Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5188dfca-931c-4ccc-b163-71c13508556d.roa
File:                     5188dfca-931c-4ccc-b163-71c13508556d.roa (raw, json)
Hash identifier:          0Ti/mHJcqc17Zn6poI5+u/I/WBQwNpQLsUxpwSTki2E=
Subject key identifier:   B5:A5:6F:15:20:72:60:AE:1A:F3:8E:9E:52:32:A3:2A:0F:05:3F:F0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F9A1AA62F216C32365C0534A6A58C72B123740C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5188dfca-931c-4ccc-b163-71c13508556d.roa
Signing time:             Tue 02 Apr 2024 00:00:00 +0000
ROA not before:           Tue 02 Apr 2024 00:00:00 +0000
ROA not after:            Tue 07 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 19 Apr 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:9a:1a:a6:2f:21:6c:32:36:5c:05:34:a6:a5:8c:72:b1:23:74:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  2 00:00:00 2024 GMT
            Not After : May  7 23:59:59 2024 GMT
        Subject: serialNumber=a0f55aa97d17153e6e775e90f872066f3b7083c9060ae11c0ddb3224f3410753, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4f:f5:cd:9d:c5:7f:a3:ac:8a:87:a1:57:82:
                    99:57:ef:c1:0f:50:af:c9:af:03:69:de:1d:88:47:
                    37:3c:b4:74:49:4c:0e:62:49:8b:3c:15:cd:86:5b:
                    1a:53:6c:a7:88:9e:3d:3c:a8:72:ef:78:68:02:bf:
                    9b:fa:2f:de:cd:e3:d7:c3:33:15:91:05:2c:71:91:
                    e8:dd:93:cf:e3:6f:eb:7c:a1:24:57:64:eb:ee:ed:
                    75:ec:4a:e4:ca:cb:e7:4c:91:7f:76:70:44:b4:6b:
                    9e:ff:0e:c6:3c:ef:fd:68:eb:f0:aa:ba:0c:3f:75:
                    c9:7a:71:70:60:85:12:5b:74:c0:68:65:7e:8c:68:
                    5f:c8:a3:f6:73:3f:a3:b8:e2:6a:4c:01:61:fe:71:
                    5e:a8:8a:20:ce:8b:c2:6a:69:c0:5c:ab:82:59:e0:
                    e7:b6:bd:da:6a:ea:6a:9a:0f:a8:2b:dc:16:13:e7:
                    cf:29:fa:bc:9e:02:08:75:9e:09:26:79:0d:85:fb:
                    b8:e1:52:75:a4:e0:11:fd:e9:f2:b5:67:c1:a6:8d:
                    b4:4d:62:9c:8c:f9:d1:d5:dd:e4:3f:6a:d0:03:40:
                    ff:7c:58:b8:d7:0e:51:6e:30:54:29:56:c1:79:25:
                    ea:98:94:5f:ac:8b:05:58:68:0f:c1:60:fe:29:85:
                    29:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A5:6F:15:20:72:60:AE:1A:F3:8E:9E:52:32:A3:2A:0F:05:3F:F0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5188dfca-931c-4ccc-b163-71c13508556d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:6a:5d:c0:ed:53:12:f8:49:a8:54:0f:e2:1e:0c:7a:ce:74:
         02:51:fa:22:5b:22:d7:6d:46:0a:c1:7e:c6:be:f2:03:12:63:
         24:8c:ee:4c:32:09:b8:ad:cc:ce:2b:3c:89:c8:2e:6d:2a:92:
         e0:a5:72:22:32:88:f6:8e:f1:8f:08:0d:d4:ba:1e:c5:95:5f:
         40:87:d2:2e:02:0c:c6:f1:79:9c:19:e8:3e:1a:44:d9:12:48:
         4b:52:2d:88:dc:8a:9a:8e:b3:5d:b4:93:1b:a6:51:e7:83:65:
         7c:f0:3f:62:ad:f2:64:f5:91:95:5b:be:55:29:8f:42:3f:7d:
         3f:de:8e:e9:74:a3:6d:04:85:1c:c9:19:f8:df:a3:ce:9a:7d:
         37:d0:2b:75:7d:38:2b:23:c7:d3:2e:4e:f7:b3:82:95:ba:ff:
         8d:33:4d:6e:5e:e6:75:bb:18:cb:67:9e:48:e0:c7:4e:2c:b2:
         03:5a:3c:c1:0f:21:32:44:16:75:a8:91:18:83:0f:af:5d:45:
         23:75:23:cf:15:14:52:e2:16:47:da:24:b8:d3:65:57:98:5e:
         8d:57:5c:1f:74:2b:d8:bd:33:d2:8e:ff:7c:e3:3e:35:90:7b:
         70:c6:2b:f7:12:1c:96:23:02:49:66:3b:d3:90:48:b7:c5:62:
         22:12:f8:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD5oapi8hbDI2XAU0pqWMcrEjdAwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDAyMDAwMDAwWhcNMjQwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGY1NWFhOTdkMTcxNTNlNmU3NzVlOTBmODcyMDY2ZjNi
NzA4M2M5MDYwYWUxMWMwZGRiMzIyNGYzNDEwNzUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQT/XNncV/o6yKh6FXgplX78EPUK/JrwNp3h2IRzc8tHRJ
TA5iSYs8Fc2GWxpTbKeInj08qHLveGgCv5v6L97N49fDMxWRBSxxkejdk8/jb+t8
oSRXZOvu7XXsSuTKy+dMkX92cES0a57/DsY87/1o6/Cqugw/dcl6cXBghRJbdMBo
ZX6MaF/Io/ZzP6O44mpMAWH+cV6oiiDOi8JqacBcq4JZ4Oe2vdpq6mqaD6gr3BYT
588p+ryeAgh1ngkmeQ2F+7jhUnWk4BH96fK1Z8GmjbRNYpyM+dHV3eQ/atADQP98
WLjXDlFuMFQpVsF5JeqYlF+siwVYaA/BYP4phSnpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtaVvFSByYK4a846eUjKjKg8FP/AwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUxODhkZmNhLTkzMWMtNGNjYy1iMTYzLTcxYzEzNTA4NTU2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3nIwDQYJKoZIhvcNAQELBQADggEBAFJqXcDtUxL4SahUD+IeDHrOdAJR
+iJbItdtRgrBfsa+8gMSYySM7kwyCbitzM4rPInILm0qkuClciIyiPaO8Y8IDdS6
HsWVX0CH0i4CDMbxeZwZ6D4aRNkSSEtSLYjcipqOs120kxumUeeDZXzwP2Kt8mT1
kZVbvlUpj0I/fT/ejul0o20EhRzJGfjfo86afTfQK3V9OCsjx9MuTvezgpW6/40z
TW5e5nW7GMtnnkjgx04ssgNaPMEPITJEFnWokRiDD69dRSN1I88VFFLiFkfaJLjT
ZVeYXo1XXB90K9i9M9KO/3zjPjWQe3DGK/cSHJYjAklmO9OQSLfFYiIS+MQ=
-----END CERTIFICATE-----