Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d642133-fe34-48fa-b5c3-4640b88222fe.roa
File:                     2d642133-fe34-48fa-b5c3-4640b88222fe.roa (raw, json)
Hash identifier:          C/uHuxz6u5SykG3+tHaaXVvqlbTWmzWlRNH9BmwXEIQ=
Subject key identifier:   CD:19:AE:C2:0A:DC:E6:A4:74:DB:8D:D0:67:2D:EB:29:03:B7:CB:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       06454A1AE33FE909586C2BF3C69FC56A109F6EAF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d642133-fe34-48fa-b5c3-4640b88222fe.roa
Signing time:             Fri 25 Apr 2025 16:10:13 +0000
ROA not before:           Fri 25 Apr 2025 16:10:13 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:45:4a:1a:e3:3f:e9:09:58:6c:2b:f3:c6:9f:c5:6a:10:9f:6e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 16:10:13 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=ec1947bc59d0f43589c9dbed24b95007ad2218664f5b777607d3eaf88570abae, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b8:ac:b5:61:2b:55:cd:bb:d1:b4:83:62:a4:
                    8e:e3:ed:45:b1:e1:67:9c:2d:6f:77:5f:27:78:e9:
                    2e:dc:83:5b:54:f3:e5:b2:2c:f1:7e:d0:7a:b3:e4:
                    84:eb:62:39:cf:0c:94:bf:36:10:fa:62:c6:11:93:
                    7b:15:a8:6c:b2:24:d6:10:21:31:df:70:5c:94:71:
                    16:cf:2a:3a:99:19:38:65:42:1c:00:92:df:b5:02:
                    de:af:df:c3:ea:42:62:a3:f7:c6:a6:96:93:1e:65:
                    e4:52:b0:e3:63:71:ea:74:d8:29:54:a5:c8:13:41:
                    50:2e:65:fb:23:e9:7d:4c:4b:9c:f3:f6:e5:01:03:
                    42:f0:ba:78:9c:d2:7c:4f:65:a9:ed:2c:16:64:b3:
                    c0:b8:3a:67:13:12:63:94:64:28:94:4a:64:e6:12:
                    c1:e3:98:30:19:2e:8c:2b:e1:1b:26:6c:dc:ff:7f:
                    ef:02:ac:82:d8:4d:0d:96:0f:55:d0:0d:91:c1:2c:
                    f9:c1:6c:2f:2c:23:93:c6:d2:d6:df:69:16:8e:7c:
                    19:49:da:65:be:93:b6:8a:5e:0c:be:b3:a1:79:5d:
                    e7:52:b4:c3:42:0f:6f:15:a0:1a:c6:7f:82:ec:c0:
                    8a:5c:f6:e1:75:24:20:08:cc:88:22:10:3f:50:70:
                    d4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:19:AE:C2:0A:DC:E6:A4:74:DB:8D:D0:67:2D:EB:29:03:B7:CB:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d642133-fe34-48fa-b5c3-4640b88222fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b1:75:28:bd:68:51:41:7f:59:2c:5c:fb:f9:a1:98:96:7e:a7:
         cc:7e:90:aa:29:8a:bf:74:bc:ef:18:d1:7b:4c:ea:78:24:58:
         ea:42:29:07:68:d6:e7:0b:c5:47:ff:ec:93:83:b6:09:b8:d9:
         d2:4d:2a:2f:7b:cf:d6:ef:ed:2a:de:0f:62:06:a1:ac:95:f8:
         5f:ae:9d:02:a5:49:26:a0:d4:66:a7:45:c2:68:8f:1a:65:f3:
         de:e0:da:95:2a:69:f7:25:ac:33:af:32:a7:da:d0:5f:40:f0:
         47:6c:12:0d:3a:94:9f:d9:22:30:4b:ac:b2:24:ca:e4:e6:bc:
         f4:39:77:95:f4:86:2e:2d:0b:ae:57:94:d9:61:24:11:84:a4:
         62:7f:8a:ba:c7:6b:b8:4b:58:d2:b9:ca:b7:8f:03:5b:19:43:
         5f:69:70:18:53:5b:8b:1b:5d:7b:2d:e2:1f:42:5f:e0:31:a5:
         85:84:22:ba:a6:24:3e:5d:bf:91:d0:14:bd:54:27:0c:48:84:
         bf:4f:ee:cb:ff:34:81:66:a8:80:d6:5a:dc:6b:1a:3c:a0:5a:
         e4:f3:7c:86:80:1d:18:37:a9:63:38:f5:5d:43:fd:1b:34:25:
         fb:f9:28:0e:a2:df:69:a6:5b:2c:55:a5:d3:30:b6:45:86:ed:
         d0:51:bb:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBkVKGuM/6QlYbCvzxp/FahCfbq8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTYxMDEzWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzE5NDdiYzU5ZDBmNDM1ODljOWRiZWQyNGI5NTAwN2Fk
MjIxODY2NGY1Yjc3NzYwN2QzZWFmODg1NzBhYmFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCguKy1YStVzbvRtINipI7j7UWx4WecLW93Xyd46S7cg1tU
8+WyLPF+0Hqz5ITrYjnPDJS/NhD6YsYRk3sVqGyyJNYQITHfcFyUcRbPKjqZGThl
QhwAkt+1At6v38PqQmKj98amlpMeZeRSsONjcep02ClUpcgTQVAuZfsj6X1MS5zz
9uUBA0Lwunic0nxPZantLBZks8C4OmcTEmOUZCiUSmTmEsHjmDAZLowr4RsmbNz/
f+8CrILYTQ2WD1XQDZHBLPnBbC8sI5PG0tbfaRaOfBlJ2mW+k7aKXgy+s6F5XedS
tMNCD28VoBrGf4LswIpc9uF1JCAIzIgiED9QcNQjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzRmuwgrc5qR0243QZy3rKQO3y6kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkNjQyMTMzLWZlMzQtNDhmYS1iNWMzLTQ2NDBiODgyMjJmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQN+HAwDQYJKoZIhvcNAQELBQADggEBALF1KL1oUUF/WSxc+/mhmJZ+p8x+
kKopir90vO8Y0XtM6ngkWOpCKQdo1ucLxUf/7JODtgm42dJNKi97z9bv7SreD2IG
oayV+F+unQKlSSag1GanRcJojxpl897g2pUqafclrDOvMqfa0F9A8EdsEg06lJ/Z
IjBLrLIkyuTmvPQ5d5X0hi4tC65XlNlhJBGEpGJ/irrHa7hLWNK5yrePA1sZQ19p
cBhTW4sbXXst4h9CX+AxpYWEIrqmJD5dv5HQFL1UJwxIhL9P7sv/NIFmqIDWWtxr
GjygWuTzfIaAHRg3qWM49V1D/Rs0Jfv5KA6i32mmWyxVpdMwtkWG7dBRu1M=
-----END CERTIFICATE-----