Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa
File:                     e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa (raw, json)
Hash identifier:          LAK5on7mzNBYWHbqIIn0wp0Ru+CvOB1vFUKNpGg7ZBI=
Subject key identifier:   AC:70:6A:BF:36:D5:EA:80:D3:28:67:9E:FE:B2:DD:21:48:96:CF:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7161CB5A1980A2A4BF12E1D6E9727BE1B8CD2D56
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa
Signing time:             Tue 22 Apr 2025 17:50:08 +0000
ROA not before:           Tue 22 Apr 2025 17:50:08 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:61:cb:5a:19:80:a2:a4:bf:12:e1:d6:e9:72:7b:e1:b8:cd:2d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 22 17:50:08 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=ea7fda79d99da3b6f83a0aaed7f34d26914f7cb30e2c62f977a55484d942360d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:90:ff:05:9d:c2:de:d9:b2:8b:bf:3c:d7:2d:
                    f5:e8:15:2e:a5:9a:46:ce:a6:f8:fc:8b:43:5d:ab:
                    c1:87:7a:51:3a:e7:d9:2c:41:8a:67:ec:15:b0:67:
                    46:a5:c8:b8:32:b7:49:80:2d:94:73:02:f8:94:5b:
                    cc:83:2b:3e:1d:70:43:31:e6:ee:e2:9e:e1:7f:5d:
                    f0:98:70:4b:16:5e:71:8c:6e:7c:b0:95:88:6b:2c:
                    2d:c3:1e:5c:21:24:cd:85:1e:e2:00:d9:95:13:67:
                    cb:8b:bb:5f:ea:02:9c:0e:23:28:55:58:12:4a:b0:
                    53:f2:e2:0a:ca:c2:9e:df:32:7c:b1:d0:32:a6:40:
                    43:89:54:89:dc:6f:33:76:99:75:0f:21:1a:94:69:
                    d7:d9:3a:9a:03:7d:bf:ea:9d:11:ad:9b:99:8b:a6:
                    db:6b:e2:53:be:81:f0:ed:9b:76:af:9f:f1:8b:6b:
                    f7:5c:7b:39:e7:69:d1:c1:bc:49:7a:63:0d:23:b3:
                    84:4f:8f:c9:1e:81:ca:dd:b3:6a:1b:37:d4:19:17:
                    f3:7b:7f:a2:3c:62:34:cb:af:c1:a0:87:8a:9b:9d:
                    e6:61:73:08:0d:90:fa:61:1f:87:c8:89:5b:c2:52:
                    3b:b7:df:a0:2d:8b:fb:f6:3e:39:51:07:64:7f:26:
                    3c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:70:6A:BF:36:D5:EA:80:D3:28:67:9E:FE:B2:DD:21:48:96:CF:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2847c81-5b1b-455f-b1d5-0d1a4d37380f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:d8:95:d2:da:3c:41:29:f3:db:2e:bc:74:3f:ec:4f:d7:2e:
         3d:eb:f4:cc:21:ef:5e:ef:a2:10:ad:07:e4:41:e8:ad:0e:52:
         b5:4c:5b:bf:24:21:ba:28:e4:34:be:05:b3:bc:b6:bd:d7:be:
         ff:43:d9:5f:ff:c0:b0:c0:6c:05:4c:8f:0a:a0:fb:92:9a:9a:
         26:0c:71:9b:5a:d9:9a:1a:45:5e:3a:d5:70:d1:36:8a:ef:de:
         28:58:26:14:41:28:e5:d1:b2:17:7b:4a:1c:38:4e:3c:5b:3a:
         68:6e:9c:ef:b1:3d:b0:19:55:8a:ef:e2:03:3e:be:6c:c3:f2:
         6e:af:e6:81:3c:6a:06:bf:de:8c:9a:1c:93:86:41:a2:08:1d:
         ba:46:ba:68:4d:3c:05:84:80:1b:38:5c:8e:1f:d4:69:a5:27:
         f3:66:d6:43:18:a7:c8:83:6a:e8:fb:fd:51:c4:57:de:33:13:
         04:20:65:f3:46:d3:ed:22:24:4f:c3:53:26:fc:27:37:05:27:
         b7:52:ef:ef:77:ca:23:8d:b0:b5:b8:6e:2b:87:74:d1:21:c0:
         71:6e:f6:50:81:a8:91:f8:fa:a4:ad:9e:e4:63:68:fd:ad:b8:
         76:8f:f7:f0:e0:3a:c9:ea:28:86:e9:28:07:cf:73:6f:02:77:
         a6:61:42:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcWHLWhmAoqS/EuHW6XJ74bjNLVYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDIyMTc1MDA4WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTdmZGE3OWQ5OWRhM2I2ZjgzYTBhYWVkN2YzNGQyNjkx
NGY3Y2IzMGUyYzYyZjk3N2E1NTQ4NGQ5NDIzNjBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNkP8FncLe2bKLvzzXLfXoFS6lmkbOpvj8i0Ndq8GHelE6
59ksQYpn7BWwZ0alyLgyt0mALZRzAviUW8yDKz4dcEMx5u7inuF/XfCYcEsWXnGM
bnywlYhrLC3DHlwhJM2FHuIA2ZUTZ8uLu1/qApwOIyhVWBJKsFPy4grKwp7fMnyx
0DKmQEOJVIncbzN2mXUPIRqUadfZOpoDfb/qnRGtm5mLpttr4lO+gfDtm3avn/GL
a/dceznnadHBvEl6Yw0js4RPj8kegcrds2obN9QZF/N7f6I8YjTLr8Ggh4qbneZh
cwgNkPphH4fIiVvCUju336Ati/v2PjlRB2R/JjwBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrHBqvzbV6oDTKGee/rLdIUiWz90wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UyODQ3YzgxLTViMWItNDU1Zi1iMWQ1LTBkMWE0ZDM3MzgwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3kcwDQYJKoZIhvcNAQELBQADggEBALPYldLaPEEp89suvHQ/7E/XLj3r
9Mwh717vohCtB+RB6K0OUrVMW78kIboo5DS+BbO8tr3Xvv9D2V//wLDAbAVMjwqg
+5KamiYMcZta2ZoaRV461XDRNorv3ihYJhRBKOXRshd7Shw4TjxbOmhunO+xPbAZ
VYrv4gM+vmzD8m6v5oE8aga/3oyaHJOGQaIIHbpGumhNPAWEgBs4XI4f1GmlJ/Nm
1kMYp8iDauj7/VHEV94zEwQgZfNG0+0iJE/DUyb8JzcFJ7dS7+93yiONsLW4biuH
dNEhwHFu9lCBqJH4+qStnuRjaP2tuHaP9/DgOsnqKIbpKAfPc28Cd6ZhQp8=
-----END CERTIFICATE-----