Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa
File:                     b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa (raw, json)
Hash identifier:          3882zACST0/9iorcqWvT53I1G5+UBi4SrdoB94SG48g=
Subject key identifier:   76:B3:48:01:64:38:68:92:F5:38:D4:CC:7E:1C:40:A5:5E:36:73:B2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       66F469401330A41D123F68C2DE9E35322C70ED28
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa
Signing time:             Wed 16 Apr 2025 00:40:27 +0000
ROA not before:           Wed 16 Apr 2025 00:40:27 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        3.2.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:f4:69:40:13:30:a4:1d:12:3f:68:c2:de:9e:35:32:2c:70:ed:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 16 00:40:27 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=f9f78bab0749cc82c026da4f3becd222f247f9a82655a57392cd4c3f77ed190f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3d:18:a2:02:f3:69:54:6d:c7:2b:c3:69:53:
                    3d:8f:d0:0f:81:3f:13:2d:7a:96:bf:3f:c2:56:85:
                    36:83:28:33:39:c4:20:ee:8d:7c:75:5a:58:1b:5d:
                    bd:77:fa:64:20:a5:86:74:c3:fe:cb:a2:c2:17:08:
                    35:3b:97:fb:ca:ac:67:92:51:70:c5:90:f8:2d:12:
                    50:23:57:cd:c4:d3:fd:3f:df:a9:05:aa:2d:af:42:
                    60:d2:89:f9:42:3f:ae:3f:01:40:34:b4:44:b3:af:
                    30:fc:ad:db:f8:89:1e:3a:fe:12:7a:9d:e3:6d:5d:
                    d1:2f:85:f7:0a:8e:60:8a:43:66:5b:42:72:19:5f:
                    70:84:d9:80:1c:8a:84:b4:e6:40:5e:3a:47:80:cd:
                    43:b1:7c:63:f6:45:bd:2a:54:5e:35:6c:8c:70:ce:
                    7c:f9:c9:31:8d:cd:65:e7:4d:8f:e8:ce:b4:b9:6a:
                    a5:2b:7b:02:9e:54:b3:29:68:31:09:2f:37:58:20:
                    8e:47:f5:fa:0f:dc:5c:c0:d4:8c:5a:33:b2:dd:99:
                    d2:15:4e:a6:2a:c2:05:12:64:e4:c0:4e:e5:34:96:
                    39:43:de:0c:f1:16:93:14:08:52:fc:3e:15:03:68:
                    97:ba:15:7a:9b:f5:78:6f:40:89:4d:0b:07:1a:23:
                    60:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:B3:48:01:64:38:68:92:F5:38:D4:CC:7E:1C:40:A5:5E:36:73:B2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:a7:da:8a:cd:ec:78:73:c3:df:27:8e:00:79:73:a4:3f:dc:
         1d:33:9b:8a:5d:ba:97:4a:b1:9b:01:e2:9d:33:af:14:61:45:
         42:2f:c6:e4:0d:ff:b6:fd:a6:f7:40:c9:07:5c:5c:52:53:0f:
         f0:5a:39:94:a0:97:ef:dd:42:9f:a3:52:3d:0b:41:df:92:9a:
         f1:4c:54:3f:ed:f7:00:bf:55:9d:e9:cc:9f:35:03:4d:de:d9:
         2e:b2:80:59:b1:54:0a:00:e6:8d:30:45:82:43:21:fa:3b:02:
         38:bb:23:83:3b:1a:4e:32:10:9e:a1:8d:7b:1c:3b:2f:d0:e7:
         6f:1f:e0:65:7c:19:ea:a7:4e:08:a0:fd:1b:ec:7e:5f:77:83:
         45:dd:8e:2c:59:b1:e1:7e:ea:c6:1c:61:52:f6:bf:87:3b:41:
         12:6e:ad:5d:67:62:3d:88:0e:42:d4:28:e8:5f:78:bf:83:d9:
         b8:af:06:3a:ce:28:fa:d8:90:5a:5c:9b:34:c0:1b:1f:f8:64:
         5b:1b:90:6b:58:31:5f:27:0e:2a:85:c1:cb:60:bd:c6:38:54:
         7c:8a:94:d1:dc:1d:32:cb:0b:cd:3a:f2:dd:2d:c1:f4:ad:86:
         3a:c7:b6:28:00:65:11:11:4d:ad:6c:b9:5e:9e:55:0c:0c:70:
         f9:aa:73:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZvRpQBMwpB0SP2jC3p41Mixw7SgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE2MDA0MDI3WhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOWY3OGJhYjA3NDljYzgyYzAyNmRhNGYzYmVjZDIyMmYy
NDdmOWE4MjY1NWE1NzM5MmNkNGMzZjc3ZWQxOTBmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBPRiiAvNpVG3HK8NpUz2P0A+BPxMtepa/P8JWhTaDKDM5
xCDujXx1WlgbXb13+mQgpYZ0w/7LosIXCDU7l/vKrGeSUXDFkPgtElAjV83E0/0/
36kFqi2vQmDSiflCP64/AUA0tESzrzD8rdv4iR46/hJ6neNtXdEvhfcKjmCKQ2Zb
QnIZX3CE2YAcioS05kBeOkeAzUOxfGP2Rb0qVF41bIxwznz5yTGNzWXnTY/ozrS5
aqUrewKeVLMpaDEJLzdYII5H9foP3FzA1IxaM7LdmdIVTqYqwgUSZOTATuU0ljlD
3gzxFpMUCFL8PhUDaJe6FXqb9XhvQIlNCwcaI2DZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdrNIAWQ4aJL1ONTMfhxApV42c7IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IxZDVjYTdkLTQ1NGEtNGJmNS1iYmU5LTFlOGU3MzFhNzlhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAhgwDQYJKoZIhvcNAQELBQADggEBAIen2orN7Hhzw98njgB5c6Q/3B0z
m4pdupdKsZsB4p0zrxRhRUIvxuQN/7b9pvdAyQdcXFJTD/BaOZSgl+/dQp+jUj0L
Qd+SmvFMVD/t9wC/VZ3pzJ81A03e2S6ygFmxVAoA5o0wRYJDIfo7Aji7I4M7Gk4y
EJ6hjXscOy/Q528f4GV8GeqnTgig/Rvsfl93g0XdjixZseF+6sYcYVL2v4c7QRJu
rV1nYj2IDkLUKOhfeL+D2bivBjrOKPrYkFpcmzTAGx/4ZFsbkGtYMV8nDiqFwctg
vcY4VHyKlNHcHTLLC8068t0twfSthjrHtigAZRERTa1suV6eVQwMcPmqc4Q=
-----END CERTIFICATE-----