Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa
File:                     5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa (raw, json)
Hash identifier:          SJJdYeu0LjE79cXtS+7/jCypxzlngALNX/bdcyrePCM=
Subject key identifier:   70:5B:53:A8:0E:22:34:89:2B:CA:E1:59:4D:5F:2B:FA:88:A7:6C:7F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       15B24DD268EC2DBCE7AB09B8B64154C346C9A176
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.181.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:b2:4d:d2:68:ec:2d:bc:e7:ab:09:b8:b6:41:54:c3:46:c9:a1:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:d8:77:47:5c:5f:ec:12:8f:17:90:c1:42:bd:
                    8e:cf:62:1a:87:dc:55:6d:b5:24:22:3b:6a:3d:21:
                    e6:2e:d9:4f:e8:34:e4:8e:57:31:4f:2e:70:8d:04:
                    c4:09:ff:8f:b7:4b:81:89:b9:e4:15:81:b9:ee:63:
                    1e:2c:49:45:7f:fe:93:e9:8e:3d:df:4a:0c:5d:27:
                    4d:5f:3d:eb:6b:23:1a:d7:e7:33:90:93:34:4c:7f:
                    14:21:c1:e2:06:d0:50:0c:5e:14:c9:aa:44:82:90:
                    24:2a:08:e0:f0:dd:14:8f:56:d9:30:d8:6b:e2:85:
                    26:08:aa:9f:c9:fd:89:1c:57:4e:c8:00:bf:b8:a4:
                    e8:41:22:f1:56:13:67:57:73:ab:9c:9a:0b:97:c3:
                    42:69:81:8b:6c:da:af:76:ce:d4:7f:9e:fd:2a:e6:
                    d9:d9:c8:8d:6c:9e:76:9a:cd:51:a0:20:84:3f:12:
                    c3:82:67:17:dc:ff:c0:fc:bb:21:89:47:14:8d:df:
                    b5:66:6e:c5:fc:f7:b9:97:23:68:35:81:eb:be:f6:
                    b5:5f:76:dc:2c:71:2d:b8:d3:d0:10:9e:3e:1c:9c:
                    c6:84:04:f6:4c:eb:e1:8a:41:4a:6f:3c:70:60:94:
                    19:81:56:b9:85:6f:4b:2f:aa:da:3e:7c:33:19:ce:
                    6a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5B:53:A8:0E:22:34:89:2B:CA:E1:59:4D:5F:2B:FA:88:A7:6C:7F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.181.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:38:92:fd:de:95:88:be:76:8c:31:75:8c:46:20:72:5b:1f:
         55:89:2a:06:29:f5:31:cd:9c:48:8e:87:ee:fe:c9:4b:2b:75:
         fe:1f:9a:6d:cd:a4:2e:c6:92:a2:84:d9:f7:07:85:e5:ac:09:
         83:e0:db:da:d9:c0:d3:8a:8d:92:9c:67:35:0e:e4:1b:68:54:
         9d:42:a6:fe:f7:ee:f1:87:02:b7:1d:2a:ea:f7:b9:b7:ca:74:
         6f:b7:19:c8:68:7a:da:e5:2c:9f:af:50:88:38:7f:0b:cf:36:
         5c:64:6e:50:74:d9:3f:a3:0d:0d:ff:07:33:88:dc:f3:61:03:
         c3:3d:a2:c1:61:77:99:c3:58:00:ae:32:5c:c5:a5:b4:08:ea:
         c0:5b:65:7a:32:ba:0f:4e:61:97:10:14:b7:66:d8:f8:d1:fb:
         dc:a4:37:27:d7:66:c2:94:6e:3c:bc:d6:02:56:06:66:4d:83:
         e2:ef:ca:9a:77:08:c9:42:47:47:e7:3b:eb:4a:2d:0d:7a:a5:
         2a:bf:8c:c6:4f:21:3d:78:0a:c7:8b:3f:1d:f8:ca:0f:64:e0:
         8c:5e:50:fd:08:2c:b6:15:72:1c:25:de:f8:0f:b7:c5:b2:e8:
         2a:ee:5d:27:7f:53:4a:68:1e:0e:64:ab:78:83:f3:f1:16:07:
         f2:0f:1f:8f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFbJN0mjsLbznqwm4tkFUw0bJoXYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTViZGZkNTQzYmQzMjhkM2UzMzAzZmYzMTdlODk5MDlm
Yzk1ZGVkYTJiOWJkMGU4Zjc0N2NkYjlmODczNzY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD72HdHXF/sEo8XkMFCvY7PYhqH3FVttSQiO2o9IeYu2U/o
NOSOVzFPLnCNBMQJ/4+3S4GJueQVgbnuYx4sSUV//pPpjj3fSgxdJ01fPetrIxrX
5zOQkzRMfxQhweIG0FAMXhTJqkSCkCQqCODw3RSPVtkw2GvihSYIqp/J/YkcV07I
AL+4pOhBIvFWE2dXc6ucmguXw0JpgYts2q92ztR/nv0q5tnZyI1snnaazVGgIIQ/
EsOCZxfc/8D8uyGJRxSN37VmbsX897mXI2g1geu+9rVfdtwscS2409AQnj4cnMaE
BPZM6+GKQUpvPHBglBmBVrmFb0svqto+fDMZzmpjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcFtTqA4iNIkryuFZTV8r+oinbH8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVlOTY4OWJlLWQ4NmEtNGFkYS05YjMxLTYxMGRjZjM1ZWM0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCAtTANBgkqhkiG9w0BAQsFAAOCAQEAoDiS/d6ViL52jDF1jEYgclsfVYkq
Bin1Mc2cSI6H7v7JSyt1/h+abc2kLsaSooTZ9weF5awJg+Db2tnA04qNkpxnNQ7k
G2hUnUKm/vfu8YcCtx0q6ve5t8p0b7cZyGh62uUsn69QiDh/C882XGRuUHTZP6MN
Df8HM4jc82EDwz2iwWF3mcNYAK4yXMWltAjqwFtlejK6D05hlxAUt2bY+NH73KQ3
J9dmwpRuPLzWAlYGZk2D4u/KmncIyUJHR+c760otDXqlKr+Mxk8hPXgKx4s/HfjK
D2TgjF5Q/QgsthVyHCXe+A+3xbLoKu5dJ39TSmgeDmSreIPz8RYH8g8fjw==
-----END CERTIFICATE-----