54:dc:9c:f5:39:
                    86:36:d3:5b:57:64:8c:f7:14:23:b4:72:1e:18:69:
                    ec:7b:ce:d3:61:bd:96:9e:3e:14:d0:86:e3:9b:b7:
                    ab:6e:4e:06:c3:bf:97:65:ec:db:85:9b:de:47:03:
                    e7:91:a0:45:4e:5a:d0:c6:5d:be:37:cf:c0:f0:cf:
                    f4:9b:54:6e:40:65:d9:0d:90:97:80:1c:18:da:c6:
                    fd:f1:25:be:6e:42:51:9a:fe:08:5c:ca:dc:f6:12:
                    f1:76:71:89:c3:ed:db:1c:92:be:de:79:68:0b:63:
                    3a:bb:6b:39:9b:58:ab:ec:b9:d6:20:ae:de:b4:3d:
                    54:ac:01:65:d9:26:dc:8d:58:52:ee:8e:a5:63:6f:
                    57:a0:43:f0:4d:cc:54:1a:24:fb:95:67:ab:89:e1:
                    41:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:AB:36:8F:31:07:9D:29:AA:20:99:9D:22:55:AF:16:E2:4B:65:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35ca3140-11fa-467b-b947-c88e9275d128.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:08:ef:30:47:b6:76:aa:74:b3:31:a6:80:b5:85:e4:f4:71:
         ad:ab:c9:06:be:80:a5:c5:82:c3:2f:32:16:c3:2c:2b:c7:ea:
         c4:60:9c:47:30:66:b4:be:8c:31:b6:13:f9:f3:32:8a:96:e6:
         95:c2:4b:dd:4c:70:b7:4d:dc:be:ce:ca:fd:15:63:c3:5a:46:
         91:23:ab:40:f8:f5:86:ab:38:9f:12:03:1a:32:ad:eb:e8:5e:
         e4:0d:af:df:09:4b:98:ca:cf:7c:ef:f4:e4:2b:26:c7:ba:45:
         ee:bd:55:c1:90:c0:03:e9:a6:ea:39:5f:8f:ee:da:d5:5c:81:
         a7:d7:92:27:f5:ad:d6:23:cd:dd:27:08:07:9c:92:ff:0e:99:
         05:e8:74:00:cf:df:95:21:ff:38:d6:d0:2c:bf:57:b7:b2:f3:
         30:ec:f4:d9:3f:0f:cb:de:07:c0:c5:24:0d:92:c5:26:da:4e:
         a8:fc:4d:4d:0b:2e:94:fb:91:f7:38:a5:5d:a7:d5:4b:19:9e:
         ad:d4:f8:71:b0:13:f5:8d:23:4b:5d:07:f7:ea:14:5b:5c:bc:
         71:69:88:5a:c4:1b:80:89:a3:28:f5:66:fc:2d:fd:22:68:c7:
         b0:0b:ee:fe:e2:e4:2f:a4:85:95:bc:7a:88:23:07:7e:e4:4b:
         29:d5:0f:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcfA+zTSlCwTPSAT4oOkj5eX+sPEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE2MDAzMDExWhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzI1MGMzZjNjZWI2Y2JkMjA0ZTY2ZWFkYjEyZGZhNDFi
NTcxNGE4ZjgxMDU1MWE1NDcwNWU2MTFhNmM1NWVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWY4L7v/SeUfzZuWolBpF+Cwcm/aCagjkehf3tG250P2M5
PyJUUmGof1nrVqbNmefFzGQYW4mEBchzsaWydfdy2HYo2HCAuvqyUZvvEpakH6kO
XBU9i0xdQqN3ifv2KO+TgO1U3Jz1OYY201tXZIz3FCO0ch4Yaex7ztNhvZaePhTQ
huObt6tuTgbDv5dl7NuFm95HA+eRoEVOWtDGXb43z8Dwz/SbVG5AZdkNkJeAHBja
xv3xJb5uQlGa/ghcytz2EvF2cYnD7dsckr7eeWgLYzq7azmbWKvsudYgrt60PVSs
AWXZJtyNWFLujqVjb1egQ/BNzFQaJPuVZ6uJ4UGfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFKs2jzEHnSmqIJmdIlWvFuJLZSEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM1Y2EzMTQwLTExZmEtNDY3Yi1iOTQ3LWM4OGU5Mjc1ZDEyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3o8wDQYJKoZIhvcNAQELBQADggEBADoI7zBHtnaqdLMxpoC1heT0ca2r
yQa+gKXFgsMvMhbDLCvH6sRgnEcwZrS+jDG2E/nzMoqW5pXCS91McLdN3L7Oyv0V
Y8NaRpEjq0D49YarOJ8SAxoyrevoXuQNr98JS5jKz3zv9OQrJse6Re69VcGQwAPp
puo5X4/u2tVcgafXkif1rdYjzd0nCAeckv8OmQXodADP35Uh/zjW0Cy/V7ey8zDs
9Nk/D8veB8DFJA2SxSbaTqj8TU0LLpT7kfc4pV2n1UsZnq3U+HGwE/WNI0tdB/fq
FFtcvHFpiFrEG4CJoyj1Zvwt/SJox7AL7v7i5C+khZW8eogjB37kSynVD2c=
-----END CERTIFICATE-----