Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa
File:                     cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa (raw, json)
Hash identifier:          rx2JctYtrTzZ8Hen4QIgc4rr4xjzzHSN2GFMOFtD7Ao=
Subject key identifier:   48:DC:B3:50:8B:21:7F:6B:41:93:DB:16:D9:98:28:37:7B:A0:3C:F5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A1CA3B9096163B6C15BC0552C42AD59A544E08C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa
Signing time:             Fri 25 Apr 2025 16:11:01 +0000
ROA not before:           Fri 25 Apr 2025 16:11:01 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        158.141.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:1c:a3:b9:09:61:63:b6:c1:5b:c0:55:2c:42:ad:59:a5:44:e0:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 16:11:01 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=8f8abf60537420adcd9f98d71cf4e8a63d683f8673e5e96c9b3fc270b7d09916, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:21:c5:a5:ed:88:9a:f3:c3:78:19:be:b9:
                    cf:26:46:59:74:e6:0d:7a:9f:20:69:fd:40:9f:63:
                    50:3e:84:4c:d1:5c:fe:39:da:db:68:a6:6c:88:04:
                    9f:40:cf:63:f8:ed:b3:5c:94:f0:40:f1:62:e2:81:
                    61:f0:d0:3d:7d:33:b8:f2:94:7a:c8:1a:0c:65:85:
                    71:75:36:1e:a1:c5:ea:70:ff:48:8d:ea:d5:b8:f0:
                    6a:3c:5f:b1:31:95:45:20:a9:55:65:42:34:83:e8:
                    a5:74:f1:1a:09:31:0c:43:e4:c0:dc:67:1f:dd:81:
                    69:10:10:9f:8a:2f:a2:0d:4b:10:cd:03:e8:fb:60:
                    c4:0f:b2:c6:64:3a:90:f4:6e:f4:f4:5d:43:c9:a9:
                    10:9c:ca:dc:18:9f:06:94:d3:59:a8:5b:01:ba:44:
                    16:4a:ec:07:9d:2d:73:1c:a4:66:c9:31:8b:98:96:
                    9a:e9:d7:4c:02:ed:25:88:8b:af:fb:2b:72:4a:e4:
                    23:04:cc:c4:fb:3c:de:58:54:70:a4:ed:f4:53:aa:
                    89:c4:b0:c9:eb:79:2c:cd:d3:4d:3a:1c:b6:31:ab:
                    36:1e:da:55:68:99:f2:de:1d:d4:b8:c7:5d:1a:6b:
                    3a:bb:35:fc:40:d7:ee:55:01:e5:b4:17:d3:c9:e1:
                    de:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:DC:B3:50:8B:21:7F:6B:41:93:DB:16:D9:98:28:37:7B:A0:3C:F5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.141.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         75:43:e5:a7:c1:d7:f4:f8:50:d9:92:99:2b:ba:95:27:dc:00:
         78:fe:af:d7:a6:01:c6:f4:8e:0f:1b:6b:6d:11:98:e9:d2:28:
         25:0c:2a:00:d1:ac:0c:fe:02:d2:83:38:27:ad:e5:69:5c:e3:
         f0:70:f5:de:2c:e7:df:0d:5e:4b:02:5e:2b:9a:ed:69:34:5f:
         0d:14:69:87:4d:bd:67:49:77:33:64:86:9b:3d:40:af:54:52:
         09:81:86:64:52:28:ce:89:be:0f:c1:05:5f:4d:39:6f:70:0b:
         d1:dd:d6:a0:e8:71:5c:5f:ea:3e:71:a4:c3:94:aa:b2:22:78:
         d1:20:0c:b1:36:54:50:ed:f4:b1:6b:9c:6d:fd:08:66:90:6e:
         5d:96:3e:0c:4f:3a:0e:27:d4:fa:1b:bc:83:84:77:2d:e3:5c:
         0b:52:48:40:b7:83:bc:a4:03:05:d3:2c:63:02:9d:90:96:76:
         42:c3:8a:02:04:a6:4c:8c:13:9f:8c:64:f4:4d:a2:0b:55:06:
         27:8b:d5:12:ec:c3:cb:4e:84:36:81:92:1c:c4:0f:41:45:dc:
         a5:f2:c8:03:f1:d6:f1:6c:6a:da:7b:6b:98:bc:c4:6a:2c:3b:
         6d:fb:ed:8b:43:88:0e:33:ab:e5:af:6f:70:10:84:3b:45:46:
         20:a5:02:f0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUShyjuQlhY7bBW8BVLEKtWaVE4IwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTYxMTAxWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjhhYmY2MDUzNzQyMGFkY2Q5Zjk4ZDcxY2Y0ZThhNjNk
NjgzZjg2NzNlNWU5NmM5YjNmYzI3MGI3ZDA5OTE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwkyHFpe2ImvPDeBm+uc8mRll05g16nyBp/UCfY1A+hEzR
XP452ttopmyIBJ9Az2P47bNclPBA8WLigWHw0D19M7jylHrIGgxlhXF1Nh6hxepw
/0iN6tW48Go8X7ExlUUgqVVlQjSD6KV08RoJMQxD5MDcZx/dgWkQEJ+KL6INSxDN
A+j7YMQPssZkOpD0bvT0XUPJqRCcytwYnwaU01moWwG6RBZK7AedLXMcpGbJMYuY
lprp10wC7SWIi6/7K3JK5CMEzMT7PN5YVHCk7fRTqonEsMnreSzN0006HLYxqzYe
2lVomfLeHdS4x10aazq7NfxA1+5VAeW0F9PJ4d6BAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSNyzUIshf2tBk9sW2ZgoN3ugPPUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NkNzU3ZDFhLWYzYjAtNGY1ZS1hZmRmLTFiOGNkNmI5NjhlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCejTANBgkqhkiG9w0BAQsFAAOCAQEAdUPlp8HX9PhQ2ZKZK7qVJ9wAeP6v
16YBxvSODxtrbRGY6dIoJQwqANGsDP4C0oM4J63laVzj8HD13izn3w1eSwJeK5rt
aTRfDRRph029Z0l3M2SGmz1Ar1RSCYGGZFIozom+D8EFX005b3AL0d3WoOhxXF/q
PnGkw5SqsiJ40SAMsTZUUO30sWucbf0IZpBuXZY+DE86DifU+hu8g4R3LeNcC1JI
QLeDvKQDBdMsYwKdkJZ2QsOKAgSmTIwTn4xk9E2iC1UGJ4vVEuzDy06ENoGSHMQP
QUXcpfLIA/HW8Wxq2ntrmLzEaiw7bfvti0OIDjOr5a9vcBCEO0VGIKUC8A==
-----END CERTIFICATE-----