Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa
File:                     b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa (raw, json)
Hash identifier:          rEyeGqxL4ceg0ysWnR6AyvIFczHmakMbZ5dJvkT04VI=
Subject key identifier:   1A:AD:FA:28:B5:5C:4F:E5:12:54:4D:46:9B:33:5C:D2:44:06:A7:95
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4DE967E47D6FF9DF4CCFEA0964C9B1B053A658D8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        3.2.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:e9:67:e4:7d:6f:f9:df:4c:cf:ea:09:64:c9:b1:b0:53:a6:58:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d2:b7:17:11:22:fe:4a:2d:c0:ba:a9:ee:14:
                    38:e9:69:cb:c7:e4:eb:28:c4:08:82:06:55:f8:17:
                    04:b8:1c:6f:02:00:73:ea:c3:63:cb:e1:0f:eb:10:
                    eb:38:ae:f3:13:9b:ab:48:c0:2f:73:63:e9:45:c0:
                    df:34:81:5a:08:ec:0e:36:58:6e:37:53:05:5f:2b:
                    10:c8:52:33:d4:a1:3a:7f:4a:98:04:ce:6b:86:fb:
                    84:b8:07:26:3d:15:fe:fe:f6:ac:04:a3:d7:eb:2f:
                    fc:d4:98:b1:35:f2:e1:a0:f6:26:9b:38:34:d7:20:
                    b1:81:f0:e4:2d:6e:81:3b:42:6c:54:e0:e5:a0:c1:
                    ca:40:22:b6:fb:93:4a:2f:01:56:5b:64:30:a4:02:
                    c7:f5:7c:0a:db:b2:d5:03:87:1e:dd:74:34:1c:66:
                    63:a6:98:a5:34:f8:30:22:05:fe:92:f6:1f:6a:cd:
                    d6:e0:44:a2:7f:c8:3a:80:c8:ad:23:9b:f3:33:45:
                    6b:7d:54:c2:9f:01:c5:1e:c2:10:56:a1:9e:a2:07:
                    7e:0d:4b:bc:43:f4:c8:d9:4d:05:ec:d7:a7:ba:58:
                    43:aa:1b:9a:0d:9c:82:e3:73:2a:98:2d:e1:74:bf:
                    4b:8e:45:c4:cf:ca:e9:6c:52:46:b8:79:c1:63:30:
                    69:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:AD:FA:28:B5:5C:4F:E5:12:54:4D:46:9B:33:5C:D2:44:06:A7:95
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1d5ca7d-454a-4bf5-bbe9-1e8e731a79a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:10:09:1b:18:9c:5f:4c:cf:d2:bb:e6:85:41:8d:bb:ae:e1:
         1e:6b:bf:c1:93:0b:58:94:bf:44:58:0b:7a:7d:1a:b8:71:8f:
         48:1f:5a:b2:30:32:62:8b:8a:5e:cb:24:f5:27:79:1e:95:34:
         20:0b:81:e7:aa:c2:55:0b:82:36:33:e9:c9:24:e9:d9:fd:90:
         93:3a:ee:05:9a:63:d6:5c:43:06:db:3d:1d:e9:fa:2f:1d:e1:
         74:d7:fc:1d:a6:c9:88:a3:41:6d:f1:ec:90:9b:ef:3c:6a:d4:
         64:ce:18:29:26:09:c8:08:0b:a9:fa:f5:34:d6:bb:74:31:0c:
         24:0f:cb:29:fe:b4:42:8f:8a:e8:06:09:f9:70:de:c0:d5:cc:
         62:7b:eb:a3:b8:8c:ea:30:eb:00:2b:77:ea:79:65:54:11:c3:
         db:03:34:98:44:e9:05:13:cc:cd:8e:7f:b9:69:51:2f:16:00:
         09:fc:43:99:13:72:3c:c3:52:ef:ed:dd:c0:f2:b6:76:ab:7d:
         e9:b4:fd:0e:e9:38:40:8b:b3:34:54:c6:6c:89:42:37:5a:36:
         09:1c:d2:e5:70:16:78:1b:1d:29:9c:cc:99:f5:c5:f0:b2:f1:
         6c:3f:45:34:e4:d7:ee:e6:11:c0:3c:95:64:83:51:51:e8:a5:
         3d:d6:ed:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTeln5H1v+d9Mz+oJZMmxsFOmWNgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzQ0YjkzZjBmNTc0OGUxNTkxYjJhMWU0NDk0NjlmMWIz
NGI1YWNmM2MxZWNjYzI0ZjU1ZjFiNTU2OGJmZDVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf0rcXESL+Si3AuqnuFDjpacvH5OsoxAiCBlX4FwS4HG8C
AHPqw2PL4Q/rEOs4rvMTm6tIwC9zY+lFwN80gVoI7A42WG43UwVfKxDIUjPUoTp/
SpgEzmuG+4S4ByY9Ff7+9qwEo9frL/zUmLE18uGg9iabODTXILGB8OQtboE7QmxU
4OWgwcpAIrb7k0ovAVZbZDCkAsf1fArbstUDhx7ddDQcZmOmmKU0+DAiBf6S9h9q
zdbgRKJ/yDqAyK0jm/MzRWt9VMKfAcUewhBWoZ6iB34NS7xD9MjZTQXs16e6WEOq
G5oNnILjcyqYLeF0v0uORcTPyulsUka4ecFjMGkxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGq36KLVcT+USVE1GmzNc0kQGp5UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IxZDVjYTdkLTQ1NGEtNGJmNS1iYmU5LTFlOGU3MzFhNzlhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAhgwDQYJKoZIhvcNAQELBQADggEBAHkQCRsYnF9Mz9K75oVBjbuu4R5r
v8GTC1iUv0RYC3p9Grhxj0gfWrIwMmKLil7LJPUneR6VNCALgeeqwlULgjYz6ckk
6dn9kJM67gWaY9ZcQwbbPR3p+i8d4XTX/B2myYijQW3x7JCb7zxq1GTOGCkmCcgI
C6n69TTWu3QxDCQPyyn+tEKPiugGCflw3sDVzGJ766O4jOow6wArd+p5ZVQRw9sD
NJhE6QUTzM2Of7lpUS8WAAn8Q5kTcjzDUu/t3cDytnarfem0/Q7pOECLszRUxmyJ
QjdaNgkc0uVwFngbHSmczJn1xfCy8Ww/RTTk1+7mEcA8lWSDUVHopT3W7Vo=
-----END CERTIFICATE-----