Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa
File:                     e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa (raw, json)
Hash identifier:          zrVohZnsHa8FAbQ59mdQIlbID+ka4VUzY+aPMPbWMoA=
Subject key identifier:   AB:3E:98:23:39:F0:CA:36:6E:D1:D2:FF:19:5E:16:F3:E2:03:44:87
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2110EB84181081C9FB4933CF0B8E135360E2AB9F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa
Signing time:             Tue 08 Jul 2025 17:51:28 +0000
ROA not before:           Tue 08 Jul 2025 17:51:28 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:10:eb:84:18:10:81:c9:fb:49:33:cf:0b:8e:13:53:60:e2:ab:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul  8 17:51:28 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=f41999f933f3a4cea8883302c0828fed311e33252662d27131f7f3126c4a61af, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:80:fd:ae:ff:ae:e0:1f:02:d3:04:e6:31:90:
                    a1:f8:81:d9:96:6f:3a:b8:75:b8:54:06:83:5f:e7:
                    e5:88:d9:ca:3b:5a:f0:49:38:e8:37:bb:68:39:0f:
                    3b:ae:56:93:d9:a5:48:99:84:fb:6d:23:d2:6c:99:
                    bf:8a:0e:a0:25:cf:6f:8c:29:87:37:ad:75:3a:55:
                    55:fb:32:f7:f8:94:a5:41:4f:a1:de:e0:8d:21:04:
                    8e:a7:af:08:c6:18:b4:e7:0b:37:f0:b9:a6:bf:a2:
                    7f:2a:e9:57:cd:7b:99:c9:57:ac:80:99:d3:1e:01:
                    7d:f8:b4:07:20:5b:e4:4d:23:7d:d5:bf:cd:de:a0:
                    9d:42:23:5c:75:a2:7f:e7:95:0d:32:6e:b8:50:0d:
                    94:34:a8:7d:29:83:c1:42:9c:41:b2:d3:81:f6:4a:
                    81:ec:b3:be:39:fc:7a:fe:4c:45:72:0d:1e:6d:7d:
                    ff:ff:68:1d:cd:45:a5:b7:29:60:00:12:b6:ed:6b:
                    d7:13:d0:4b:bc:2a:a8:ee:51:84:ea:c8:8f:1a:30:
                    aa:4c:ec:30:54:56:aa:8f:01:42:23:d7:48:cc:e6:
                    ef:88:5c:f1:78:0c:3f:08:4c:14:27:ce:66:69:9d:
                    d2:42:a6:58:6e:d0:79:75:72:d3:79:24:7e:22:d7:
                    68:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:3E:98:23:39:F0:CA:36:6E:D1:D2:FF:19:5E:16:F3:E2:03:44:87
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:60:f0:55:35:66:cc:20:44:3b:80:ab:7d:42:41:cc:ff:b7:
         25:78:00:8c:5c:d9:9b:eb:e9:80:c1:4b:3c:d6:82:ca:4e:98:
         63:0e:9d:49:46:23:95:ee:74:cd:b3:b0:54:46:9b:1e:45:e1:
         c3:d2:42:87:1b:22:71:ce:0c:6e:53:ee:dd:63:47:bf:6c:3f:
         b1:35:a9:49:2e:b6:f3:d0:cc:9d:9f:8a:7e:7c:f5:d9:5e:97:
         67:63:e0:f2:da:a1:5a:98:d6:cb:9b:39:2f:47:67:0c:87:81:
         56:f1:e3:5c:80:bc:f5:8a:22:39:89:ae:05:72:fb:2e:e0:54:
         9c:52:12:ca:49:5d:e0:d7:dc:dd:1c:84:26:78:4e:d1:66:d1:
         f9:39:c6:12:9f:3f:59:e2:66:2f:33:d3:42:96:06:86:da:cc:
         b3:83:de:06:e4:77:12:b5:eb:84:a9:8a:b2:f1:95:c3:30:66:
         40:2a:9d:01:c2:33:9c:6b:f3:4b:59:7e:a6:a0:7c:84:a0:1c:
         eb:04:d5:db:cd:78:f9:ec:95:b6:87:9e:d6:05:66:49:b4:eb:
         3b:b8:d9:72:90:55:be:67:25:52:6d:83:27:5b:fb:99:25:a3:
         cf:24:f1:1c:b0:e7:d3:c7:4c:f4:e8:1d:0d:80:98:a3:32:a6:
         8a:43:f3:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIRDrhBgQgcn7STPPC44TU2Diq58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzA4MTc1MTI4WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDE5OTlmOTMzZjNhNGNlYTg4ODMzMDJjMDgyOGZlZDMx
MWUzMzI1MjY2MmQyNzEzMWY3ZjMxMjZjNGE2MWFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSgP2u/67gHwLTBOYxkKH4gdmWbzq4dbhUBoNf5+WI2co7
WvBJOOg3u2g5DzuuVpPZpUiZhPttI9Jsmb+KDqAlz2+MKYc3rXU6VVX7Mvf4lKVB
T6He4I0hBI6nrwjGGLTnCzfwuaa/on8q6VfNe5nJV6yAmdMeAX34tAcgW+RNI33V
v83eoJ1CI1x1on/nlQ0ybrhQDZQ0qH0pg8FCnEGy04H2SoHss745/Hr+TEVyDR5t
ff//aB3NRaW3KWAAErbta9cT0Eu8KqjuUYTqyI8aMKpM7DBUVqqPAUIj10jM5u+I
XPF4DD8ITBQnzmZpndJCplhu0Hl1ctN5JH4i12glAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqz6YIznwyjZu0dL/GV4W8+IDRIcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UyODQ3YzgxLTViMWItNDU1Zi1iMWQ1LTBkMWE0ZDM3MzgwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3kcwDQYJKoZIhvcNAQELBQADggEBAHZg8FU1ZswgRDuAq31CQcz/tyV4
AIxc2Zvr6YDBSzzWgspOmGMOnUlGI5XudM2zsFRGmx5F4cPSQocbInHODG5T7t1j
R79sP7E1qUkutvPQzJ2fin589dlel2dj4PLaoVqY1subOS9HZwyHgVbx41yAvPWK
IjmJrgVy+y7gVJxSEspJXeDX3N0chCZ4TtFm0fk5xhKfP1niZi8z00KWBobazLOD
3gbkdxK164SpirLxlcMwZkAqnQHCM5xr80tZfqagfISgHOsE1dvNePnslbaHntYF
Zkm06zu42XKQVb5nJVJtgydb+5klo88k8Ryw59PHTPToHQ2AmKMypopD8ww=
-----END CERTIFICATE-----