Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa
File:                     3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa (raw, json)
Hash identifier:          xDLnHyzLP6Fmv3oyjGukRl7pUVMXkkk2iyPEOGHGJk0=
Subject key identifier:   DC:4B:3A:23:73:77:5A:1E:24:59:EC:D5:C9:65:28:1B:5C:69:EB:0D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       27EA84E0ADD472D8709247AA33292F125713479A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa
Signing time:             Sat 26 Apr 2025 00:10:33 +0000
ROA not before:           Sat 26 Apr 2025 00:10:33 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:ea:84:e0:ad:d4:72:d8:70:92:47:aa:33:29:2f:12:57:13:47:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 26 00:10:33 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=a0eaf1aec4efa39ddff3102310b2b55d5e6c9014705b6fbfd686a15aa6bbd315, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:c8:4a:ae:8b:33:41:48:e2:3d:c0:d7:f1:d8:
                    b2:c4:bc:d6:d5:fa:d8:1a:7a:8f:7e:50:e3:22:47:
                    7b:02:03:15:f3:79:f4:5f:f6:b8:ff:b2:7d:7b:89:
                    d5:af:fd:70:26:15:23:61:21:9a:85:5d:06:41:c9:
                    a7:2f:a9:7a:e0:27:99:2b:eb:16:12:43:86:30:2b:
                    65:14:ba:9c:1c:e4:88:b2:c7:a2:f0:dc:d3:11:ce:
                    f0:e8:db:8a:59:25:58:2e:21:57:24:88:6d:2e:2d:
                    ba:a6:7e:f0:b2:d6:eb:73:94:e0:5d:2e:66:b8:b4:
                    ed:14:9d:05:0c:02:65:aa:5b:dd:b8:dd:44:d6:d4:
                    5e:f4:c2:86:40:f0:bb:a5:c1:b1:46:85:2d:ea:6e:
                    6d:87:6b:27:74:9b:e3:0d:ef:73:49:cd:99:2d:06:
                    24:c5:aa:b9:cf:60:b8:b6:7c:a9:c0:eb:6e:3c:6e:
                    18:51:af:04:38:8c:80:f8:3b:ad:dc:00:8a:64:71:
                    6b:b7:07:46:df:2a:04:6b:66:5d:7e:ef:ef:c8:ba:
                    cc:15:78:78:c8:c1:08:31:1d:8a:3e:38:97:8b:97:
                    5c:76:6a:5c:7e:4b:57:64:11:36:dc:1d:c8:59:3c:
                    77:c6:6b:a7:35:47:fd:47:a7:cc:f8:e1:ff:ff:b3:
                    f6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:4B:3A:23:73:77:5A:1E:24:59:EC:D5:C9:65:28:1B:5C:69:EB:0D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:8a:b2:93:35:a4:2d:2b:20:89:4a:c3:21:cf:7d:20:b3:e2:
         24:51:97:44:93:c5:49:00:40:66:9f:e5:9c:53:ca:3a:a1:73:
         6a:e2:c9:2b:0d:17:bb:c4:7f:31:b4:27:70:a0:cb:3e:5d:e4:
         55:31:e9:31:45:4d:5a:02:6a:87:78:cc:98:99:bb:25:cb:cb:
         fe:74:5a:97:8b:3c:a4:53:d7:8a:de:83:cc:c3:23:23:f2:b7:
         da:dd:56:49:c2:fd:32:bf:5a:f3:0c:ef:03:bf:14:71:4d:8c:
         3d:1c:62:a0:d4:8a:f1:32:f3:ae:e8:60:1d:59:30:19:2a:a6:
         b1:83:b8:1c:1e:a5:9a:7f:6c:fc:9f:fd:45:f7:68:dc:5f:ab:
         38:b2:68:c9:09:90:42:c7:85:8c:39:e1:c7:6e:f0:e0:57:b9:
         8f:2c:44:88:ed:ed:0d:63:ca:dc:61:13:57:00:2e:95:5e:51:
         8d:6a:db:78:d1:d0:07:4e:17:4a:e5:ce:dd:e4:7a:4f:94:6d:
         91:8f:a7:46:b7:b2:9c:3c:5c:60:0b:b2:5b:a5:22:05:27:db:
         d6:e7:e9:5d:f5:33:5b:16:67:7a:cd:28:17:11:9d:eb:56:ee:
         90:c3:06:7b:e3:f0:37:72:86:29:e9:64:2a:c6:db:23:85:7a:
         00:5d:2c:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ+qE4K3UcthwkkeqMykvElcTR5owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI2MDAxMDMzWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGVhZjFhZWM0ZWZhMzlkZGZmMzEwMjMxMGIyYjU1ZDVl
NmM5MDE0NzA1YjZmYmZkNjg2YTE1YWE2YmJkMzE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwyEquizNBSOI9wNfx2LLEvNbV+tgaeo9+UOMiR3sCAxXz
efRf9rj/sn17idWv/XAmFSNhIZqFXQZByacvqXrgJ5kr6xYSQ4YwK2UUupwc5Iiy
x6Lw3NMRzvDo24pZJVguIVckiG0uLbqmfvCy1utzlOBdLma4tO0UnQUMAmWqW924
3UTW1F70woZA8LulwbFGhS3qbm2Hayd0m+MN73NJzZktBiTFqrnPYLi2fKnA6248
bhhRrwQ4jID4O63cAIpkcWu3B0bfKgRrZl1+7+/IuswVeHjIwQgxHYo+OJeLl1x2
alx+S1dkETbcHchZPHfGa6c1R/1Hp8z44f//s/bpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3Es6I3N3Wh4kWezVyWUoG1xp6w0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiYTZjZGIyLTQ3NTItNGNiYS1iM2VmLWQ3NmNmYjRhZDk2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3uwwDQYJKoZIhvcNAQELBQADggEBAGeKspM1pC0rIIlKwyHPfSCz4iRR
l0STxUkAQGaf5ZxTyjqhc2riySsNF7vEfzG0J3Cgyz5d5FUx6TFFTVoCaod4zJiZ
uyXLy/50WpeLPKRT14reg8zDIyPyt9rdVknC/TK/WvMM7wO/FHFNjD0cYqDUivEy
867oYB1ZMBkqprGDuBwepZp/bPyf/UX3aNxfqziyaMkJkELHhYw54cdu8OBXuY8s
RIjt7Q1jytxhE1cALpVeUY1q23jR0AdOF0rlzt3kek+UbZGPp0a3spw8XGALslul
IgUn29bn6V31M1sWZ3rNKBcRnetW7pDDBnvj8DdyhinpZCrG2yOFegBdLCA=
-----END CERTIFICATE-----