Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1d033e92-47c2-41f9-8d65-3387667b37fb.roa
File:                     1d033e92-47c2-41f9-8d65-3387667b37fb.roa (raw, json)
Hash identifier:          nl8QWswH7HJlpIjI8EEhRWZVo7rfioViDPhvMSKlyho=
Subject key identifier:   1F:7B:84:A8:1C:02:C9:44:34:9A:32:4E:52:97:11:EF:4F:33:35:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2BF440E909B234F1245A1DAB11BE02C15C85A943
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1d033e92-47c2-41f9-8d65-3387667b37fb.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.2.48.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:f4:40:e9:09:b2:34:f1:24:5a:1d:ab:11:be:02:c1:5c:85:a9:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:53:74:03:59:f8:2f:79:55:78:22:89:37:82:
                    7d:d3:b3:0d:68:ca:82:ac:2e:7c:b6:b9:0a:71:da:
                    4e:56:18:35:bc:4d:14:fb:5f:21:5e:f2:ed:b2:26:
                    61:c3:3e:5b:f6:fb:1c:06:37:16:3d:45:23:46:44:
                    9c:24:ea:45:df:9c:e5:42:34:7a:c4:cc:d0:84:6a:
                    6c:c5:d3:b4:0c:09:6b:d7:af:3c:ac:a0:be:74:33:
                    d1:0f:6a:ed:ae:40:b2:65:06:f1:0b:a7:ca:e9:ab:
                    0c:74:7d:d7:b2:d2:54:af:3b:4b:71:36:09:65:bf:
                    d0:dd:ac:ad:3c:33:62:28:4c:8c:7b:ae:4f:f8:83:
                    a8:2f:36:58:4e:87:74:c9:a4:f1:27:f3:83:1a:82:
                    9e:71:22:5f:c9:65:88:22:70:ac:d6:49:3d:e0:fb:
                    46:e1:db:a0:8e:38:4b:15:9b:18:82:0a:f7:4a:fc:
                    3b:36:32:d0:d1:63:0b:4c:43:94:06:14:2f:f8:18:
                    f2:3d:9f:26:04:14:42:1b:7e:db:83:3e:89:07:ae:
                    df:6f:57:bd:17:29:d9:3f:9b:9b:a7:67:f8:78:fb:
                    3d:9e:95:ec:72:08:96:5c:bb:e4:28:ce:2b:6c:51:
                    06:b2:66:7f:36:7f:59:9f:ed:45:b6:35:00:d5:bf:
                    58:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7B:84:A8:1C:02:C9:44:34:9A:32:4E:52:97:11:EF:4F:33:35:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1d033e92-47c2-41f9-8d65-3387667b37fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         46:62:2a:7e:38:4e:62:b5:97:68:18:7a:da:45:f4:fb:c1:5d:
         f8:2c:27:ff:41:d7:86:80:21:25:1e:44:89:77:98:ca:06:94:
         c3:41:79:92:00:f9:6c:25:64:24:9c:c7:ef:9b:96:b3:bf:da:
         0b:e5:15:70:d7:f4:ca:66:fc:3d:d1:26:91:4c:ab:99:4e:aa:
         89:c3:b3:e5:b9:19:77:37:93:9d:4b:68:35:c4:cb:8c:f2:50:
         d1:e9:e9:96:e9:5c:6c:72:df:bb:cb:29:d8:46:80:cd:64:bd:
         40:e0:5a:2f:44:8d:c8:a9:01:7e:ce:cf:cc:5d:df:7b:fc:e1:
         a6:63:d5:c4:57:77:a7:cd:b8:d1:c4:49:8a:3f:28:59:ac:61:
         58:6d:0e:de:51:6c:52:02:54:55:c8:70:c1:b3:65:4c:41:11:
         c1:cd:66:3d:12:2f:51:87:bd:42:5f:07:48:6e:c4:8d:9d:09:
         80:fc:10:8a:a0:0e:df:6d:98:d3:0f:17:e0:b7:03:a2:cf:bd:
         3e:dc:89:00:4b:d2:42:74:7d:1a:62:ed:31:22:15:b0:36:e4:
         09:1c:81:56:b1:33:3d:b2:60:fb:0b:94:b7:be:36:80:c4:36:
         f2:2d:a4:14:7c:2f:83:d3:45:52:65:8a:5c:ba:e8:b7:04:be:
         57:01:0e:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK/RA6QmyNPEkWh2rEb4CwVyFqUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDg2OWU3YTYxMmU0OWQ0OWVjNTc2MzM5ZDhkNzhiMjEy
ZGY1YTNjODI1MzYzMjBhYzViOTBjMjUwNGNmNGRlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZU3QDWfgveVV4Iok3gn3Tsw1oyoKsLny2uQpx2k5WGDW8
TRT7XyFe8u2yJmHDPlv2+xwGNxY9RSNGRJwk6kXfnOVCNHrEzNCEamzF07QMCWvX
rzysoL50M9EPau2uQLJlBvELp8rpqwx0fdey0lSvO0txNgllv9DdrK08M2IoTIx7
rk/4g6gvNlhOh3TJpPEn84Magp5xIl/JZYgicKzWST3g+0bh26COOEsVmxiCCvdK
/Ds2MtDRYwtMQ5QGFC/4GPI9nyYEFEIbftuDPokHrt9vV70XKdk/m5unZ/h4+z2e
lexyCJZcu+QozitsUQayZn82f1mf7UW2NQDVv1ihAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUH3uEqBwCyUQ0mjJOUpcR708zNd4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFkMDMzZTkyLTQ3YzItNDFmOS04ZDY1LTMzODc2NjdiMzdmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQDAjAwDQYJKoZIhvcNAQELBQADggEBAEZiKn44TmK1l2gYetpF9PvBXfgs
J/9B14aAISUeRIl3mMoGlMNBeZIA+WwlZCScx++blrO/2gvlFXDX9Mpm/D3RJpFM
q5lOqonDs+W5GXc3k51LaDXEy4zyUNHp6ZbpXGxy37vLKdhGgM1kvUDgWi9Ejcip
AX7Oz8xd33v84aZj1cRXd6fNuNHESYo/KFmsYVhtDt5RbFICVFXIcMGzZUxBEcHN
Zj0SL1GHvUJfB0huxI2dCYD8EIqgDt9tmNMPF+C3A6LPvT7ciQBL0kJ0fRpi7TEi
FbA25AkcgVaxMz2yYPsLlLe+NoDENvItpBR8L4PTRVJlily66LcEvlcBDic=
-----END CERTIFICATE-----