Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/946aec0a-dddf-49ab-b5bf-ec7281eb1e7e.roa
File:                     946aec0a-dddf-49ab-b5bf-ec7281eb1e7e.roa (raw, json)
Hash identifier:          hsJdZfehVdGD6SfscM1svCoTVKUcr+YlCMvHh1ES7nU=
Subject key identifier:   85:9E:E6:14:EC:E8:E9:98:61:DB:B1:6C:54:2A:77:B4:3B:C7:D2:3B
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       76734F9F69566ED5D4EA042F9143FEA5190EB96E
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/946aec0a-dddf-49ab-b5bf-ec7281eb1e7e.roa
Signing time:             Wed 19 Feb 2025 00:10:42 +0000
ROA not before:           Wed 19 Feb 2025 00:10:42 +0000
ROA not after:            Wed 26 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.251.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/1059b52d-846a-4cbe-a7db-796f1dd8b929.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:73:4f:9f:69:56:6e:d5:d4:ea:04:2f:91:43:fe:a5:19:0e:b9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Feb 19 00:10:42 2025 GMT
            Not After : Mar 26 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5d:5b:05:f3:98:02:5d:69:8a:ba:b5:e8:26:
                    6a:8a:51:ef:7b:57:30:24:6f:79:37:70:85:38:c2:
                    ad:61:32:87:fd:83:65:f8:37:bf:bf:e7:0f:a3:b0:
                    93:56:96:f2:14:15:6f:2b:20:bf:ba:b4:ad:18:a9:
                    b3:57:d3:28:d5:42:7f:06:7d:a7:a2:e1:c9:b5:a1:
                    32:74:e4:b7:ed:52:b9:ed:5e:27:10:8b:06:6f:e3:
                    1d:a2:a0:01:b5:17:ea:fd:fb:32:dc:7a:f4:e7:51:
                    ff:98:b7:bd:31:67:e3:af:ae:7a:42:5b:f2:b2:92:
                    b2:b6:d6:c3:c2:71:f4:bf:ba:32:f6:fb:24:e7:f2:
                    5e:fe:54:60:50:4f:4e:97:f2:17:78:08:a7:72:ed:
                    f8:de:0d:75:43:05:ae:e9:c7:d5:aa:47:91:a0:0a:
                    5b:c0:43:c3:c7:38:9d:5c:5b:2b:48:69:28:48:76:
                    2b:8d:bc:36:90:d2:38:1d:16:d5:dc:f6:12:ec:6d:
                    1f:3e:e6:e1:ac:50:28:07:1c:15:e6:6c:2b:17:80:
                    58:0e:88:fc:ab:f8:b2:ee:cc:a9:01:7c:46:82:6a:
                    6b:c2:fc:55:32:cc:fc:d4:c1:ee:c6:ea:f3:e1:cf:
                    fc:84:e9:41:a0:84:f1:9b:ff:93:c3:f9:9d:2e:06:
                    44:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:9E:E6:14:EC:E8:E9:98:61:DB:B1:6C:54:2A:77:B4:3B:C7:D2:3B
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/946aec0a-dddf-49ab-b5bf-ec7281eb1e7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:2a:22:8a:26:ee:84:b0:65:ae:69:a3:d3:bf:bf:57:52:6c:
         ec:aa:b4:69:9c:0e:dc:36:16:ac:47:4d:ad:0e:94:75:c4:26:
         d6:21:21:70:c3:eb:de:b8:3f:e5:08:b1:b2:00:e1:6f:78:3e:
         13:ca:3a:bd:0b:d9:df:c8:62:c6:4f:fc:4c:9c:cc:34:4b:f4:
         a0:2d:18:58:99:f2:53:99:4f:92:e5:00:e5:65:3e:7b:dc:b6:
         35:ca:5f:ed:3a:d1:53:28:29:b0:29:10:2d:3d:4a:d8:1e:d2:
         a4:9e:4e:af:4c:2d:83:f0:7e:4a:e5:77:02:0b:0d:fe:d3:ee:
         37:70:88:e7:f1:9b:44:ab:48:4a:2a:c4:db:4a:ea:52:a2:73:
         15:18:b5:68:d0:8e:7a:23:e8:bc:84:d7:bc:1c:4c:7b:4f:65:
         f2:c0:12:aa:a3:04:bb:5f:be:68:4a:da:05:9a:a6:ee:28:4f:
         a5:e1:8c:8e:37:e2:f7:e4:8e:30:ba:91:2a:d2:43:18:b3:da:
         9c:7a:29:32:6a:5a:24:c2:a1:7c:06:45:d4:e5:2e:9a:e8:ce:
         94:d3:62:48:b0:e9:19:f7:02:29:d6:55:0b:19:55:fb:04:ae:
         fa:66:7f:52:6b:58:5a:d9:0e:02:e4:e4:74:34:d7:2a:97:63:
         a5:0f:49:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdnNPn2lWbtXU6gQvkUP+pRkOuW4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjUwMjE5MDAxMDQyWhcNMjUwMzI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjNjM2U1ZGM5Zjg4MmJhOWNlZjY5ODFhMmE0ZTQyMzcx
Njk3MWFlYTg2ZmRhNzFjZDVhMDY4Njc4Yjg3NWEwMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0XVsF85gCXWmKurXoJmqKUe97VzAkb3k3cIU4wq1hMof9
g2X4N7+/5w+jsJNWlvIUFW8rIL+6tK0YqbNX0yjVQn8Gfaei4cm1oTJ05LftUrnt
XicQiwZv4x2ioAG1F+r9+zLcevTnUf+Yt70xZ+OvrnpCW/KykrK21sPCcfS/ujL2
+yTn8l7+VGBQT06X8hd4CKdy7fjeDXVDBa7px9WqR5GgClvAQ8PHOJ1cWytIaShI
diuNvDaQ0jgdFtXc9hLsbR8+5uGsUCgHHBXmbCsXgFgOiPyr+LLuzKkBfEaCamvC
/FUyzPzUwe7G6vPhz/yE6UGghPGb/5PD+Z0uBkQTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhZ7mFOzo6Zhh27FsVCp3tDvH0jswHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzk0NmFlYzBhLWRkZGYtNDlhYi1iNWJmLWVjNzI4MWViMWU3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAX++EwDQYJKoZIhvcNAQELBQADggEBAEcqIoom7oSwZa5po9O/v1dSbOyq
tGmcDtw2FqxHTa0OlHXEJtYhIXDD6964P+UIsbIA4W94PhPKOr0L2d/IYsZP/Eyc
zDRL9KAtGFiZ8lOZT5LlAOVlPnvctjXKX+060VMoKbApEC09Stge0qSeTq9MLYPw
fkrldwILDf7T7jdwiOfxm0SrSEoqxNtK6lKicxUYtWjQjnoj6LyE17wcTHtPZfLA
EqqjBLtfvmhK2gWapu4oT6XhjI434vfkjjC6kSrSQxiz2px6KTJqWiTCoXwGRdTl
LprozpTTYkiw6Rn3AinWVQsZVfsErvpmf1JrWFrZDgLk5HQ01yqXY6UPSRs=
-----END CERTIFICATE-----