Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f7baf32-49d8-4e8f-990c-772af5b5f57e.roa
File:                     5f7baf32-49d8-4e8f-990c-772af5b5f57e.roa (raw, json)
Hash identifier:          gTV2qDWVJIwFwo2u/tYH53mPQjvNoHqDr0naQKKEITA=
Subject key identifier:   AF:AF:2C:49:80:41:F9:E0:9F:4C:42:D0:50:8E:69:90:35:0C:FC:46
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       27E1C15D7BBC322D5B3CC43ADED1390475142421
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f7baf32-49d8-4e8f-990c-772af5b5f57e.roa
Signing time:             Mon 14 Apr 2025 16:21:35 +0000
ROA not before:           Mon 14 Apr 2025 16:21:35 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.224.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:e1:c1:5d:7b:bc:32:2d:5b:3c:c4:3a:de:d1:39:04:75:14:24:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:21:35 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=f134689a750260588e8914b910719a8085f60a3a667c958650fb0b25dfe3f8c0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:dc:0d:16:fd:65:31:7c:1c:54:b0:f6:76:bf:
                    22:51:5b:b6:11:39:8b:64:ec:ad:50:78:43:56:e0:
                    ac:f9:17:61:7b:51:97:df:35:c9:c0:c1:94:4e:5e:
                    a8:ee:f3:72:18:77:5f:15:bb:0b:94:78:60:48:82:
                    b6:a1:23:78:ba:e6:fe:fb:e5:7b:7b:39:44:03:ce:
                    19:76:00:93:aa:7b:83:fd:24:de:c9:ec:dd:ce:69:
                    04:99:7f:f6:84:63:b9:92:40:5d:82:9f:1d:b1:1f:
                    be:cc:19:6c:2a:c3:05:c3:26:d5:99:8c:a2:61:08:
                    fd:39:ed:05:39:d7:77:3b:6f:78:f2:da:2a:33:9c:
                    b1:9d:d9:e6:30:6f:a1:f3:57:b8:7f:0e:9a:a5:f9:
                    5d:97:d7:41:58:c6:bb:53:e5:0a:6f:d2:bd:86:db:
                    0a:e5:1f:17:88:f0:67:dc:96:56:a9:af:22:56:80:
                    fb:5e:fc:b2:61:b6:e9:18:fb:d7:14:6e:00:2f:b3:
                    6c:23:c6:85:6f:1e:bc:d1:f5:3c:53:54:b6:6c:16:
                    00:55:fd:d6:c8:b8:24:a3:5d:d4:ea:f9:cb:fb:35:
                    c6:92:13:c6:ae:5a:6d:05:6a:f1:13:da:a4:c9:b6:
                    92:24:67:40:c2:ad:74:71:73:7f:56:d8:92:e3:6e:
                    11:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AF:2C:49:80:41:F9:E0:9F:4C:42:D0:50:8E:69:90:35:0C:FC:46
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f7baf32-49d8-4e8f-990c-772af5b5f57e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.224.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         04:0a:4c:9b:78:82:6e:a3:12:09:5b:7f:ef:d7:ea:84:7f:06:
         37:ba:4d:0e:e7:0f:8c:17:3d:66:c1:89:44:e8:e9:c7:fd:a6:
         ca:07:5b:a2:81:87:48:83:d2:d6:b3:0e:59:e8:77:ea:f4:a6:
         65:7e:78:8c:43:b4:bd:4d:2c:33:04:fa:b0:d2:70:68:c3:a5:
         53:09:04:48:c3:15:2a:46:5b:c0:f0:35:d6:0e:fe:09:05:fa:
         ba:31:fe:08:a4:04:31:ff:9d:33:9a:b7:24:14:10:8d:a3:ca:
         c2:d7:35:1e:11:8e:6c:8a:0f:16:15:3b:d7:07:2d:84:ed:ec:
         1b:af:39:f2:e6:9b:12:8a:97:68:a5:ab:53:db:3f:ea:9b:72:
         8b:50:5d:c7:9c:c2:e6:2f:56:8e:7d:40:ff:dc:29:c3:04:00:
         8f:5e:72:2e:3c:c0:37:9b:40:89:ec:8b:16:23:d8:43:2e:99:
         49:1c:a5:51:6e:23:d5:0c:00:67:74:7a:66:19:d1:67:51:b8:
         06:76:23:f3:6f:08:9e:73:f2:d1:10:7d:09:c1:5f:7b:85:85:
         dc:9d:df:13:19:d6:e3:3c:03:ab:13:c8:cb:b4:09:b5:66:f0:
         a4:2b:df:ae:2b:fe:ab:8d:aa:c4:cf:b5:da:87:3a:32:82:21:
         03:6d:83:51
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJ+HBXXu8Mi1bPMQ63tE5BHUUJCEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYyMTM1WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTM0Njg5YTc1MDI2MDU4OGU4OTE0YjkxMDcxOWE4MDg1
ZjYwYTNhNjY3Yzk1ODY1MGZiMGIyNWRmZTNmOGMwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDX3A0W/WUxfBxUsPZ2vyJRW7YROYtk7K1QeENW4Kz5F2F7
UZffNcnAwZROXqju83IYd18VuwuUeGBIgrahI3i65v775Xt7OUQDzhl2AJOqe4P9
JN7J7N3OaQSZf/aEY7mSQF2Cnx2xH77MGWwqwwXDJtWZjKJhCP057QU513c7b3jy
2ioznLGd2eYwb6HzV7h/Dpql+V2X10FYxrtT5Qpv0r2G2wrlHxeI8GfcllapryJW
gPte/LJhtukY+9cUbgAvs2wjxoVvHrzR9TxTVLZsFgBV/dbIuCSjXdTq+cv7NcaS
E8auWm0FavET2qTJtpIkZ0DCrXRxc39W2JLjbhGZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUr68sSYBB+eCfTELQUI5pkDUM/EYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVmN2JhZjMyLTQ5ZDgtNGU4Zi05OTBjLTc3MmFmNWI1ZjU3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQi4DANBgkqhkiG9w0BAQsFAAOCAQEABApMm3iCbqMSCVt/79fqhH8GN7pN
DucPjBc9ZsGJROjpx/2mygdbooGHSIPS1rMOWeh36vSmZX54jEO0vU0sMwT6sNJw
aMOlUwkESMMVKkZbwPA11g7+CQX6ujH+CKQEMf+dM5q3JBQQjaPKwtc1HhGObIoP
FhU71wcthO3sG6858uabEoqXaKWrU9s/6ptyi1Bdx5zC5i9Wjn1A/9wpwwQAj15y
LjzAN5tAieyLFiPYQy6ZSRylUW4j1QwAZ3R6ZhnRZ1G4BnYj828InnPy0RB9CcFf
e4WF3J3fExnW4zwDqxPIy7QJtWbwpCvfriv+q42qxM+12oc6MoIhA22DUQ==
-----END CERTIFICATE-----