Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa
File:                     09f2a28b-bc83-44b1-b088-f2cab4682327.roa (raw, json)
Hash identifier:          F4emVOvZrXDNGCTEO10lU4w1OKvnDH0IJ4W/5ej5JPQ=
Subject key identifier:   9C:11:24:DC:BC:31:03:AC:92:2E:50:92:18:C7:85:24:0C:ED:66:20
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       137B10B02413939F668743860A0B0AC66247A4D1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa
Signing time:             Tue 03 Jun 2025 00:42:03 +0000
ROA not before:           Tue 03 Jun 2025 00:42:03 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.131.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:7b:10:b0:24:13:93:9f:66:87:43:86:0a:0b:0a:c6:62:47:a4:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 00:42:03 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=b35feccb2a14759b3a195401ee9a9ab83eab81dad7e164ce06906a9d87292bd7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b8:46:ec:ff:0f:82:e0:af:ba:2c:6e:62:52:
                    2d:b6:27:88:93:11:d1:05:2c:22:b8:d0:96:d5:3f:
                    8d:0e:72:ad:c7:1c:d4:3e:96:31:e5:a7:c6:ef:d4:
                    31:31:95:ba:b6:aa:e8:10:78:d7:7a:04:ef:a6:1e:
                    11:20:cd:19:bc:67:25:21:bb:02:04:80:2c:9c:ae:
                    d5:4f:bb:17:f3:29:17:e4:a5:f8:44:e9:43:d1:33:
                    89:12:e5:f3:c4:d6:9b:af:fb:ea:77:6a:9a:10:63:
                    ba:23:24:93:1d:40:69:20:b1:f8:07:e8:72:58:a3:
                    1c:25:3f:61:a9:ff:bd:a7:2b:b7:8e:05:b2:81:4b:
                    12:a0:eb:23:bc:eb:c8:f0:c9:22:8d:df:48:04:11:
                    9a:7d:61:82:d4:ee:9e:74:94:9c:bd:bd:a7:92:68:
                    62:a1:eb:c4:16:e3:ab:90:92:a1:88:2a:92:00:b2:
                    09:1c:f5:9c:58:1b:5b:7f:a1:b4:b0:c3:05:9a:3a:
                    db:a3:26:5b:32:f3:f1:70:68:ee:60:47:63:6e:cd:
                    02:27:6f:35:07:5f:13:90:4e:21:f8:46:62:17:c7:
                    f1:2c:a3:99:9e:7f:e3:b3:ab:44:b8:06:af:81:27:
                    58:56:26:2e:3c:8f:66:b4:5f:f0:cf:37:36:1b:28:
                    92:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:11:24:DC:BC:31:03:AC:92:2E:50:92:18:C7:85:24:0C:ED:66:20
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2d:38:df:32:df:31:3b:ae:e1:0c:35:5a:a4:88:ac:08:f4:44:
         eb:3a:0b:fe:21:85:7f:d8:0c:11:a7:c1:e0:b1:72:e0:9b:20:
         32:27:24:77:9e:7f:e6:21:15:c1:1f:34:46:4a:73:7e:45:f7:
         fd:7f:6a:7f:0d:57:7c:a5:f2:af:31:8b:5c:82:b8:bd:fb:ff:
         a8:a5:a9:f8:7d:fc:e3:48:a2:6d:66:a7:2a:8d:65:43:cf:e4:
         24:0e:c1:80:0d:cd:f7:67:a6:b2:dc:c4:22:4f:15:d4:eb:ef:
         1d:13:a8:da:90:75:ad:19:2d:a4:74:0c:e1:c0:b4:d3:37:17:
         9f:db:02:c1:7c:ac:b3:de:78:51:fd:d9:d4:ce:c0:c0:b1:90:
         5b:fe:e3:96:a7:7d:33:e9:0f:cc:fd:8f:eb:7b:6b:25:d0:fd:
         82:5c:bb:66:e7:af:5b:db:17:67:7a:86:1e:58:4b:28:d9:01:
         5f:78:6c:af:47:03:51:2a:21:c5:1a:88:01:45:b5:ad:14:89:
         3c:5a:0d:24:78:04:f1:92:d3:95:f5:51:c5:04:22:f0:17:0e:
         6f:97:20:5e:73:14:4a:fb:8f:d5:9e:32:77:3b:29:6f:0d:f6:
         1f:c5:c8:e0:7c:27:cf:05:2f:76:af:55:77:bf:6c:41:f2:6c:
         bf:93:b2:66
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE3sQsCQTk59mh0OGCgsKxmJHpNEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMDA0MjAzWhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzVmZWNjYjJhMTQ3NTliM2ExOTU0MDFlZTlhOWFiODNl
YWI4MWRhZDdlMTY0Y2UwNjkwNmE5ZDg3MjkyYmQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIuEbs/w+C4K+6LG5iUi22J4iTEdEFLCK40JbVP40Ocq3H
HNQ+ljHlp8bv1DExlbq2qugQeNd6BO+mHhEgzRm8ZyUhuwIEgCycrtVPuxfzKRfk
pfhE6UPRM4kS5fPE1puv++p3apoQY7ojJJMdQGkgsfgH6HJYoxwlP2Gp/72nK7eO
BbKBSxKg6yO868jwySKN30gEEZp9YYLU7p50lJy9vaeSaGKh68QW46uQkqGIKpIA
sgkc9ZxYG1t/obSwwwWaOtujJlsy8/FwaO5gR2NuzQInbzUHXxOQTiH4RmIXx/Es
o5mef+Ozq0S4Bq+BJ1hWJi48j2a0X/DPNzYbKJK3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnBEk3LwxA6ySLlCSGMeFJAztZiAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5ZjJhMjhiLWJjODMtNDRiMS1iMDg4LWYyY2FiNDY4MjMyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwADgzANBgkqhkiG9w0BAQsFAAOCAQEALTjfMt8xO67hDDVapIisCPRE6zoL
/iGFf9gMEafB4LFy4JsgMickd55/5iEVwR80RkpzfkX3/X9qfw1XfKXyrzGLXIK4
vfv/qKWp+H3840iibWanKo1lQ8/kJA7BgA3N92emstzEIk8V1OvvHROo2pB1rRkt
pHQM4cC00zcXn9sCwXyss954Uf3Z1M7AwLGQW/7jlqd9M+kPzP2P63trJdD9gly7
ZuevW9sXZ3qGHlhLKNkBX3hsr0cDUSohxRqIAUW1rRSJPFoNJHgE8ZLTlfVRxQQi
8BcOb5cgXnMUSvuP1Z4ydzspbw32H8XI4HwnzwUvdq9Vd79sQfJsv5OyZg==
-----END CERTIFICATE-----