Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa
File:                     76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa (raw, json)
Hash identifier:          HnJfQaz21qbc+88ExVZLusBvfPuogVrGo7Q6cgBynCA=
Subject key identifier:   E7:E9:30:81:7E:16:48:46:AD:C2:48:75:22:68:A9:A4:59:2C:4B:97
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       257E48743B562742A6C2D43BB7C5379FDA1CCB08
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa
Signing time:             Fri 07 Mar 2025 00:32:06 +0000
ROA not before:           Fri 07 Mar 2025 00:32:06 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        47.10.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 19 Mar 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:7e:48:74:3b:56:27:42:a6:c2:d4:3b:b7:c5:37:9f:da:1c:cb:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  7 00:32:06 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:93:44:72:3a:51:da:b9:b4:42:fe:af:da:86:
                    ad:c6:91:a5:65:b1:85:6e:15:27:21:23:d0:bc:4d:
                    70:5b:50:0c:d5:93:ea:92:01:58:d9:d1:6d:e9:c0:
                    35:c1:0f:f9:19:b0:cd:ca:00:87:1c:04:30:c1:5f:
                    c5:0d:3c:9f:1b:60:f1:40:b9:31:b2:43:2e:d2:72:
                    3b:55:98:87:c9:5f:9c:24:a3:ef:18:52:9d:61:1c:
                    f6:bc:2b:cd:81:e2:b0:c7:2e:d3:e6:86:1d:b7:bc:
                    bc:8e:89:ee:2b:4c:d8:be:69:4d:ec:5f:17:30:5f:
                    43:33:66:58:fe:9b:c7:9a:33:64:61:db:14:a2:55:
                    e6:1a:f5:09:78:10:d1:e5:39:71:fb:4e:c8:09:34:
                    b1:3e:2a:c8:c0:54:b7:b7:99:51:11:bc:39:46:96:
                    40:2f:a9:a3:7a:21:21:06:cb:c8:de:cd:eb:11:9f:
                    e4:10:1e:1c:6a:d5:1b:68:15:66:ad:74:34:e2:bc:
                    6b:5a:57:52:7a:17:55:d9:b8:bd:13:2a:db:ff:03:
                    f1:74:f9:da:f6:8a:e2:2c:c4:a3:43:57:bb:f8:fc:
                    da:d1:1b:98:88:fd:2e:a0:e4:4d:cd:1f:7e:0e:4d:
                    79:c1:1c:4c:91:fa:e2:cc:4a:55:c9:36:28:70:86:
                    07:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E9:30:81:7E:16:48:46:AD:C2:48:75:22:68:A9:A4:59:2C:4B:97
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76eb2277-b182-4cd2-a4b2-ef65da2565a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  47.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3e:3b:b0:67:37:09:e9:19:4b:5e:60:75:26:4e:5a:70:b5:fd:
         4e:de:69:ac:50:d3:14:d3:c1:18:6f:95:8f:13:c4:e6:98:7a:
         32:20:40:de:23:a9:89:df:47:27:49:69:d3:e8:74:11:8c:2b:
         1c:4f:d6:d6:fe:91:b5:c6:96:00:50:25:3a:5b:1b:5b:a2:d1:
         fe:b4:18:37:80:48:ef:7c:c6:a1:99:95:33:33:33:1a:d1:db:
         c6:75:ee:0b:72:76:45:f0:3d:2b:9d:d8:16:01:39:c5:5b:53:
         49:df:18:af:7b:82:70:85:30:c9:b1:7c:81:ec:78:a3:2e:ef:
         ec:61:f1:c2:30:fc:a7:36:91:48:cc:6d:25:d1:db:22:8e:e0:
         28:09:4e:90:25:d3:8a:34:9d:d5:22:51:77:ef:33:a1:95:1e:
         9c:74:31:93:b1:5f:fe:89:df:6c:39:ff:06:f7:f0:33:b2:4a:
         76:98:2e:35:4a:5b:77:72:55:a9:f1:68:3d:7b:43:61:b7:51:
         f9:fa:90:8d:40:69:88:15:4a:23:a5:b9:10:1d:79:3e:97:40:
         76:2c:98:d0:fd:50:39:0e:ac:88:72:cb:d2:3a:7b:c5:08:b1:
         da:88:57:4f:da:8f:dc:6f:f9:21:65:94:74:b6:16:9f:3c:34:
         f5:92:0b:21
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJX5IdDtWJ0KmwtQ7t8U3n9ocywgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA3MDAzMjA2WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzkzMTI5ZTQwODgzNmRlNjE1MWI3OTNiMzU2MjQwZDNl
M2FkNGNlMDNkOTk5M2YyZmRjNzQyZmNmNjNlY2E0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCk0RyOlHaubRC/q/ahq3GkaVlsYVuFSchI9C8TXBbUAzV
k+qSAVjZ0W3pwDXBD/kZsM3KAIccBDDBX8UNPJ8bYPFAuTGyQy7ScjtVmIfJX5wk
o+8YUp1hHPa8K82B4rDHLtPmhh23vLyOie4rTNi+aU3sXxcwX0MzZlj+m8eaM2Rh
2xSiVeYa9Ql4ENHlOXH7TsgJNLE+KsjAVLe3mVERvDlGlkAvqaN6ISEGy8jezesR
n+QQHhxq1RtoFWatdDTivGtaV1J6F1XZuL0TKtv/A/F0+dr2iuIsxKNDV7v4/NrR
G5iI/S6g5E3NH34OTXnBHEyR+uLMSlXJNihwhgfdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5+kwgX4WSEatwkh1ImippFksS5cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2ZWIyMjc3LWIxODItNGNkMi1hNGIyLWVmNjVkYTI1NjVhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAvCjANBgkqhkiG9w0BAQsFAAOCAQEAPjuwZzcJ6RlLXmB1Jk5acLX9Tt5p
rFDTFNPBGG+VjxPE5ph6MiBA3iOpid9HJ0lp0+h0EYwrHE/W1v6RtcaWAFAlOlsb
W6LR/rQYN4BI73zGoZmVMzMzGtHbxnXuC3J2RfA9K53YFgE5xVtTSd8Yr3uCcIUw
ybF8gex4oy7v7GHxwjD8pzaRSMxtJdHbIo7gKAlOkCXTijSd1SJRd+8zoZUenHQx
k7Ff/onfbDn/BvfwM7JKdpguNUpbd3JVqfFoPXtDYbdR+fqQjUBpiBVKI6W5EB15
PpdAdiyY0P1QOQ6siHLL0jp7xQix2ohXT9qP3G/5IWWUdLYWnzw09ZILIQ==
-----END CERTIFICATE-----