Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b92732f-9dc6-4614-84c0-7256b3a5bb71.roa
File:                     9b92732f-9dc6-4614-84c0-7256b3a5bb71.roa (raw, json)
Hash identifier:          Jy9b7JqtvC3NXmZcwQX/ON7d4fHe1ya2ydJoEKp3Czk=
Subject key identifier:   16:38:66:FC:AA:E8:0A:61:E9:C2:3D:C0:3D:DC:7E:B9:F8:79:56:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       37B1E50100D7FF8E9A2B952D3DD01232FB220E00
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b92732f-9dc6-4614-84c0-7256b3a5bb71.roa
Signing time:             Tue 04 Mar 2025 18:40:14 +0000
ROA not before:           Tue 04 Mar 2025 18:40:14 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.181.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:b1:e5:01:00:d7:ff:8e:9a:2b:95:2d:3d:d0:12:32:fb:22:0e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  4 18:40:14 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ec:bb:b7:06:63:dc:d7:9b:4a:b1:25:19:78:
                    dd:34:d2:89:09:b5:80:a7:fb:3f:58:f1:d4:70:d8:
                    23:7f:8d:61:89:2c:c5:d7:17:c1:45:c0:05:3f:e4:
                    87:22:3b:1f:82:e7:a8:b6:8e:68:13:93:a8:2c:27:
                    82:4a:ee:33:c5:dc:09:47:99:d8:cc:4c:18:90:c1:
                    8c:ca:c7:4d:e8:aa:08:fd:f4:dd:83:ec:d5:d5:b7:
                    d1:48:2a:d3:d5:2f:d8:cb:98:71:21:91:30:c5:d0:
                    c1:c0:59:2e:48:a4:03:a9:eb:ca:b3:5e:c7:c3:f4:
                    03:73:9a:f5:09:de:fd:8e:c8:db:f3:21:94:33:bb:
                    77:e3:f5:49:51:db:ef:c4:04:cd:83:de:04:ff:10:
                    cc:3a:d8:76:b9:47:70:81:32:30:ea:63:e1:ca:f9:
                    9f:8f:5f:e3:e9:39:0f:06:12:58:49:ff:56:48:36:
                    4c:99:12:99:e7:e7:9d:cb:e0:ff:2c:5f:f0:8b:e2:
                    61:3e:51:23:ab:b8:e6:07:36:32:f8:1d:2c:28:42:
                    da:35:6e:88:53:fb:a9:90:fa:1f:8c:7d:8a:0b:5b:
                    89:ba:80:b9:bc:a3:d0:c5:54:a4:72:1f:26:89:50:
                    c5:19:05:04:f9:de:c8:36:c3:8d:98:3f:27:1c:ae:
                    fa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:38:66:FC:AA:E8:0A:61:E9:C2:3D:C0:3D:DC:7E:B9:F8:79:56:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b92732f-9dc6-4614-84c0-7256b3a5bb71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.181.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:05:8e:6b:d8:74:06:c3:77:75:7b:de:4a:65:13:af:82:30:
         9e:f5:9a:95:3e:8d:07:a4:fc:e7:e5:bf:69:9d:9f:15:8c:1b:
         15:49:af:ad:7d:a7:36:c5:78:7d:c4:53:17:9e:fd:a6:6d:f7:
         fd:fa:8b:f1:4d:ae:bc:39:5d:c5:40:bc:c1:81:7d:5c:04:24:
         72:fc:25:4f:15:39:33:1e:a2:37:c1:94:8f:11:b4:87:dc:1a:
         de:ef:28:f9:bd:2c:2b:83:36:c8:20:3c:e3:14:9d:52:a7:e2:
         56:5b:1a:49:b3:68:c7:60:e5:d2:56:49:75:2c:05:97:bf:82:
         ff:8d:05:77:35:1b:5e:45:67:c1:f8:a7:8a:b5:fc:ab:5d:fa:
         ca:fb:24:63:3f:30:34:1e:fa:b7:eb:bf:21:78:29:02:9c:23:
         20:4f:b2:84:0c:8d:67:0a:27:e8:f2:c4:6a:f6:87:00:3d:02:
         e1:72:63:8d:d8:93:df:20:07:f2:80:cb:cb:99:6c:51:bc:d6:
         0e:19:b5:1e:75:0e:f3:da:d6:7a:c5:f3:3e:20:10:bf:a8:a1:
         6f:e7:64:2b:17:6b:7b:5c:61:08:a8:99:9e:de:04:cc:aa:47:
         df:3c:54:b4:68:4c:84:b3:93:c5:54:e8:94:4b:b0:06:c6:c1:
         aa:e0:fb:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN7HlAQDX/46aK5UtPdASMvsiDgAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA0MTg0MDE0WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMWY0Yzk1MjA0MDgzYjgwODUzZjk5ZmMzZGI5MDk1MmU4
MzBiMTExY2U5NWVjNzhjNjRiNjI2NTcxZTBmNjc0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR7Lu3BmPc15tKsSUZeN000okJtYCn+z9Y8dRw2CN/jWGJ
LMXXF8FFwAU/5IciOx+C56i2jmgTk6gsJ4JK7jPF3AlHmdjMTBiQwYzKx03oqgj9
9N2D7NXVt9FIKtPVL9jLmHEhkTDF0MHAWS5IpAOp68qzXsfD9ANzmvUJ3v2OyNvz
IZQzu3fj9UlR2+/EBM2D3gT/EMw62Ha5R3CBMjDqY+HK+Z+PX+PpOQ8GElhJ/1ZI
NkyZEpnn553L4P8sX/CL4mE+USOruOYHNjL4HSwoQto1bohT+6mQ+h+MfYoLW4m6
gLm8o9DFVKRyHyaJUMUZBQT53sg2w42YPyccrvpzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFjhm/KroCmHpwj3APdx+ufh5Vh8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzliOTI3MzJmLTlkYzYtNDYxNC04NGMwLTcyNTZiM2E1YmI3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPtfswDQYJKoZIhvcNAQELBQADggEBALAFjmvYdAbDd3V73kplE6+CMJ71
mpU+jQek/Oflv2mdnxWMGxVJr619pzbFeH3EUxee/aZt9/36i/FNrrw5XcVAvMGB
fVwEJHL8JU8VOTMeojfBlI8RtIfcGt7vKPm9LCuDNsggPOMUnVKn4lZbGkmzaMdg
5dJWSXUsBZe/gv+NBXc1G15FZ8H4p4q1/Ktd+sr7JGM/MDQe+rfrvyF4KQKcIyBP
soQMjWcKJ+jyxGr2hwA9AuFyY43Yk98gB/KAy8uZbFG81g4ZtR51DvPa1nrF8z4g
EL+ooW/nZCsXa3tcYQiomZ7eBMyqR988VLRoTISzk8VU6JRLsAbGwarg+5E=
-----END CERTIFICATE-----