Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f0ec0793-aab0-4de5-b143-30bfabb7aaea.roa
File:                     f0ec0793-aab0-4de5-b143-30bfabb7aaea.roa (raw, json)
Hash identifier:          Dx8idgc/cX8Mgi3qBBnNVoGjmvLj1aSbNZCh0ZRdd+I=
Subject key identifier:   D8:74:9D:75:37:46:F0:84:B4:C9:B2:70:2A:B8:5E:63:85:B7:2F:F1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       775087E9303CCF5DE94C3B1EFE0A7D9006FD0EEC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f0ec0793-aab0-4de5-b143-30bfabb7aaea.roa
Signing time:             Mon 16 Jun 2025 17:10:20 +0000
ROA not before:           Mon 16 Jun 2025 17:10:20 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 01 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:50:87:e9:30:3c:cf:5d:e9:4c:3b:1e:fe:0a:7d:90:06:fd:0e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 16 17:10:20 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=677d3a841b78307a0d4ca7d8e49a10c09e3181bfec9f431e9b2c336f6c0d7605, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:67:7a:6a:4b:ff:d4:6d:10:f9:d9:ef:e8:fc:
                    ce:f2:09:4d:b7:38:ed:a5:74:69:d3:7a:e2:5e:3c:
                    f9:8f:74:b7:27:fb:42:fd:21:e2:15:41:7d:31:ee:
                    3e:30:57:c2:2d:0f:35:b7:64:11:66:04:a8:7a:ca:
                    c0:65:97:57:e1:0f:90:37:93:4c:0b:b4:1f:e4:6c:
                    02:ac:6b:bc:fd:c6:4f:6c:6b:53:3e:87:b6:a7:af:
                    92:fb:ba:07:4c:65:3c:9f:4c:c2:73:35:eb:af:76:
                    be:0f:1f:c5:ed:18:0d:4c:54:fe:11:41:90:f4:42:
                    e3:df:96:23:31:c5:2c:49:29:b5:27:f1:82:3e:d5:
                    a2:71:22:5d:09:51:8e:ae:94:3c:e5:56:68:cb:a4:
                    d2:e8:74:92:7e:03:32:0e:26:c3:aa:48:2c:74:d5:
                    a2:bb:12:d2:17:e1:21:42:8a:cc:e5:39:e9:bf:2a:
                    16:91:4b:2d:25:c9:e3:1c:81:1f:71:a1:59:e3:94:
                    6a:d1:f1:d8:b1:25:7e:be:5d:6d:07:eb:9a:11:12:
                    a6:c5:62:ea:67:d4:c7:36:ec:88:0a:ed:d9:8c:fe:
                    61:8f:1e:cd:ee:c2:e6:5f:31:b2:50:0b:6b:ef:71:
                    bf:65:f5:57:a3:9f:7a:ac:a2:82:90:b3:c1:aa:9c:
                    e0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:74:9D:75:37:46:F0:84:B4:C9:B2:70:2A:B8:5E:63:85:B7:2F:F1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f0ec0793-aab0-4de5-b143-30bfabb7aaea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:1c:59:12:e6:8b:c9:78:68:ae:81:12:98:e7:c0:90:93:99:
         1f:e8:27:91:03:63:4c:e6:31:78:71:c3:cc:33:b8:10:65:a7:
         21:52:03:29:2c:6a:48:86:76:e0:c3:5c:a9:ea:5f:34:5d:1b:
         3a:ba:9b:83:39:a0:a5:dc:f8:6e:47:47:ce:ad:7f:5f:51:c2:
         36:2c:d8:34:67:3e:cb:c5:02:93:04:b8:38:fe:b8:92:69:b1:
         46:16:2d:bc:20:f0:ff:f9:46:ac:54:3b:87:c0:c6:c8:4e:57:
         65:86:60:a4:9b:9b:7e:e4:24:e6:4b:77:e1:18:2a:21:19:43:
         37:c5:82:40:ed:ca:9e:ca:da:17:91:cd:3b:c5:10:91:a3:6e:
         0a:da:01:7a:d2:4c:3b:fd:a9:3f:06:ab:e7:a7:31:da:14:f2:
         96:f4:89:58:96:6a:f5:d7:8b:62:f7:f5:d9:1c:57:06:0e:c0:
         af:5e:25:77:82:43:2e:ab:98:99:af:0f:12:f1:1a:a1:7d:90:
         71:de:6b:32:a3:81:63:33:6b:e9:6e:38:47:26:67:d7:56:04:
         91:39:17:15:09:1f:22:13:95:c8:5c:3f:c6:32:57:dd:dc:52:
         87:39:7e:b1:1b:fa:1e:ae:70:e7:e8:72:fb:c5:1a:2c:65:ca:
         42:ae:dc:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd1CH6TA8z13pTDse/gp9kAb9DuwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjE2MTcxMDIwWhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzdkM2E4NDFiNzgzMDdhMGQ0Y2E3ZDhlNDlhMTBjMDll
MzE4MWJmZWM5ZjQzMWU5YjJjMzM2ZjZjMGQ3NjA1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKZ3pqS//UbRD52e/o/M7yCU23OO2ldGnTeuJePPmPdLcn
+0L9IeIVQX0x7j4wV8ItDzW3ZBFmBKh6ysBll1fhD5A3k0wLtB/kbAKsa7z9xk9s
a1M+h7anr5L7ugdMZTyfTMJzNeuvdr4PH8XtGA1MVP4RQZD0QuPfliMxxSxJKbUn
8YI+1aJxIl0JUY6ulDzlVmjLpNLodJJ+AzIOJsOqSCx01aK7EtIX4SFCiszlOem/
KhaRSy0lyeMcgR9xoVnjlGrR8dixJX6+XW0H65oREqbFYupn1Mc27IgK7dmM/mGP
Hs3uwuZfMbJQC2vvcb9l9Vejn3qsooKQs8GqnOClAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2HSddTdG8IS0ybJwKrheY4W3L/EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YwZWMwNzkzLWFhYjAtNGRlNS1iMTQzLTMwYmZhYmI3YWFlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3uAwDQYJKoZIhvcNAQELBQADggEBAIscWRLmi8l4aK6BEpjnwJCTmR/o
J5EDY0zmMXhxw8wzuBBlpyFSAyksakiGduDDXKnqXzRdGzq6m4M5oKXc+G5HR86t
f19RwjYs2DRnPsvFApMEuDj+uJJpsUYWLbwg8P/5RqxUO4fAxshOV2WGYKSbm37k
JOZLd+EYKiEZQzfFgkDtyp7K2heRzTvFEJGjbgraAXrSTDv9qT8Gq+enMdoU8pb0
iViWavXXi2L39dkcVwYOwK9eJXeCQy6rmJmvDxLxGqF9kHHeazKjgWMza+luOEcm
Z9dWBJE5FxUJHyITlchcP8YyV93cUoc5frEb+h6ucOfocvvFGixlykKu3NI=
-----END CERTIFICATE-----