Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/157aff97-b8e5-4f1d-8c79-ad13bed37d70.roa
File:                     157aff97-b8e5-4f1d-8c79-ad13bed37d70.roa (raw, json)
Hash identifier:          Rc0HQA4Ya8qDrwGo7msz0VpIBfqPgjP6fN03ZkCZjow=
Subject key identifier:   FD:4B:83:20:68:BC:DC:C3:F4:AE:34:E1:3E:F5:3F:DE:6E:86:12:2D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4D8E7101C724C08BB8C6B10DFD4673666153AF00
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/157aff97-b8e5-4f1d-8c79-ad13bed37d70.roa
Signing time:             Tue 22 Apr 2025 17:51:00 +0000
ROA not before:           Tue 22 Apr 2025 17:51:00 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.188.130.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:8e:71:01:c7:24:c0:8b:b8:c6:b1:0d:fd:46:73:66:61:53:af:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 22 17:51:00 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=639a3e2ae5f01157267818a19544d585cbe15f96bf57e00b22981d19f3da2b63, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e5:8d:6b:6f:41:23:69:e5:4a:47:d0:c1:37:
                    06:94:91:56:7b:7c:bb:13:68:f8:e3:e0:71:61:40:
                    81:30:52:15:e5:44:d6:b4:81:fa:64:a4:7e:78:3a:
                    0a:6c:bd:49:d8:76:02:24:cf:53:58:78:ea:0a:2c:
                    a8:f3:f6:e4:26:07:9f:25:bc:af:45:da:91:3e:1c:
                    b3:24:4e:55:18:0b:ea:14:03:97:e5:39:c1:13:9e:
                    44:1d:a9:f0:e1:27:cd:fd:26:8e:8e:42:64:12:16:
                    d6:84:e1:97:d8:35:d2:3a:13:41:ed:5d:62:33:36:
                    de:c3:86:e4:95:d5:63:ed:30:22:49:4a:99:e0:53:
                    49:ff:75:39:aa:3b:d8:1c:e2:34:d8:1a:09:7f:5d:
                    00:56:60:2a:23:39:af:5d:8c:e1:ea:48:93:ef:72:
                    e0:78:69:eb:dd:ca:25:40:4e:a6:48:a1:8d:71:de:
                    8b:db:83:3a:93:da:a0:25:42:86:45:94:fb:7a:33:
                    e3:bd:25:d3:df:88:77:1d:63:af:95:0e:36:5a:24:
                    da:15:a7:5a:a3:a4:cb:ef:52:b0:a9:bb:45:5f:c2:
                    39:f3:bf:9b:e7:6d:6c:11:2a:ab:64:e1:b0:fe:ad:
                    9d:a8:fc:0c:71:d7:16:8f:33:30:7b:3d:86:90:9b:
                    70:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4B:83:20:68:BC:DC:C3:F4:AE:34:E1:3E:F5:3F:DE:6E:86:12:2D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/157aff97-b8e5-4f1d-8c79-ad13bed37d70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:e2:2c:db:45:b3:82:3e:09:1b:ac:af:b8:33:32:90:5a:c9:
         1c:ad:65:eb:22:b3:18:0e:e7:b1:ec:74:d1:3b:86:ee:54:ef:
         2a:2a:59:67:9e:a2:d5:4b:2b:46:1b:e2:a5:58:14:b0:03:50:
         21:f2:01:96:79:a4:c9:b1:eb:2f:92:db:9e:f2:25:ba:01:2b:
         4f:61:e5:8e:d6:07:c4:c1:84:c2:6e:ab:1b:23:95:02:a5:86:
         a7:d8:b7:aa:3b:24:9d:60:5b:de:76:14:42:09:39:3b:f0:f8:
         3f:5b:64:cf:31:67:95:72:6a:b9:55:58:64:07:43:50:55:3f:
         8a:d1:09:50:2d:0e:11:93:ff:b8:a6:3e:ca:d5:51:86:2a:9d:
         a9:5b:57:5d:91:8d:04:b7:74:67:d2:2c:f5:35:6b:93:e9:c7:
         e9:3e:f6:1f:71:05:3e:00:fc:5e:10:07:3f:dc:ca:fe:1e:e8:
         77:b9:04:eb:62:62:42:43:c1:32:fc:05:cd:6f:07:48:00:ee:
         4b:ba:ba:59:92:01:b9:55:73:22:4b:20:05:ab:cd:b2:45:b9:
         cb:7d:c0:50:51:dd:9d:45:f2:e8:2d:6e:aa:a6:6a:36:0c:8e:
         3a:ea:ac:4b:88:70:1f:b0:53:4e:92:8a:e6:06:4a:64:42:98:
         fd:fd:85:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTY5xAcckwIu4xrEN/UZzZmFTrwAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDIyMTc1MTAwWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzlhM2UyYWU1ZjAxMTU3MjY3ODE4YTE5NTQ0ZDU4NWNi
ZTE1Zjk2YmY1N2UwMGIyMjk4MWQxOWYzZGEyYjYzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS5Y1rb0EjaeVKR9DBNwaUkVZ7fLsTaPjj4HFhQIEwUhXl
RNa0gfpkpH54OgpsvUnYdgIkz1NYeOoKLKjz9uQmB58lvK9F2pE+HLMkTlUYC+oU
A5flOcETnkQdqfDhJ839Jo6OQmQSFtaE4ZfYNdI6E0HtXWIzNt7DhuSV1WPtMCJJ
SpngU0n/dTmqO9gc4jTYGgl/XQBWYCojOa9djOHqSJPvcuB4aevdyiVATqZIoY1x
3ovbgzqT2qAlQoZFlPt6M+O9JdPfiHcdY6+VDjZaJNoVp1qjpMvvUrCpu0Vfwjnz
v5vnbWwRKqtk4bD+rZ2o/Axx1xaPMzB7PYaQm3DhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/UuDIGi83MP0rjThPvU/3m6GEi0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE1N2FmZjk3LWI4ZTUtNGYxZC04Yzc5LWFkMTNiZWQzN2Q3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvIIwDQYJKoZIhvcNAQELBQADggEBADriLNtFs4I+CRusr7gzMpBayRyt
ZesisxgO57HsdNE7hu5U7yoqWWeeotVLK0Yb4qVYFLADUCHyAZZ5pMmx6y+S257y
JboBK09h5Y7WB8TBhMJuqxsjlQKlhqfYt6o7JJ1gW952FEIJOTvw+D9bZM8xZ5Vy
arlVWGQHQ1BVP4rRCVAtDhGT/7imPsrVUYYqnalbV12RjQS3dGfSLPU1a5Ppx+k+
9h9xBT4A/F4QBz/cyv4e6He5BOtiYkJDwTL8Bc1vB0gA7ku6ulmSAblVcyJLIAWr
zbJFuct9wFBR3Z1F8ugtbqqmajYMjjrqrEuIcB+wU06SiuYGSmRCmP39hcg=
-----END CERTIFICATE-----