Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ae6e6f6-6a5b-4027-9524-5bedd41e0a69.roa
File:                     3ae6e6f6-6a5b-4027-9524-5bedd41e0a69.roa (raw, json)
Hash identifier:          +KctQz0faruS8bsepu6py0dAuknbfheqgLZ+Pxg/jP0=
Subject key identifier:   3E:99:C5:8D:CF:65:CB:4C:9D:FA:FF:DA:C5:35:E2:A7:0D:CB:10:67
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       24CD68E1B0D3368C17594847754D20439EB6B205
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ae6e6f6-6a5b-4027-9524-5bedd41e0a69.roa
Signing time:             Tue 25 Feb 2025 00:30:14 +0000
ROA not before:           Tue 25 Feb 2025 00:30:14 +0000
ROA not after:            Tue 01 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.177.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:cd:68:e1:b0:d3:36:8c:17:59:48:47:75:4d:20:43:9e:b6:b2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 25 00:30:14 2025 GMT
            Not After : Apr  1 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:68:35:06:d6:7a:a3:13:3a:73:d7:6c:9b:e2:
                    62:8a:18:9a:16:b1:d2:a9:1b:72:d2:8a:3a:f1:e6:
                    f2:40:10:1c:74:f7:31:14:b8:f6:ef:b1:75:22:d0:
                    96:ae:d9:e1:31:9a:fe:a9:32:0e:a5:b6:f2:50:10:
                    0a:9a:41:34:ff:ad:f6:17:63:49:6e:ec:2b:1f:0f:
                    ea:0c:b6:56:2c:66:47:c4:fb:7e:61:1b:8a:06:fc:
                    f2:9e:13:70:8e:0e:5f:29:c8:2b:d0:b1:5f:69:c4:
                    e0:07:7f:c2:5b:71:04:1b:8e:0d:45:34:32:08:55:
                    e4:1b:c9:c6:ba:55:df:b7:ec:72:c8:6e:f3:5f:81:
                    49:a0:62:8a:97:68:a3:ac:8e:98:19:95:3d:67:00:
                    a8:a3:12:35:a5:11:55:1e:09:65:d0:0a:43:1c:06:
                    db:0f:f2:6f:50:7a:0c:80:b8:c2:a4:d2:a0:84:23:
                    6c:49:18:11:53:d3:5e:d2:49:9a:16:23:2a:75:43:
                    0f:28:a1:3e:7c:fe:0c:59:ea:2f:5d:f4:74:48:08:
                    73:2c:db:1e:83:ee:ca:51:e6:fa:a4:11:ac:bf:25:
                    de:dc:84:4f:69:57:19:c7:e1:26:8d:e1:12:b6:d3:
                    61:5c:f2:c2:be:5e:d6:fb:67:e3:85:c6:c0:25:af:
                    80:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:99:C5:8D:CF:65:CB:4C:9D:FA:FF:DA:C5:35:E2:A7:0D:CB:10:67
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ae6e6f6-6a5b-4027-9524-5bedd41e0a69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:31:eb:ce:da:f8:fa:9f:a5:45:53:f9:81:d9:86:0b:9d:d2:
         1a:10:f0:98:c5:58:28:ce:42:6e:a3:34:86:96:94:d0:63:66:
         84:83:74:9a:2e:b7:93:9b:2d:b9:14:c3:1f:14:be:84:3c:23:
         3a:17:ed:15:31:03:70:b7:3a:ba:ac:51:e4:d8:e6:e8:9e:2f:
         66:79:c8:39:56:00:f0:0c:27:34:de:00:c6:f2:c4:2b:59:27:
         99:c5:fe:0f:31:b4:d5:9e:d6:ec:7c:1d:64:cc:23:56:22:e9:
         dd:ea:ca:0d:5d:6d:0b:30:c9:8d:10:70:16:28:38:74:fe:47:
         2f:c6:f9:0d:dc:77:c1:6b:36:82:5d:9b:2d:0e:5d:f7:cb:34:
         c7:0a:d8:ba:cc:95:16:c6:6f:ea:21:60:3c:c5:19:ac:2e:9c:
         a2:51:9d:35:de:9b:4c:f7:33:ee:b8:76:65:0f:88:9a:85:05:
         72:22:4b:ed:81:48:ee:57:47:cc:50:54:ea:73:16:da:d2:94:
         30:0f:40:3d:c0:ed:0f:d7:a7:e8:d8:0d:cb:7a:6d:ec:65:9c:
         e3:a4:86:a4:33:d8:f6:86:54:d7:26:a7:56:d1:1c:cb:38:a9:
         f6:b4:43:e1:32:47:f2:50:7e:52:99:d1:5d:b2:3c:ed:59:4e:
         fd:19:2e:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJM1o4bDTNowXWUhHdU0gQ562sgUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjI1MDAzMDE0WhcNMjUwNDAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWFiNmE0MzlhZjgxMTkzZTY5MTRlZWQwMTkyZWU4ZTY0
OGNjOTRkYzQ1YzYzZjk3NzJmOTFjZDc4MDI2YTE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzaDUG1nqjEzpz12yb4mKKGJoWsdKpG3LSijrx5vJAEBx0
9zEUuPbvsXUi0Jau2eExmv6pMg6ltvJQEAqaQTT/rfYXY0lu7CsfD+oMtlYsZkfE
+35hG4oG/PKeE3CODl8pyCvQsV9pxOAHf8JbcQQbjg1FNDIIVeQbyca6Vd+37HLI
bvNfgUmgYoqXaKOsjpgZlT1nAKijEjWlEVUeCWXQCkMcBtsP8m9QegyAuMKk0qCE
I2xJGBFT017SSZoWIyp1Qw8ooT58/gxZ6i9d9HRICHMs2x6D7spR5vqkEay/Jd7c
hE9pVxnH4SaN4RK202Fc8sK+Xtb7Z+OFxsAlr4CDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPpnFjc9ly0yd+v/axTXipw3LEGcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhZTZlNmY2LTZhNWItNDAyNy05NTI0LTViZWRkNDFlMGE2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPsVAwDQYJKoZIhvcNAQELBQADggEBAF0x687a+PqfpUVT+YHZhgud0hoQ
8JjFWCjOQm6jNIaWlNBjZoSDdJout5ObLbkUwx8UvoQ8IzoX7RUxA3C3OrqsUeTY
5uieL2Z5yDlWAPAMJzTeAMbyxCtZJ5nF/g8xtNWe1ux8HWTMI1Yi6d3qyg1dbQsw
yY0QcBYoOHT+Ry/G+Q3cd8FrNoJdmy0OXffLNMcK2LrMlRbGb+ohYDzFGawunKJR
nTXem0z3M+64dmUPiJqFBXIiS+2BSO5XR8xQVOpzFtrSlDAPQD3A7Q/Xp+jYDct6
bexlnOOkhqQz2PaGVNcmp1bRHMs4qfa0Q+EyR/JQflKZ0V2yPO1ZTv0ZLpA=
-----END CERTIFICATE-----