Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/13cb0147-55f9-4ae6-9e68-c1000ba3a696.roa
File:                     13cb0147-55f9-4ae6-9e68-c1000ba3a696.roa (raw, json)
Hash identifier:          UPH5R2D37v/OPNesxT2Zv1JavLgQqu3+x9VLH2wJp/s=
Subject key identifier:   4F:DB:55:66:98:FD:9E:41:90:0F:EC:FE:21:3B:FF:CF:C0:EC:56:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       056B44F46B54083CA80F55DB4B8DDF030ED707E3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/13cb0147-55f9-4ae6-9e68-c1000ba3a696.roa
Signing time:             Fri 25 Apr 2025 15:30:12 +0000
ROA not before:           Fri 25 Apr 2025 15:30:12 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        144.40.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:6b:44:f4:6b:54:08:3c:a8:0f:55:db:4b:8d:df:03:0e:d7:07:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 15:30:12 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=150cc413156a37fc409a695b2217958c78b2bed41af56c875a3e444682e0d221, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:cc:d5:84:2b:03:d9:b9:7b:78:2c:6e:5c:c8:
                    ae:69:42:8a:52:02:d1:ea:71:75:0c:4f:02:31:65:
                    45:e7:a9:fd:81:af:cc:66:95:50:0c:5b:8f:00:28:
                    e9:f4:e7:97:ce:f9:e2:4e:b2:c7:71:82:6b:07:e2:
                    31:8b:45:b3:e8:0a:5d:80:09:22:6c:31:19:9f:56:
                    9c:99:67:86:00:be:b6:9a:12:8b:98:43:06:77:17:
                    f0:19:c6:bb:2d:d7:43:7f:ea:9f:05:da:ed:7e:47:
                    2c:6d:2b:9a:a5:e0:75:28:97:fd:10:c5:2c:16:f7:
                    6a:0c:47:ea:e9:5a:17:eb:0a:25:54:aa:6e:62:1a:
                    71:2e:ed:77:9d:d6:a0:58:a9:46:9f:0e:a4:61:b2:
                    a5:8e:86:5b:97:76:94:fc:2a:98:34:eb:51:00:28:
                    f8:60:ff:66:24:06:3d:ae:cb:e1:e2:84:91:ae:27:
                    73:08:39:d0:82:2a:d4:f1:7d:f2:b3:db:0d:1f:43:
                    42:e3:a7:a4:4e:c5:68:67:6c:9e:f0:7d:cd:16:2c:
                    fc:28:03:5a:d3:78:78:3e:6d:f7:8d:e7:7d:bd:d5:
                    a2:86:7b:c7:db:1f:1e:9c:fe:65:33:02:e5:50:34:
                    62:3f:ed:0b:7f:7b:d3:8c:c6:f6:3c:54:34:2f:06:
                    42:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:DB:55:66:98:FD:9E:41:90:0F:EC:FE:21:3B:FF:CF:C0:EC:56:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/13cb0147-55f9-4ae6-9e68-c1000ba3a696.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:95:e3:87:cd:e2:35:b6:23:6f:bb:37:b5:d6:63:cb:54:4f:
         b3:4c:c7:9e:07:53:6a:4b:5b:a9:0d:8b:5e:40:c0:b7:92:d2:
         d4:4c:3c:3b:15:ac:29:f1:5a:2c:b8:18:c9:43:cb:b3:f3:39:
         76:cb:70:66:ce:dc:22:88:28:08:78:e9:a2:30:e4:72:12:1c:
         6a:5c:62:e0:d1:d3:b6:97:79:87:53:0a:81:b2:be:d6:6d:a5:
         08:e6:a4:37:ce:47:7d:63:a8:0f:27:e6:2a:bc:26:ca:c8:20:
         fa:f6:6b:3f:13:00:f0:0c:82:02:c9:79:68:79:49:2b:09:7d:
         c6:ad:61:ea:bd:a3:81:ba:f0:4d:06:00:da:db:32:d6:3f:31:
         08:cf:ee:e9:f0:51:83:aa:b1:7f:10:92:c1:d6:4c:14:69:2e:
         a7:35:51:d3:dc:2a:29:2a:b7:ee:ba:96:d6:ef:d8:be:8b:00:
         27:07:c2:1d:dc:99:2a:1c:c7:0d:a9:0e:c4:db:76:66:bf:28:
         0b:8d:a3:f7:d6:ed:09:99:a6:de:d7:e1:f6:56:f6:2f:17:43:
         0b:cf:89:c6:45:3d:39:3a:27:e7:85:4c:e0:f0:4a:fc:99:f3:
         16:56:a1:dc:af:3f:d0:2c:8b:b4:bd:d2:32:82:26:00:21:51:
         a2:bb:10:14
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBWtE9GtUCDyoD1XbS43fAw7XB+MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTUzMDEyWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTBjYzQxMzE1NmEzN2ZjNDA5YTY5NWIyMjE3OTU4Yzc4
YjJiZWQ0MWFmNTZjODc1YTNlNDQ0NjgyZTBkMjIxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5zNWEKwPZuXt4LG5cyK5pQopSAtHqcXUMTwIxZUXnqf2B
r8xmlVAMW48AKOn055fO+eJOssdxgmsH4jGLRbPoCl2ACSJsMRmfVpyZZ4YAvraa
EouYQwZ3F/AZxrst10N/6p8F2u1+RyxtK5ql4HUol/0QxSwW92oMR+rpWhfrCiVU
qm5iGnEu7Xed1qBYqUafDqRhsqWOhluXdpT8Kpg061EAKPhg/2YkBj2uy+HihJGu
J3MIOdCCKtTxffKz2w0fQ0Ljp6ROxWhnbJ7wfc0WLPwoA1rTeHg+bfeN53291aKG
e8fbHx6c/mUzAuVQNGI/7Qt/e9OMxvY8VDQvBkK7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUT9tVZpj9nkGQD+z+ITv/z8DsVu8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEzY2IwMTQ3LTU1ZjktNGFlNi05ZTY4LWMxMDAwYmEzYTY5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCQKDANBgkqhkiG9w0BAQsFAAOCAQEAYZXjh83iNbYjb7s3tdZjy1RPs0zH
ngdTaktbqQ2LXkDAt5LS1Ew8OxWsKfFaLLgYyUPLs/M5dstwZs7cIogoCHjpojDk
chIcalxi4NHTtpd5h1MKgbK+1m2lCOakN85HfWOoDyfmKrwmysgg+vZrPxMA8AyC
Asl5aHlJKwl9xq1h6r2jgbrwTQYA2tsy1j8xCM/u6fBRg6qxfxCSwdZMFGkupzVR
09wqKSq37rqW1u/YvosAJwfCHdyZKhzHDakOxNt2Zr8oC42j99btCZmm3tfh9lb2
LxdDC8+JxkU9OTon54VM4PBK/JnzFlah3K8/0CyLtL3SMoImACFRorsQFA==
-----END CERTIFICATE-----