Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa
File:                     2f04501a-e42e-4e8d-92db-f2de0979982c.roa (raw, json)
Hash identifier:          wsKEMAa9l3r+ahlYnt3lNCFE3Oiq2Uv25pSfzSju2X0=
Subject key identifier:   62:F8:1B:D2:D7:70:21:35:A8:65:E2:C6:43:AD:6A:35:BE:41:FE:19
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       661BF45D2D8335E3B5596021646CA4C326A219CE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa
Signing time:             Mon 14 Apr 2025 15:50:10 +0000
ROA not before:           Mon 14 Apr 2025 15:50:10 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.208.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:1b:f4:5d:2d:83:35:e3:b5:59:60:21:64:6c:a4:c3:26:a2:19:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 15:50:10 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=79327af954a0a21f9eebbb5cbeb109c67c0bfcc61398988cca5c7d88429227cd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d8:93:80:66:34:5e:65:9b:82:0b:c2:c8:0e:
                    51:a6:e6:ef:1b:fc:d3:ec:32:2c:c8:53:2a:8a:a0:
                    99:df:57:32:e2:24:67:02:8c:b7:39:a4:81:28:b3:
                    c0:c3:1d:5d:4e:74:84:41:38:bb:2d:e0:a8:ae:a4:
                    93:37:90:9d:80:5a:49:62:ac:9b:71:17:75:f9:fa:
                    01:f2:8f:77:ee:05:8e:84:73:a1:19:a2:29:22:1c:
                    42:a0:05:2b:40:b1:5c:80:f0:d8:12:db:eb:33:c2:
                    d3:e2:aa:a6:23:d7:7d:0e:d2:0c:34:63:da:b3:75:
                    a1:cd:53:fe:8b:7d:d6:b4:b9:88:d0:7f:b4:28:c4:
                    56:e8:8d:17:cf:11:97:25:13:ff:ee:13:99:45:fe:
                    f3:e4:74:16:6b:ef:16:dd:f3:a2:20:0a:ad:19:0e:
                    c0:94:e3:1b:59:ea:a3:41:f9:65:26:8a:aa:fc:b8:
                    eb:be:31:ac:b9:77:e6:08:6e:62:99:39:70:da:89:
                    57:71:c5:c4:1f:19:9f:82:e6:f8:45:82:d5:0f:7c:
                    84:eb:6f:dd:4d:76:43:7d:fe:d4:fc:8f:ba:05:04:
                    7b:77:6a:54:e6:18:56:a8:33:e8:b7:04:32:d0:e5:
                    cb:74:db:f4:c3:32:c4:11:47:aa:ed:1f:3a:78:6a:
                    d0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F8:1B:D2:D7:70:21:35:A8:65:E2:C6:43:AD:6A:35:BE:41:FE:19
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.208.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         46:ef:d9:e5:a8:17:a7:41:df:0d:b7:a5:82:7e:d7:ed:7c:cd:
         61:f0:b2:ae:c3:10:be:ee:63:21:74:17:c8:a3:47:5c:5f:7c:
         e7:ba:b9:2f:eb:ca:5d:c0:cf:f4:73:9f:b8:b8:9b:53:41:07:
         28:5d:76:2e:46:0a:8c:57:4b:2a:b2:c5:d9:3c:e6:df:aa:0a:
         4d:49:62:b8:47:0b:ea:f4:d2:cf:a7:f4:50:cf:81:7f:b0:00:
         ac:8a:06:62:d9:de:77:f3:3c:2f:97:c8:76:f9:b3:04:6a:a1:
         15:0b:5c:0e:d6:97:1c:64:e9:16:1d:24:76:b9:c9:fc:a9:3e:
         1d:88:86:54:e0:97:57:40:26:f9:fe:1b:55:c0:00:4d:92:e8:
         3d:2e:07:cc:67:dd:10:d6:1a:25:0a:5b:d0:fe:f3:7f:e8:10:
         f5:cc:e6:dd:20:5c:e9:d1:23:2b:80:e2:6b:de:ab:41:27:4a:
         2b:e6:5b:58:fe:2e:07:d1:7f:93:58:e8:0b:61:cd:1b:16:c4:
         1e:29:ea:35:24:2a:23:b2:a6:e7:8b:f2:64:5d:9a:37:ae:a0:
         b5:b9:40:ec:a3:56:a4:a3:06:79:0f:b8:ee:1c:5f:71:6f:bf:
         10:0a:97:8c:52:2f:8b:f5:ef:0b:69:35:d2:07:e3:7a:a8:80:
         c5:57:ae:f3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZhv0XS2DNeO1WWAhZGykwyaiGc4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTU1MDEwWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OTMyN2FmOTU0YTBhMjFmOWVlYmJiNWNiZWIxMDljNjdj
MGJmY2M2MTM5ODk4OGNjYTVjN2Q4ODQyOTIyN2NkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB2JOAZjReZZuCC8LIDlGm5u8b/NPsMizIUyqKoJnfVzLi
JGcCjLc5pIEos8DDHV1OdIRBOLst4KiupJM3kJ2AWklirJtxF3X5+gHyj3fuBY6E
c6EZoikiHEKgBStAsVyA8NgS2+szwtPiqqYj130O0gw0Y9qzdaHNU/6Lfda0uYjQ
f7QoxFbojRfPEZclE//uE5lF/vPkdBZr7xbd86IgCq0ZDsCU4xtZ6qNB+WUmiqr8
uOu+May5d+YIbmKZOXDaiVdxxcQfGZ+C5vhFgtUPfITrb91NdkN9/tT8j7oFBHt3
alTmGFaoM+i3BDLQ5ct02/TDMsQRR6rtHzp4atDzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYvgb0tdwITWoZeLGQ61qNb5B/hkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJmMDQ1MDFhLWU0MmUtNGU4ZC05MmRiLWYyZGUwOTc5OTgyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQD0DANBgkqhkiG9w0BAQsFAAOCAQEARu/Z5agXp0HfDbelgn7X7XzNYfCy
rsMQvu5jIXQXyKNHXF9857q5L+vKXcDP9HOfuLibU0EHKF12LkYKjFdLKrLF2Tzm
36oKTUliuEcL6vTSz6f0UM+Bf7AArIoGYtned/M8L5fIdvmzBGqhFQtcDtaXHGTp
Fh0kdrnJ/Kk+HYiGVOCXV0Am+f4bVcAATZLoPS4HzGfdENYaJQpb0P7zf+gQ9czm
3SBc6dEjK4Dia96rQSdKK+ZbWP4uB9F/k1joC2HNGxbEHinqNSQqI7Km54vyZF2a
N66gtblA7KNWpKMGeQ+47hxfcW+/EAqXjFIvi/XvC2k10gfjeqiAxVeu8w==
-----END CERTIFICATE-----