Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa
File:                     cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa (raw, json)
Hash identifier:          YwPA/Uhg8IKgTbi6Uoc5tOS9FcAbtc+hzpQr5BRjT3g=
Subject key identifier:   59:BF:4D:8F:AA:11:A1:9A:B9:10:1C:9C:C8:75:92:90:5B:7C:CD:74
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6DDCA3EDE3B983F3A9415955A7C3938362CB13D4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa
Signing time:             Tue 04 Mar 2025 19:40:05 +0000
ROA not before:           Tue 04 Mar 2025 19:40:05 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        158.141.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:dc:a3:ed:e3:b9:83:f3:a9:41:59:55:a7:c3:93:83:62:cb:13:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  4 19:40:05 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9c:de:45:82:dd:83:a9:f6:34:88:79:e2:27:
                    d6:10:f6:01:77:f0:7f:76:25:fa:2a:e2:a3:8e:07:
                    08:71:b0:d1:24:d5:46:50:85:2c:e9:6c:59:75:01:
                    7a:39:33:ca:9c:f0:e4:7e:b5:93:5c:ab:ad:b9:76:
                    80:c0:66:24:4b:91:aa:3a:73:92:e6:5e:30:41:b5:
                    e1:9b:49:91:90:3e:f0:76:26:52:bc:52:a7:c3:58:
                    25:b9:2e:37:41:08:24:34:9d:1c:69:e7:2b:61:ee:
                    7e:f1:3f:60:ab:34:25:a1:51:92:ba:d9:6f:3f:a0:
                    87:8d:28:64:40:a2:0d:cb:21:40:fc:9d:ad:75:8f:
                    77:56:da:dc:b1:8e:2e:26:d1:f3:c7:06:38:dd:12:
                    8e:8b:21:e8:70:50:c5:96:f4:59:50:40:d3:1d:b4:
                    4b:80:81:20:1b:e3:a4:e6:f3:00:ef:df:bd:0e:9f:
                    92:08:8e:f6:47:3a:a8:4e:4d:bc:bd:ce:49:c5:db:
                    c7:85:af:48:ef:84:fb:b4:d7:3f:db:fe:ea:6c:08:
                    bb:47:1c:e4:d5:45:c5:bd:49:65:08:35:cf:5b:b3:
                    be:c9:6b:f0:ef:e1:8c:74:3a:3b:ef:a4:71:23:0b:
                    eb:fc:7d:7e:c4:73:b0:a0:d5:1b:29:b1:af:38:dd:
                    dc:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:BF:4D:8F:AA:11:A1:9A:B9:10:1C:9C:C8:75:92:90:5B:7C:CD:74
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd757d1a-f3b0-4f5e-afdf-1b8cd6b968ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.141.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:27:ed:b6:26:2c:bf:9a:50:18:ec:70:60:aa:e6:d6:d5:e3:
         f0:cd:91:9c:ad:96:50:65:15:48:2a:ac:5a:56:de:80:ba:9f:
         db:5e:69:5d:ea:32:25:bf:56:9d:98:78:ef:da:aa:7a:68:6b:
         bd:74:5e:10:4f:42:3d:21:9e:f2:f7:97:64:c6:ce:9b:38:45:
         1f:1f:6b:f5:8e:11:48:9b:88:ab:45:af:fb:e8:fd:d5:de:f6:
         21:89:4f:fb:19:89:4d:03:70:4c:41:4a:0a:86:59:d6:49:1d:
         5d:81:da:d1:43:11:65:01:72:8b:a6:88:43:f5:31:74:a2:63:
         13:f3:4c:82:85:ca:fd:84:8d:64:ac:50:9c:50:b5:89:bc:05:
         36:8c:2a:be:cd:db:8f:51:1c:28:14:0c:f5:42:22:97:36:44:
         11:18:9c:80:f1:aa:92:b1:e0:86:7e:7e:5d:2f:48:e2:3b:de:
         64:55:49:bb:61:32:96:36:54:89:8e:c3:92:dd:f5:fd:f4:9d:
         5d:74:a6:98:67:ac:e4:71:ed:38:3e:16:36:eb:64:f4:47:0e:
         42:b1:aa:28:0d:5f:83:f9:1e:f6:f7:65:7f:af:86:9d:0d:fd:
         f2:9a:e6:d8:b9:28:84:4c:d1:e0:e8:58:e0:cd:6b:53:23:17:
         ed:fd:80:5e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbdyj7eO5g/OpQVlVp8OTg2LLE9QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA0MTk0MDA1WhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODBiZTExYjI5YmIzZDEzYzdhNjgxYzgzNTQ2YTQzMDMz
MTAzZGM1NjgzZWQzNmJkMjZkY2Q4MmE5OTIzN2FkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbnN5Fgt2DqfY0iHniJ9YQ9gF38H92Jfoq4qOOBwhxsNEk
1UZQhSzpbFl1AXo5M8qc8OR+tZNcq625doDAZiRLkao6c5LmXjBBteGbSZGQPvB2
JlK8UqfDWCW5LjdBCCQ0nRxp5yth7n7xP2CrNCWhUZK62W8/oIeNKGRAog3LIUD8
na11j3dW2tyxji4m0fPHBjjdEo6LIehwUMWW9FlQQNMdtEuAgSAb46Tm8wDv370O
n5IIjvZHOqhOTby9zknF28eFr0jvhPu01z/b/upsCLtHHOTVRcW9SWUINc9bs77J
a/Dv4Yx0OjvvpHEjC+v8fX7Ec7Cg1Rspsa843dw/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWb9Nj6oRoZq5EBycyHWSkFt8zXQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NkNzU3ZDFhLWYzYjAtNGY1ZS1hZmRmLTFiOGNkNmI5NjhlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCejTANBgkqhkiG9w0BAQsFAAOCAQEAiCfttiYsv5pQGOxwYKrm1tXj8M2R
nK2WUGUVSCqsWlbegLqf215pXeoyJb9WnZh479qqemhrvXReEE9CPSGe8veXZMbO
mzhFHx9r9Y4RSJuIq0Wv++j91d72IYlP+xmJTQNwTEFKCoZZ1kkdXYHa0UMRZQFy
i6aIQ/UxdKJjE/NMgoXK/YSNZKxQnFC1ibwFNowqvs3bj1EcKBQM9UIilzZEERic
gPGqkrHghn5+XS9I4jveZFVJu2EyljZUiY7Dkt31/fSdXXSmmGes5HHtOD4WNutk
9EcOQrGqKA1fg/ke9vdlf6+GnQ398prm2LkohEzR4OhY4M1rUyMX7f2AXg==
-----END CERTIFICATE-----