Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab15eef1-5a34-4d98-8fbd-32c71769c677.roa
File:                     ab15eef1-5a34-4d98-8fbd-32c71769c677.roa (raw, json)
Hash identifier:          y7cPVOkPoPMh7ftjfEXWtjuMe1Pj52iJUeQtj4xdBbI=
Subject key identifier:   0A:90:C9:31:90:B4:B0:DA:93:AB:D7:05:81:4A:C5:03:56:7C:74:95
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7888773D5F77E788F98A4DD5FDF830C063E6D9CD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab15eef1-5a34-4d98-8fbd-32c71769c677.roa
Signing time:             Wed 18 Jun 2025 00:20:23 +0000
ROA not before:           Wed 18 Jun 2025 00:20:23 +0000
ROA not after:            Wed 23 Jul 2025 23:59:59 +0000
asID:                     398378
IP address blocks:        161.188.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 01 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:88:77:3d:5f:77:e7:88:f9:8a:4d:d5:fd:f8:30:c0:63:e6:d9:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 18 00:20:23 2025 GMT
            Not After : Jul 23 23:59:59 2025 GMT
        Subject: serialNumber=54d32255f0a732068521a5dc17a3492b7febf30d0f17247b18e19a254ae56395, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ed:d0:09:73:e9:78:57:e4:13:be:4f:f6:aa:
                    68:25:03:55:1a:22:1a:fe:7f:f8:69:24:af:e9:70:
                    c5:94:df:1a:b6:b4:07:02:8c:85:30:3e:d7:92:5d:
                    38:6e:9f:e0:a9:51:de:a7:bc:68:ee:13:7a:1d:49:
                    20:fb:26:01:b0:dd:bc:09:0a:21:01:a1:a5:04:c7:
                    04:99:70:d8:7c:ef:0f:3b:8a:3e:85:00:9f:24:0a:
                    2d:ef:a8:c5:fb:91:12:0b:f2:2d:ec:96:df:98:43:
                    c7:4c:68:94:53:ea:5b:bc:30:66:e8:84:c0:51:ae:
                    03:d5:fb:3f:ff:9a:0f:01:43:34:e2:d5:dc:ba:b2:
                    27:61:29:c2:c6:7c:07:40:71:6f:59:d9:4b:e5:55:
                    5e:4c:24:1c:ea:a3:5c:f2:19:43:e9:95:51:be:2b:
                    c4:47:38:54:7b:26:a2:38:3f:5a:df:ae:07:28:6c:
                    85:e3:e7:10:74:4b:f5:3c:76:a3:23:8e:03:55:e7:
                    56:73:37:c3:27:f2:2d:5b:b4:64:6c:61:cf:16:04:
                    d0:18:96:c4:10:af:ec:00:c8:2f:52:65:e7:cf:67:
                    0d:2c:cd:21:09:3e:0f:2c:76:c4:73:c2:37:a6:da:
                    9c:e8:fb:48:a0:f7:42:3e:39:3f:5a:af:2b:75:b0:
                    d2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:90:C9:31:90:B4:B0:DA:93:AB:D7:05:81:4A:C5:03:56:7C:74:95
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab15eef1-5a34-4d98-8fbd-32c71769c677.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:5e:19:8c:a8:89:5a:fe:1a:61:bd:ff:87:d7:af:fc:24:e9:
         df:6f:41:5d:3d:2a:74:c1:39:58:1b:58:4c:ab:ec:da:8f:0f:
         9a:e2:bb:4d:e5:c0:65:54:7a:32:88:1b:3e:7f:2d:ea:b4:55:
         90:4d:42:31:22:cb:b2:52:24:93:40:9b:dc:88:ee:1b:1c:76:
         f9:d2:c4:f7:20:34:6b:2c:ed:8f:ca:b6:3e:5c:46:c1:2b:6c:
         37:b0:fb:6f:db:86:e0:44:a0:80:41:34:3e:82:f3:00:94:a2:
         fa:d6:d8:fb:4d:fe:2a:7b:82:7e:7c:fe:a0:6a:7d:4b:c1:06:
         73:34:d8:ea:db:5d:b7:f7:e3:bd:5b:c2:cb:be:7b:dc:ae:d1:
         df:ec:ae:ef:46:46:7f:22:45:1d:81:8d:07:1c:fa:0f:f6:5a:
         3f:6c:37:cb:54:5e:69:92:fd:31:04:46:eb:d6:c9:4b:30:95:
         c8:9d:27:05:c9:ad:0d:43:0e:47:c0:bd:1f:f5:b5:2d:e2:be:
         c8:af:a5:6d:39:45:6a:a1:ac:e9:7a:dc:e3:6d:b3:a6:5e:11:
         36:89:69:d7:07:bd:2d:8c:d6:ef:ac:4b:27:e4:41:49:d8:c5:
         b7:02:ea:59:39:7a:c1:95:3c:ab:d5:27:2f:0c:03:43:a5:8a:
         70:bf:7e:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeIh3PV9354j5ik3V/fgwwGPm2c0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjE4MDAyMDIzWhcNMjUwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NGQzMjI1NWYwYTczMjA2ODUyMWE1ZGMxN2EzNDkyYjdm
ZWJmMzBkMGYxNzI0N2IxOGUxOWEyNTRhZTU2Mzk1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi7dAJc+l4V+QTvk/2qmglA1UaIhr+f/hpJK/pcMWU3xq2
tAcCjIUwPteSXThun+CpUd6nvGjuE3odSSD7JgGw3bwJCiEBoaUExwSZcNh87w87
ij6FAJ8kCi3vqMX7kRIL8i3slt+YQ8dMaJRT6lu8MGbohMBRrgPV+z//mg8BQzTi
1dy6sidhKcLGfAdAcW9Z2UvlVV5MJBzqo1zyGUPplVG+K8RHOFR7JqI4P1rfrgco
bIXj5xB0S/U8dqMjjgNV51ZzN8Mn8i1btGRsYc8WBNAYlsQQr+wAyC9SZefPZw0s
zSEJPg8sdsRzwjem2pzo+0ig90I+OT9aryt1sNLHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCpDJMZC0sNqTq9cFgUrFA1Z8dJUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FiMTVlZWYxLTVhMzQtNGQ5OC04ZmJkLTMyYzcxNzY5YzY3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvJYwDQYJKoZIhvcNAQELBQADggEBAKBeGYyoiVr+GmG9/4fXr/wk6d9v
QV09KnTBOVgbWEyr7NqPD5riu03lwGVUejKIGz5/Leq0VZBNQjEiy7JSJJNAm9yI
7hscdvnSxPcgNGss7Y/Ktj5cRsErbDew+2/bhuBEoIBBND6C8wCUovrW2PtN/ip7
gn58/qBqfUvBBnM02OrbXbf3471bwsu+e9yu0d/sru9GRn8iRR2BjQcc+g/2Wj9s
N8tUXmmS/TEERuvWyUswlcidJwXJrQ1DDkfAvR/1tS3ivsivpW05RWqhrOl63ONt
s6ZeETaJadcHvS2M1u+sSyfkQUnYxbcC6lk5esGVPKvVJy8MA0OlinC/flw=
-----END CERTIFICATE-----