Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f72b4c11-8eee-41c0-a62c-55bfb065d457.roa
File:                     f72b4c11-8eee-41c0-a62c-55bfb065d457.roa (raw, json)
Hash identifier:          BzP/vVp9No+Lv41obcR8wOtxhY0HOAz6C0st2Ho8T3E=
Subject key identifier:   02:08:8C:59:D5:F1:0C:16:BC:D4:F7:E6:42:5A:54:DE:EB:D6:E2:04
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21186AC863A1F2EC0C332539D43AF4FB95C1ECE6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f72b4c11-8eee-41c0-a62c-55bfb065d457.roa
Signing time:             Mon 24 Mar 2025 15:50:17 +0000
ROA not before:           Mon 24 Mar 2025 15:50:17 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        3.2.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:18:6a:c8:63:a1:f2:ec:0c:33:25:39:d4:3a:f4:fb:95:c1:ec:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar 24 15:50:17 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=a5851b0e85efacfd2d048fafa70961a7d3225a5cfd44acb937f49799c020dd97, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:33:21:b3:45:15:ed:6f:d6:a4:81:60:2d:8f:
                    1f:55:ad:10:f3:c9:cf:1b:14:c6:6b:64:8d:4d:a6:
                    1b:aa:39:ad:af:71:00:df:b1:3b:7b:e0:ff:b3:29:
                    f5:38:47:0b:29:10:8e:68:ba:69:03:a6:5d:0e:68:
                    bd:bf:fa:11:3b:9e:ee:29:cf:4d:5b:8b:06:cf:fe:
                    ef:75:ad:33:a4:60:dd:f7:76:7f:56:e7:67:bc:79:
                    b3:67:77:bc:b9:58:24:83:fb:81:50:fd:bc:41:7e:
                    32:41:38:78:e0:9c:6a:5b:af:36:4e:0b:2b:99:85:
                    99:54:97:8a:01:93:79:78:a9:b4:ec:75:fe:e6:ee:
                    40:81:26:b1:2f:dd:ed:54:82:40:5b:77:a4:a7:09:
                    da:b7:c7:88:7a:fd:6d:6b:4a:ce:26:e1:7f:8b:c4:
                    56:b8:67:74:1c:bd:13:40:d2:76:df:85:6e:45:b1:
                    12:f5:85:59:55:e2:57:f9:bc:c3:11:83:d5:26:13:
                    9b:46:d2:5f:1d:89:f8:3a:f2:bc:18:7a:c6:1a:26:
                    02:df:be:ad:d1:26:36:48:1c:42:b5:5a:2d:8e:04:
                    e6:b6:27:5c:31:3a:2b:69:9c:85:c1:c0:36:8a:62:
                    bd:68:81:8e:d6:96:33:21:2d:66:e8:31:08:d8:4c:
                    0f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:08:8C:59:D5:F1:0C:16:BC:D4:F7:E6:42:5A:54:DE:EB:D6:E2:04
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f72b4c11-8eee-41c0-a62c-55bfb065d457.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:b5:6f:64:c0:d3:ca:66:1c:b0:fc:25:a6:30:dd:f9:34:ff:
         6e:c8:bf:be:6f:5f:f2:d0:58:63:81:60:8d:72:64:9a:17:a8:
         c2:65:91:e0:57:6b:6a:5d:40:5f:43:bb:8d:78:46:41:a7:84:
         ed:2f:67:31:fd:2f:0b:e8:83:a2:c8:5c:03:bc:d3:d3:3d:67:
         6d:0f:60:be:06:2e:a3:98:cb:8d:a5:da:ff:61:ad:54:a8:d0:
         ea:cc:ec:6d:30:89:7c:cb:16:81:5b:7d:d5:d8:69:7f:a7:96:
         92:40:8d:e7:47:cd:66:eb:cf:cf:55:c3:ae:95:11:17:48:19:
         9f:58:d0:59:f1:7a:c0:f2:a3:3d:25:36:85:a9:b7:a9:5d:1c:
         f1:00:30:68:4b:56:82:7e:1c:33:00:09:24:71:c7:a7:67:0c:
         94:4e:62:ed:03:a3:49:9f:d0:ef:be:da:1d:51:f7:3b:eb:db:
         ed:58:5e:fe:d5:8d:fa:30:12:60:1a:4f:11:d1:22:a8:e6:a7:
         1f:36:ea:84:23:f2:fa:db:7b:f7:ca:2d:64:7f:a8:8b:52:8e:
         b2:c5:96:8d:04:2e:8a:92:cd:62:2a:08:d0:64:7e:73:5c:ab:
         43:c6:6b:f8:84:ab:ba:3c:27:0f:69:15:c1:cb:5b:69:a2:26:
         e6:68:a7:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIRhqyGOh8uwMMyU51Dr0+5XB7OYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzI0MTU1MDE3WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNTg1MWIwZTg1ZWZhY2ZkMmQwNDhmYWZhNzA5NjFhN2Qz
MjI1YTVjZmQ0NGFjYjkzN2Y0OTc5OWMwMjBkZDk3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvMyGzRRXtb9akgWAtjx9VrRDzyc8bFMZrZI1NphuqOa2v
cQDfsTt74P+zKfU4RwspEI5oumkDpl0OaL2/+hE7nu4pz01biwbP/u91rTOkYN33
dn9W52e8ebNnd7y5WCSD+4FQ/bxBfjJBOHjgnGpbrzZOCyuZhZlUl4oBk3l4qbTs
df7m7kCBJrEv3e1UgkBbd6SnCdq3x4h6/W1rSs4m4X+LxFa4Z3QcvRNA0nbfhW5F
sRL1hVlV4lf5vMMRg9UmE5tG0l8difg68rwYesYaJgLfvq3RJjZIHEK1Wi2OBOa2
J1wxOitpnIXBwDaKYr1ogY7WljMhLWboMQjYTA8BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAgiMWdXxDBa81PfmQlpU3uvW4gQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3MmI0YzExLThlZWUtNDFjMC1hNjJjLTU1YmZiMDY1ZDQ1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAhowDQYJKoZIhvcNAQELBQADggEBAAa1b2TA08pmHLD8JaYw3fk0/27I
v75vX/LQWGOBYI1yZJoXqMJlkeBXa2pdQF9Du414RkGnhO0vZzH9Lwvog6LIXAO8
09M9Z20PYL4GLqOYy42l2v9hrVSo0OrM7G0wiXzLFoFbfdXYaX+nlpJAjedHzWbr
z89Vw66VERdIGZ9Y0FnxesDyoz0lNoWpt6ldHPEAMGhLVoJ+HDMACSRxx6dnDJRO
Yu0Do0mf0O++2h1R9zvr2+1YXv7VjfowEmAaTxHRIqjmpx826oQj8vrbe/fKLWR/
qItSjrLFlo0ELoqSzWIqCNBkfnNcq0PGa/iEq7o8Jw9pFcHLW2miJuZop1k=
-----END CERTIFICATE-----