Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c91061a-ee80-4ba7-87d5-b68a7b08cc53.roa
File:                     2c91061a-ee80-4ba7-87d5-b68a7b08cc53.roa (raw, json)
Hash identifier:          EyKwNAboVyIErssTs9+oaJtyc+yiSkR1Mdz/kdg7J2s=
Subject key identifier:   7C:E7:32:BA:4A:C5:72:E9:90:3F:86:51:24:2E:C9:67:DD:9F:7A:A1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6C17BA96DCE243A2616A2002B42EFE5B2AE0963E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c91061a-ee80-4ba7-87d5-b68a7b08cc53.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.0.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:17:ba:96:dc:e2:43:a2:61:6a:20:02:b4:2e:fe:5b:2a:e0:96:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cb:0e:c7:1a:b1:18:2a:a9:1a:a5:19:db:3d:
                    f4:4a:a9:7b:2a:4f:ba:14:94:26:af:68:a5:6e:9c:
                    bd:19:9a:19:47:9c:30:b9:d2:82:f1:0a:c2:2f:d0:
                    2f:10:a4:04:47:f9:fb:51:06:bb:3b:a9:bb:fd:d8:
                    92:80:39:83:8c:eb:3b:22:ae:38:30:9d:d8:f0:c6:
                    4e:cc:6a:3f:b3:51:9f:a5:2f:5b:30:d7:35:3b:aa:
                    28:86:7e:c6:fd:5a:2a:2f:62:42:25:1d:f4:7c:e7:
                    da:97:2a:12:c2:02:47:bd:4f:ff:33:3d:cf:04:eb:
                    ea:cf:42:8e:f8:45:f4:ca:78:6e:0f:5e:b7:db:7c:
                    75:28:09:4c:e2:e4:44:29:3e:74:ac:b3:cc:0f:17:
                    41:e8:e8:08:d6:5d:cc:11:90:8b:08:c8:6b:9d:be:
                    7e:f2:03:01:04:43:79:88:f9:bd:91:b0:5a:16:eb:
                    59:6d:29:4d:78:04:30:db:99:34:99:71:5e:ef:50:
                    15:c7:44:5c:6f:3c:59:a7:1b:17:c1:5f:a3:f6:b8:
                    f8:1f:8f:b1:21:02:92:3a:ad:c4:8f:34:6c:b5:cd:
                    9b:79:04:6d:b9:e8:5e:ee:98:db:93:19:8b:da:62:
                    d4:1b:d5:0a:4a:05:6f:1b:f9:16:ac:cf:9a:b2:43:
                    2e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E7:32:BA:4A:C5:72:E9:90:3F:86:51:24:2E:C9:67:DD:9F:7A:A1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c91061a-ee80-4ba7-87d5-b68a7b08cc53.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.0.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8a:bc:43:38:d5:18:9a:fa:62:ad:26:40:83:16:71:2d:be:fc:
         54:a4:66:eb:9c:b7:3e:2b:14:4f:b9:71:98:8f:d3:97:8e:f4:
         3f:aa:95:66:a2:73:0f:59:5e:10:11:f7:05:47:16:9c:91:15:
         52:ef:51:f0:3b:17:ea:b2:35:e6:54:99:b7:a2:a1:79:50:3a:
         b7:00:2f:d0:b7:1c:e5:fa:90:26:46:18:ef:7b:6b:4b:7f:52:
         89:6a:7e:ba:b9:c5:6f:63:e9:5d:50:d1:65:cb:e1:4d:f6:d5:
         c3:ce:c3:44:72:ae:85:7b:4d:da:6a:3c:99:ad:ea:c4:2f:ff:
         cd:bf:55:78:8b:d2:5e:10:02:0e:a8:cc:3f:35:4f:26:57:90:
         51:f2:0a:0a:3b:8c:ba:f8:10:3c:84:51:11:fb:d7:f6:86:78:
         50:80:4c:7f:54:18:4a:71:54:c0:60:b3:36:fa:77:68:61:9f:
         50:13:5a:67:1e:f7:0a:93:6f:8e:f5:4a:e8:91:21:7c:7a:fe:
         6c:9d:02:7a:f8:2b:0e:84:47:0a:7e:00:5b:a7:98:a4:a3:d8:
         68:a9:d8:74:3a:58:75:52:3a:a6:8f:be:30:10:5d:f2:3a:ca:
         4c:3b:f0:46:84:ec:94:27:d0:a4:4d:9b:08:9d:43:ec:6e:cb:
         85:a9:d7:f2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbBe6ltziQ6JhaiACtC7+Wyrglj4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjMyNjc1NGY3MDQwYmMwYjQzYjAyOGMwZjM1YWE1NTdj
YzRlZmI0ZjAzYzg2N2M2Y2I4NjNkMjg0MjExODE0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyyw7HGrEYKqkapRnbPfRKqXsqT7oUlCavaKVunL0ZmhlH
nDC50oLxCsIv0C8QpARH+ftRBrs7qbv92JKAOYOM6zsirjgwndjwxk7Maj+zUZ+l
L1sw1zU7qiiGfsb9WiovYkIlHfR859qXKhLCAke9T/8zPc8E6+rPQo74RfTKeG4P
XrfbfHUoCUzi5EQpPnSss8wPF0Ho6AjWXcwRkIsIyGudvn7yAwEEQ3mI+b2RsFoW
61ltKU14BDDbmTSZcV7vUBXHRFxvPFmnGxfBX6P2uPgfj7EhApI6rcSPNGy1zZt5
BG256F7umNuTGYvaYtQb1QpKBW8b+Rasz5qyQy7nAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfOcyukrFcumQP4ZRJC7JZ92feqEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjOTEwNjFhLWVlODAtNGJhNy04N2Q1LWI2OGE3YjA4Y2M1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE0ADANBgkqhkiG9w0BAQsFAAOCAQEAirxDONUYmvpirSZAgxZxLb78VKRm
65y3PisUT7lxmI/Tl470P6qVZqJzD1leEBH3BUcWnJEVUu9R8DsX6rI15lSZt6Kh
eVA6twAv0Lcc5fqQJkYY73trS39SiWp+urnFb2PpXVDRZcvhTfbVw87DRHKuhXtN
2mo8ma3qxC//zb9VeIvSXhACDqjMPzVPJleQUfIKCjuMuvgQPIRREfvX9oZ4UIBM
f1QYSnFUwGCzNvp3aGGfUBNaZx73CpNvjvVK6JEhfHr+bJ0CevgrDoRHCn4AW6eY
pKPYaKnYdDpYdVI6po++MBBd8jrKTDvwRoTslCfQpE2bCJ1D7G7LhanX8g==
-----END CERTIFICATE-----