Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d642133-fe34-48fa-b5c3-4640b88222fe.roa
File:                     2d642133-fe34-48fa-b5c3-4640b88222fe.roa (raw, json)
Hash identifier:          8pPAzAmQ1uDpnXuH3qBlFQmteFla9eviYMm9L/asMNc=
Subject key identifier:   6F:C2:BE:92:E6:9C:B7:37:EC:77:44:7B:AB:02:26:5C:C3:0B:E4:16
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       013AF9E9F25FB740DF27933AF209E736E0069D21
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d642133-fe34-48fa-b5c3-4640b88222fe.roa
Signing time:             Fri 06 Jun 2025 00:20:40 +0000
ROA not before:           Fri 06 Jun 2025 00:20:40 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:3a:f9:e9:f2:5f:b7:40:df:27:93:3a:f2:09:e7:36:e0:06:9d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 00:20:40 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=b5f42946dcd90bae5781f836a8c19bfe22b55b64162948e580bbee4670bdc94e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5f:46:d2:87:ae:6c:c9:10:a2:03:b6:76:2a:
                    24:dd:df:e4:e6:71:3d:80:4a:47:97:ee:9b:5d:73:
                    2f:e7:1b:0b:ad:b8:25:70:fe:f9:8e:7b:26:8c:3a:
                    d9:03:34:1a:cd:f3:c8:14:d7:35:01:5e:12:80:c5:
                    1a:40:f0:7e:38:a0:51:14:b6:69:99:96:3b:63:2e:
                    06:13:a8:b7:bb:96:9c:92:6f:ae:e1:8d:3d:0f:64:
                    0c:e0:77:9a:f1:9f:84:31:a3:58:63:76:d6:e9:2b:
                    e9:e4:f1:bb:b2:2b:e7:59:c8:eb:d3:4f:a7:b0:3e:
                    75:97:ab:4b:f7:32:8b:89:f0:c1:5d:a6:b5:34:f0:
                    e1:2e:5b:70:2f:df:0b:48:48:19:ac:da:4d:4f:be:
                    67:8d:6a:cd:b4:57:67:e2:96:fe:51:67:59:42:0d:
                    6d:0c:8d:23:ee:40:3e:06:b3:e0:74:da:40:bc:34:
                    5a:77:ee:54:3c:c9:a5:c7:e0:15:c5:05:f0:98:cc:
                    7a:09:37:2d:f1:8d:3a:d3:ef:61:14:45:8a:df:12:
                    e9:b4:d0:99:d7:42:f9:33:bf:ab:d3:31:ac:ed:d1:
                    ce:63:8a:fe:79:d6:51:fb:46:51:dc:fb:3c:34:e1:
                    1a:84:f4:ae:55:01:fc:da:89:b2:dc:0e:53:45:50:
                    8b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C2:BE:92:E6:9C:B7:37:EC:77:44:7B:AB:02:26:5C:C3:0B:E4:16
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d642133-fe34-48fa-b5c3-4640b88222fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a9:18:11:8b:3c:a7:72:e6:1f:6f:5f:e4:c8:fd:6f:49:ec:d3:
         c1:de:53:f8:19:00:25:28:f9:4c:80:c7:dd:07:4d:0f:b0:ed:
         ec:28:da:11:ca:b8:8b:96:be:70:48:30:3d:48:d4:5c:4b:b1:
         52:0d:0f:c0:11:46:e5:0e:b9:52:8c:f4:a5:88:67:20:c6:bc:
         fe:2d:c1:37:4e:ad:f2:16:24:52:eb:ca:8a:85:22:7a:9a:0e:
         0e:70:47:81:65:de:08:c6:b1:95:f4:55:9d:d9:6b:2c:96:9d:
         1a:0d:8b:70:34:ae:68:cc:6a:fc:56:c3:1a:2f:fc:dc:9f:b4:
         58:6e:bd:ba:ab:ec:cb:47:53:1f:35:c7:a9:1e:37:04:02:dd:
         7a:41:72:b3:28:ab:db:e3:6d:8f:45:c5:25:64:27:ac:e3:c6:
         59:c5:90:83:e1:ee:9a:46:9f:67:fe:6e:39:b6:88:40:55:f3:
         c4:6e:b6:74:94:55:5a:1d:fa:8f:53:cc:be:dc:53:69:e4:71:
         62:50:9e:a0:af:68:18:dc:62:5f:8e:da:88:bd:cd:6e:78:cb:
         08:6f:83:9c:58:bc:74:2f:f0:1f:ea:1e:43:d8:2b:04:70:45:
         e2:d2:2a:ac:82:3f:da:49:d6:2b:ca:dc:16:b5:55:83:d0:2b:
         1b:f3:a5:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUATr56fJft0DfJ5M68gnnNuAGnSEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MDAyMDQwWhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNWY0Mjk0NmRjZDkwYmFlNTc4MWY4MzZhOGMxOWJmZTIy
YjU1YjY0MTYyOTQ4ZTU4MGJiZWU0NjcwYmRjOTRlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSX0bSh65syRCiA7Z2KiTd3+TmcT2ASkeX7ptdcy/nGwut
uCVw/vmOeyaMOtkDNBrN88gU1zUBXhKAxRpA8H44oFEUtmmZljtjLgYTqLe7lpyS
b67hjT0PZAzgd5rxn4Qxo1hjdtbpK+nk8buyK+dZyOvTT6ewPnWXq0v3MouJ8MFd
prU08OEuW3Av3wtISBms2k1PvmeNas20V2filv5RZ1lCDW0MjSPuQD4Gs+B02kC8
NFp37lQ8yaXH4BXFBfCYzHoJNy3xjTrT72EURYrfEum00JnXQvkzv6vTMazt0c5j
iv551lH7RlHc+zw04RqE9K5VAfzaibLcDlNFUIsLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUb8K+kuactzfsd0R7qwImXMML5BYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkNjQyMTMzLWZlMzQtNDhmYS1iNWMzLTQ2NDBiODgyMjJmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQN+HAwDQYJKoZIhvcNAQELBQADggEBAKkYEYs8p3LmH29f5Mj9b0ns08He
U/gZACUo+UyAx90HTQ+w7ewo2hHKuIuWvnBIMD1I1FxLsVIND8ARRuUOuVKM9KWI
ZyDGvP4twTdOrfIWJFLryoqFInqaDg5wR4Fl3gjGsZX0VZ3ZayyWnRoNi3A0rmjM
avxWwxov/NyftFhuvbqr7MtHUx81x6keNwQC3XpBcrMoq9vjbY9FxSVkJ6zjxlnF
kIPh7ppGn2f+bjm2iEBV88RutnSUVVod+o9TzL7cU2nkcWJQnqCvaBjcYl+O2oi9
zW54ywhvg5xYvHQv8B/qHkPYKwRwReLSKqyCP9pJ1ivK3Ba1VYPQKxvzpbk=
-----END CERTIFICATE-----