Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/60789a29-f516-47ec-9154-b2b610f7282e.roa
File:                     60789a29-f516-47ec-9154-b2b610f7282e.roa (raw, json)
Hash identifier:          7iu8gGphRN10x1UNsBn3f9FR6N252cQrjovFei/Tlp8=
Subject key identifier:   18:36:65:1E:2F:15:99:C5:F5:56:EB:FE:EE:98:DE:91:D5:D7:52:E1
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       67B319FC5D02F1679E71765FB0A7D35F70FBA901
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/60789a29-f516-47ec-9154-b2b610f7282e.roa
Signing time:             Sat 15 Mar 2025 00:00:11 +0000
ROA not before:           Sat 15 Mar 2025 00:00:11 +0000
ROA not after:            Sat 19 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.221.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:b3:19:fc:5d:02:f1:67:9e:71:76:5f:b0:a7:d3:5f:70:fb:a9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Mar 15 00:00:11 2025 GMT
            Not After : Apr 19 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:98:d0:cd:39:96:fa:5a:97:2c:72:c9:59:2d:
                    a7:96:35:81:2e:97:b0:be:bc:9e:f2:a1:7f:12:9f:
                    e6:7d:6b:c7:a3:50:e0:f2:d0:72:9b:ca:3e:f1:66:
                    9f:d6:16:0f:a5:d0:5b:43:96:e1:3f:70:6a:66:45:
                    4f:b9:68:00:ef:86:0e:11:d0:af:56:a3:a4:26:b5:
                    18:0a:80:6b:9e:e3:7b:7f:12:bb:b9:57:1b:f1:ec:
                    c7:73:a2:33:82:2a:6d:c5:74:04:a7:f7:4a:88:2e:
                    c7:53:00:ef:96:d6:90:76:3c:31:d9:2f:57:42:93:
                    10:38:8d:8e:fd:fa:d2:21:75:94:f8:86:44:23:a4:
                    06:82:5e:32:e1:31:43:d1:3a:09:c1:5b:9c:94:60:
                    c4:67:20:d4:4c:30:e3:e6:97:05:0d:ca:b9:24:94:
                    6c:7a:e7:96:e5:ba:46:ac:1f:6e:1a:6d:a3:4b:a8:
                    e3:37:62:d7:ec:fb:39:84:ea:08:17:b8:b1:a1:86:
                    9b:64:df:c1:4e:25:8a:ee:f2:c5:78:a7:d6:a9:bc:
                    ce:fe:7e:86:d4:b0:46:06:d4:84:f5:14:c4:44:87:
                    37:21:3a:72:31:d1:f9:6e:7f:13:ed:d5:c2:03:1e:
                    9c:eb:dd:b0:4b:7d:bc:bf:d5:38:6c:d3:de:c0:73:
                    25:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:36:65:1E:2F:15:99:C5:F5:56:EB:FE:EE:98:DE:91:D5:D7:52:E1
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/60789a29-f516-47ec-9154-b2b610f7282e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.221.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:92:d8:d0:91:11:c5:bd:56:24:4f:dd:84:2e:02:3b:c5:2c:
         3c:4b:9b:26:68:3e:41:df:65:dc:59:c0:fb:bc:f4:d5:06:3c:
         18:a3:23:86:7f:28:27:a0:78:d3:00:0f:cd:49:45:ac:53:bc:
         97:ef:2a:5b:22:02:9b:24:19:18:8a:f0:32:da:2f:e2:b8:63:
         5c:da:9d:ec:75:6e:47:84:5f:52:00:d2:ee:15:29:31:c1:57:
         93:98:ab:fa:34:2e:ea:d5:bd:70:85:0c:4e:e8:7d:b3:64:a3:
         15:9f:fa:35:3b:a0:07:8e:87:70:93:4d:33:f1:a7:b4:9b:55:
         55:62:eb:d6:b4:71:f5:0f:9a:b7:81:35:16:22:b3:8b:fb:3d:
         02:85:0c:ea:73:cf:c5:cf:ec:37:3e:a6:2f:39:68:f5:80:35:
         60:51:5e:50:a3:77:0e:97:b7:62:9e:8d:2f:03:d2:6e:68:6e:
         74:3a:ab:08:92:82:55:70:45:21:74:e4:a3:44:58:55:2c:9d:
         b8:6a:33:3d:5e:89:2c:36:f8:73:2e:9d:fc:0e:bf:30:84:4c:
         80:09:68:0d:23:ca:8f:45:ed:9c:15:97:ab:fe:fa:bc:35:2f:
         d6:ee:d0:9f:67:a5:31:34:66:36:f2:f3:eb:02:86:89:f2:79:
         81:c4:59:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ7MZ/F0C8WeecXZfsKfTX3D7qQEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMzE1MDAwMDExWhcNMjUwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGQ2NzRhMGQyYzk4Y2RiMDU0Njg1MTFmZWJhMzg3ZjVm
MmUxOWExODBkOWM3ZjFhNzVmYTVmNWJiNGYzNGZkMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkmNDNOZb6WpcscslZLaeWNYEul7C+vJ7yoX8Sn+Z9a8ej
UODy0HKbyj7xZp/WFg+l0FtDluE/cGpmRU+5aADvhg4R0K9Wo6QmtRgKgGue43t/
Eru5Vxvx7MdzojOCKm3FdASn90qILsdTAO+W1pB2PDHZL1dCkxA4jY79+tIhdZT4
hkQjpAaCXjLhMUPROgnBW5yUYMRnINRMMOPmlwUNyrkklGx655blukasH24abaNL
qOM3Ytfs+zmE6ggXuLGhhptk38FOJYru8sV4p9apvM7+fobUsEYG1IT1FMREhzch
OnIx0flufxPt1cIDHpzr3bBLfby/1Ths097AcyV3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGDZlHi8VmcX1Vuv+7pjekdXXUuEwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzYwNzg5YTI5LWY1MTYtNDdlYy05MTU0LWIyYjYxMGY3MjgyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPY3agwDQYJKoZIhvcNAQELBQADggEBAC6S2NCREcW9ViRP3YQuAjvFLDxL
myZoPkHfZdxZwPu89NUGPBijI4Z/KCegeNMAD81JRaxTvJfvKlsiApskGRiK8DLa
L+K4Y1zanex1bkeEX1IA0u4VKTHBV5OYq/o0LurVvXCFDE7ofbNkoxWf+jU7oAeO
h3CTTTPxp7SbVVVi69a0cfUPmreBNRYis4v7PQKFDOpzz8XP7Dc+pi85aPWANWBR
XlCjdw6Xt2KejS8D0m5obnQ6qwiSglVwRSF05KNEWFUsnbhqMz1eiSw2+HMunfwO
vzCETIAJaA0jyo9F7ZwVl6v++rw1L9bu0J9npTE0Zjby8+sChonyeYHEWVo=
-----END CERTIFICATE-----