Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/591d659e-61c5-42c8-876e-4dd35852d25a.roa
File:                     591d659e-61c5-42c8-876e-4dd35852d25a.roa (raw, json)
Hash identifier:          i6z60joeS5Fh6KzHy6Y9pDZJyn0xb1q73AVqE/2LOPw=
Subject key identifier:   B0:68:77:D5:1F:BB:27:E3:81:84:D6:58:FD:49:8F:42:3D:38:D3:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2726B0B04FDBF13FC771F84982E305A450BDA214
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/591d659e-61c5-42c8-876e-4dd35852d25a.roa
Signing time:             Mon 02 Jun 2025 16:00:27 +0000
ROA not before:           Mon 02 Jun 2025 16:00:27 +0000
ROA not after:            Mon 07 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.208.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:26:b0:b0:4f:db:f1:3f:c7:71:f8:49:82:e3:05:a4:50:bd:a2:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  2 16:00:27 2025 GMT
            Not After : Jul  7 23:59:59 2025 GMT
        Subject: serialNumber=1f511fc4d77659c6d52337d61236d8a3b1712cc4b21ac2d359433513bd9f4e9f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d2:6e:ce:de:26:ec:c2:6f:97:ae:50:0d:ff:
                    78:f6:ac:78:3a:5a:9b:64:6a:6a:1d:cb:51:6d:fb:
                    40:99:a9:df:25:76:95:1d:39:86:b0:d9:38:f9:42:
                    f4:96:16:50:83:e4:85:6d:d1:5a:35:c2:3b:15:41:
                    02:0a:48:61:f6:43:bd:16:e8:62:8a:e2:85:93:6d:
                    3a:33:38:1b:24:ea:cf:bb:c4:7e:18:c4:77:9d:be:
                    d8:b4:21:f4:a1:4e:3d:9e:90:45:50:e7:73:a2:83:
                    59:f4:a2:9f:cf:cd:4e:34:09:31:89:13:7b:82:b1:
                    55:1a:0a:d2:79:33:f1:17:70:00:40:1e:e5:cf:d1:
                    d7:d8:82:fe:26:bc:d7:4c:d6:a8:4f:0e:cd:a4:e1:
                    03:d2:ee:76:84:76:e3:2b:c5:57:56:da:5a:b1:bf:
                    88:35:b3:c4:26:c1:99:90:ff:b6:14:b0:21:85:b8:
                    29:8a:2c:e3:d4:56:c9:d6:3c:9b:8d:e1:72:ba:d9:
                    0a:e2:22:53:07:a1:98:6b:50:2c:a5:d5:50:4f:5a:
                    1b:1c:06:b1:37:72:48:ea:d9:34:22:76:bb:c7:af:
                    33:a8:0f:55:59:97:79:53:53:68:d9:99:36:3e:4f:
                    fd:16:bd:18:80:21:a6:b5:9a:7f:1a:ab:70:93:de:
                    a6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:68:77:D5:1F:BB:27:E3:81:84:D6:58:FD:49:8F:42:3D:38:D3:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/591d659e-61c5-42c8-876e-4dd35852d25a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.208.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         79:40:10:e6:50:5e:05:d5:9b:3d:73:36:b9:c1:f4:00:3e:7d:
         91:f3:04:4e:07:a0:41:0c:b0:b9:10:5c:b7:84:77:7d:37:6c:
         71:fb:30:50:b8:1d:85:d4:b1:6b:48:da:d4:85:c8:fd:ca:fe:
         f6:0d:f5:e6:0a:f0:25:f5:d5:8b:c9:54:48:55:75:8a:56:f8:
         9c:c4:11:77:61:f9:15:c0:4f:01:09:71:79:dd:22:28:2b:8c:
         10:a4:ef:1e:08:24:2a:cd:0f:5b:07:50:9f:78:00:58:7b:98:
         f1:01:16:0c:3a:a3:a5:84:ad:ab:6f:79:f5:9d:35:0c:1b:2c:
         0f:81:71:0d:0e:a4:27:43:d4:9d:67:fe:e5:57:58:f5:05:82:
         b4:6d:46:18:58:b5:c7:b7:83:5e:c5:75:51:d5:27:a8:dd:a9:
         d0:76:cb:2e:97:0a:79:a7:6b:5e:e0:60:94:37:cf:0e:33:cc:
         f5:14:0e:86:42:0e:3c:04:29:c6:39:f8:1c:a3:14:4b:d4:a9:
         77:a4:9e:8a:c7:f4:09:57:10:8e:91:61:92:64:5f:0f:e7:0e:
         3f:9a:65:12:87:3c:5f:e8:89:c3:cb:b9:58:30:27:11:18:af:
         5a:2e:47:d9:35:89:ad:15:fe:db:58:bd:82:ca:e4:3c:7a:fe:
         7e:da:2f:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJyawsE/b8T/HcfhJguMFpFC9ohQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAyMTYwMDI3WhcNMjUwNzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjUxMWZjNGQ3NzY1OWM2ZDUyMzM3ZDYxMjM2ZDhhM2Ix
NzEyY2M0YjIxYWMyZDM1OTQzMzUxM2JkOWY0ZTlmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+0m7O3ibswm+XrlAN/3j2rHg6Wptkamody1Ft+0CZqd8l
dpUdOYaw2Tj5QvSWFlCD5IVt0Vo1wjsVQQIKSGH2Q70W6GKK4oWTbTozOBsk6s+7
xH4YxHedvti0IfShTj2ekEVQ53Oig1n0op/PzU40CTGJE3uCsVUaCtJ5M/EXcABA
HuXP0dfYgv4mvNdM1qhPDs2k4QPS7naEduMrxVdW2lqxv4g1s8QmwZmQ/7YUsCGF
uCmKLOPUVsnWPJuN4XK62QriIlMHoZhrUCyl1VBPWhscBrE3ckjq2TQidrvHrzOo
D1VZl3lTU2jZmTY+T/0WvRiAIaa1mn8aq3CT3qZPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsGh31R+7J+OBhNZY/UmPQj04094wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5MWQ2NTllLTYxYzUtNDJjOC04NzZlLTRkZDM1ODUyZDI1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcN0IAwDQYJKoZIhvcNAQELBQADggEBAHlAEOZQXgXVmz1zNrnB9AA+fZHz
BE4HoEEMsLkQXLeEd303bHH7MFC4HYXUsWtI2tSFyP3K/vYN9eYK8CX11YvJVEhV
dYpW+JzEEXdh+RXATwEJcXndIigrjBCk7x4IJCrND1sHUJ94AFh7mPEBFgw6o6WE
ratvefWdNQwbLA+BcQ0OpCdD1J1n/uVXWPUFgrRtRhhYtce3g17FdVHVJ6jdqdB2
yy6XCnmna17gYJQ3zw4zzPUUDoZCDjwEKcY5+ByjFEvUqXeknorH9AlXEI6RYZJk
Xw/nDj+aZRKHPF/oicPLuVgwJxEYr1ouR9k1ia0V/ttYvYLK5Dx6/n7aL8I=
-----END CERTIFICATE-----