Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/449f6334-b651-4a8e-8dce-d87aafaf89ce.roa
File:                     449f6334-b651-4a8e-8dce-d87aafaf89ce.roa (raw, json)
Hash identifier:          g9n05uW4nrYUev6wosYFL43U8xF7pVuGSh+lawDQaX8=
Subject key identifier:   4B:1F:1A:1E:5F:0F:C6:CB:43:48:1A:85:AA:BF:E4:6D:DB:AE:52:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       160156CA08FA7234CD821E316E474935EF882C20
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/449f6334-b651-4a8e-8dce-d87aafaf89ce.roa
Signing time:             Fri 15 Nov 2024 00:00:00 +0000
ROA not before:           Fri 15 Nov 2024 00:00:00 +0000
ROA not after:            Fri 20 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:01:56:ca:08:fa:72:34:cd:82:1e:31:6e:47:49:35:ef:88:2c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov 15 00:00:00 2024 GMT
            Not After : Dec 20 23:59:59 2024 GMT
        Subject: serialNumber=6b9a28d2952c248d85426830339ac4799bb2758b8b8ff0c9f67c3eb927c1882b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fb:8d:1c:91:19:96:e1:66:0d:da:eb:ed:7e:
                    01:24:1e:b0:e6:db:6d:6f:39:0c:56:63:87:a9:54:
                    05:89:13:11:59:78:f1:10:3a:c9:b1:bd:a7:2f:7e:
                    97:e5:8e:1d:aa:2d:74:9b:d6:2c:3c:bf:70:97:d7:
                    ec:64:7b:87:b6:6a:7a:f9:54:63:8d:8e:ef:f2:94:
                    e2:70:37:65:ce:d3:bd:47:61:2a:a8:c7:e6:f3:cd:
                    04:0d:5a:3d:69:a4:be:0f:7c:20:8b:e4:9a:ff:bb:
                    e0:c8:d6:c4:0d:64:54:f0:be:a0:cc:fa:f9:39:52:
                    bc:b7:3a:1f:b2:31:83:b9:b4:0c:0a:d5:a4:03:19:
                    a7:18:79:6a:19:3e:1e:a9:b4:2c:24:89:64:87:71:
                    85:ed:72:ef:86:41:82:21:4d:bb:be:27:90:c3:97:
                    bc:4e:6e:12:ea:c0:da:84:78:3e:ed:f4:69:a8:b2:
                    71:39:b8:65:72:36:4a:94:11:8e:00:90:10:c4:85:
                    e7:14:bb:b4:e8:bd:1c:9a:3d:67:31:8a:cc:74:be:
                    13:05:85:1c:32:b2:47:d2:4b:db:ce:87:af:b4:88:
                    77:33:9f:f0:6b:7f:3e:77:eb:b2:61:27:60:af:b3:
                    8c:bc:ae:84:d8:89:24:92:6d:cf:2a:df:60:35:f8:
                    3b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:1F:1A:1E:5F:0F:C6:CB:43:48:1A:85:AA:BF:E4:6D:DB:AE:52:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/449f6334-b651-4a8e-8dce-d87aafaf89ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:67:01:dc:84:9b:86:86:ea:b0:66:97:1a:15:5a:30:a4:73:
         c7:dc:2e:10:a0:41:46:83:0e:b1:b2:62:26:bb:d8:e4:3c:03:
         9c:43:8c:8d:f7:ab:07:44:89:52:16:87:21:75:2e:04:9d:d9:
         6f:6a:2a:63:64:3d:71:48:87:c2:9d:ca:5b:61:ad:63:25:35:
         62:22:8b:5d:0c:6e:51:89:46:0b:0d:13:01:04:96:e1:11:2d:
         b5:02:62:a2:00:1f:e5:e6:fd:70:47:4b:e0:e6:e3:f2:b9:d1:
         a9:68:14:b5:99:d9:59:5e:86:89:22:5f:77:87:a7:2e:c7:6d:
         2b:88:48:f6:b8:59:70:6c:27:8d:57:bc:2a:41:61:47:34:77:
         82:ff:2a:80:de:ba:40:68:3d:24:0b:76:d4:4c:1d:92:8d:79:
         e0:f7:fc:7f:f3:14:d5:53:8f:61:2d:b2:4b:cb:9a:d7:dc:5b:
         f5:5f:bb:57:0a:0f:87:04:fe:e7:37:09:8c:95:32:b7:cd:e6:
         af:d5:65:51:33:c5:b0:44:14:2f:f2:50:e2:db:9a:c5:76:81:
         f5:9a:7b:fd:53:fb:a7:89:48:0e:34:71:08:27:75:59:de:43:
         95:0f:0d:d8:63:61:72:af:6e:d0:39:3e:3a:6d:ba:d9:8b:2d:
         e5:98:95:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFgFWygj6cjTNgh4xbkdJNe+ILCAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMTE1MDAwMDAwWhcNMjQxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YjlhMjhkMjk1MmMyNDhkODU0MjY4MzAzMzlhYzQ3OTli
YjI3NThiOGI4ZmYwYzlmNjdjM2ViOTI3YzE4ODJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm+40ckRmW4WYN2uvtfgEkHrDm221vOQxWY4epVAWJExFZ
ePEQOsmxvacvfpfljh2qLXSb1iw8v3CX1+xke4e2anr5VGONju/ylOJwN2XO071H
YSqox+bzzQQNWj1ppL4PfCCL5Jr/u+DI1sQNZFTwvqDM+vk5Ury3Oh+yMYO5tAwK
1aQDGacYeWoZPh6ptCwkiWSHcYXtcu+GQYIhTbu+J5DDl7xObhLqwNqEeD7t9Gmo
snE5uGVyNkqUEY4AkBDEhecUu7TovRyaPWcxisx0vhMFhRwyskfSS9vOh6+0iHcz
n/Brfz5367JhJ2Cvs4y8roTYiSSSbc8q32A1+DvTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSx8aHl8PxstDSBqFqr/kbduuUsUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ0OWY2MzM0LWI2NTEtNGE4ZS04ZGNlLWQ4N2FhZmFmODljZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3gMwDQYJKoZIhvcNAQELBQADggEBAARnAdyEm4aG6rBmlxoVWjCkc8fc
LhCgQUaDDrGyYia72OQ8A5xDjI33qwdEiVIWhyF1LgSd2W9qKmNkPXFIh8Kdylth
rWMlNWIii10MblGJRgsNEwEEluERLbUCYqIAH+Xm/XBHS+Dm4/K50aloFLWZ2Vle
hokiX3eHpy7HbSuISPa4WXBsJ41XvCpBYUc0d4L/KoDeukBoPSQLdtRMHZKNeeD3
/H/zFNVTj2EtskvLmtfcW/Vfu1cKD4cE/uc3CYyVMrfN5q/VZVEzxbBEFC/yUOLb
msV2gfWae/1T+6eJSA40cQgndVneQ5UPDdhjYXKvbtA5PjptutmLLeWYlRs=
-----END CERTIFICATE-----