Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa
File:                     42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa (raw, json)
Hash identifier:          PYCegMdi6rCotaNlr+zAM6FpVH0PYsDcjRiVEX1KmvM=
Subject key identifier:   AE:02:DC:51:30:EF:0C:5E:68:0D:27:6E:74:E6:D6:76:E9:24:66:5C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28FC7403FBE1F3966C427D8927A46DEA3457D1AA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa
Signing time:             Fri 06 Jun 2025 00:20:42 +0000
ROA not before:           Fri 06 Jun 2025 00:20:42 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.16.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:fc:74:03:fb:e1:f3:96:6c:42:7d:89:27:a4:6d:ea:34:57:d1:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 00:20:42 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=c0c52cb02ad11440be4769a1071e5541cb932272ed897ed2e65744d33fe7b73b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a6:c7:9a:a5:94:4f:1f:63:82:8b:4d:b3:24:
                    92:14:cc:2c:77:30:dc:de:8d:27:ab:dc:2c:26:1b:
                    48:f6:b2:54:b1:29:16:b7:99:e3:2c:ed:23:0b:c6:
                    b5:ea:59:4a:b9:1b:57:fa:dd:40:29:70:86:cc:4b:
                    9e:98:81:81:c1:a5:e3:0f:66:c0:69:d1:1b:6d:b9:
                    0a:ef:3c:66:cc:97:fe:ba:cc:a5:88:36:9d:2a:61:
                    3e:76:54:9b:ba:18:fc:80:e5:a4:ae:d6:85:38:3d:
                    15:be:53:1d:8f:7b:e9:c7:7a:eb:23:2b:11:82:aa:
                    73:9c:2f:c0:ae:d2:f7:88:7e:69:f5:09:69:b4:2b:
                    eb:86:b2:4b:e0:ff:75:c9:98:a7:87:4f:8f:1f:f4:
                    98:96:c1:2c:0a:87:93:c5:08:df:dd:73:b7:46:55:
                    a0:cc:82:2e:fb:70:9e:6f:22:cb:99:69:61:9e:95:
                    c0:b9:f7:50:e2:43:8d:19:97:b5:f4:83:5c:a8:5b:
                    66:df:ce:a4:c2:04:2d:c5:f2:7d:33:8b:96:b6:c3:
                    58:b0:1f:55:a3:ff:04:2d:a4:55:9e:d8:c9:be:d1:
                    a8:2e:8f:cc:98:79:ba:1b:dd:20:41:a9:1e:86:9d:
                    2c:d5:93:7f:63:63:61:61:69:21:c1:c1:92:7b:79:
                    b5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:02:DC:51:30:EF:0C:5E:68:0D:27:6E:74:E6:D6:76:E9:24:66:5C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:4a:37:4c:51:23:8c:52:8e:8c:61:76:8c:78:c7:3a:ea:cd:
         37:11:9e:09:88:75:c0:98:5c:b1:53:70:d3:73:41:ed:46:5e:
         c0:e0:04:57:d7:8e:94:ca:7d:8c:19:e6:20:dc:57:a6:4d:68:
         57:dd:be:34:84:fa:cf:52:32:1c:99:d8:64:eb:eb:ed:1a:cb:
         6a:ba:c5:d1:e1:8c:f3:d8:19:0b:a8:8a:e5:f5:42:73:cb:ac:
         28:c5:97:35:8d:ee:27:d7:06:26:a1:ea:46:08:f7:9a:fc:23:
         18:b7:b5:12:64:00:48:c8:d9:0b:94:4f:fc:d0:80:52:a2:49:
         ce:ac:9b:2e:e0:d1:c9:33:97:71:54:95:02:b2:96:28:55:9b:
         14:37:df:a0:b7:48:8a:23:5c:f0:1d:0b:37:21:28:7c:61:60:
         58:7f:54:83:a2:5c:e4:e0:3a:08:d4:ce:ae:4d:61:17:f9:c8:
         b7:be:ba:43:67:b8:99:c2:b7:67:91:f5:7d:64:6d:f8:6c:dc:
         fb:c8:dc:2a:04:c2:a9:c8:33:ec:99:c1:88:dc:d4:18:f0:0c:
         cd:95:69:d3:55:43:67:02:ed:29:ad:be:17:c1:be:e9:19:6f:
         ad:92:70:d0:da:5d:73:ca:32:6d:f0:55:03:b3:48:bf:72:d1:
         77:02:ff:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKPx0A/vh85ZsQn2JJ6Rt6jRX0aowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MDAyMDQyWhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMGM1MmNiMDJhZDExNDQwYmU0NzY5YTEwNzFlNTU0MWNi
OTMyMjcyZWQ4OTdlZDJlNjU3NDRkMzNmZTdiNzNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClpseapZRPH2OCi02zJJIUzCx3MNzejSer3CwmG0j2slSx
KRa3meMs7SMLxrXqWUq5G1f63UApcIbMS56YgYHBpeMPZsBp0RttuQrvPGbMl/66
zKWINp0qYT52VJu6GPyA5aSu1oU4PRW+Ux2Pe+nHeusjKxGCqnOcL8Cu0veIfmn1
CWm0K+uGskvg/3XJmKeHT48f9JiWwSwKh5PFCN/dc7dGVaDMgi77cJ5vIsuZaWGe
lcC591DiQ40Zl7X0g1yoW2bfzqTCBC3F8n0zi5a2w1iwH1Wj/wQtpFWe2Mm+0agu
j8yYebob3SBBqR6GnSzVk39jY2FhaSHBwZJ7ebW9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrgLcUTDvDF5oDSdudObWdukkZlwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyYjUyZTFjLTYxMjgtNDNkMy1hMjFiLWY0NWEwYWMxNTFhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMN+BAwDQYJKoZIhvcNAQELBQADggEBAEhKN0xRI4xSjoxhdox4xzrqzTcR
ngmIdcCYXLFTcNNzQe1GXsDgBFfXjpTKfYwZ5iDcV6ZNaFfdvjSE+s9SMhyZ2GTr
6+0ay2q6xdHhjPPYGQuoiuX1QnPLrCjFlzWN7ifXBiah6kYI95r8Ixi3tRJkAEjI
2QuUT/zQgFKiSc6smy7g0ckzl3FUlQKylihVmxQ336C3SIojXPAdCzchKHxhYFh/
VIOiXOTgOgjUzq5NYRf5yLe+ukNnuJnCt2eR9X1kbfhs3PvI3CoEwqnIM+yZwYjc
1BjwDM2VadNVQ2cC7SmtvhfBvukZb62ScNDaXXPKMm3wVQOzSL9y0XcC/9M=
-----END CERTIFICATE-----