Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61767b62-5737-4db3-a965-04a50099f99d.roa
File:                     61767b62-5737-4db3-a965-04a50099f99d.roa (raw, json)
Hash identifier:          d1BK75FZTI8165nF4zrinsNJrn/tfsbPkAt5qZfuzII=
Subject key identifier:   11:6F:D3:AD:00:5A:FA:14:90:C5:3A:C2:1B:ED:35:E9:69:72:D3:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       53318C9273C7587C767D61900EAE69AC0049B161
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61767b62-5737-4db3-a965-04a50099f99d.roa
Signing time:             Mon 14 Apr 2025 15:51:02 +0000
ROA not before:           Mon 14 Apr 2025 15:51:02 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.124.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:31:8c:92:73:c7:58:7c:76:7d:61:90:0e:ae:69:ac:00:49:b1:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 15:51:02 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=289991d7bf4c05f8e9ee6f5ddc30feda637dbe6550d5357aedc4ec8645a41abb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d8:d1:a6:64:20:37:f5:f8:62:96:ee:cb:78:
                    c5:ee:1c:43:a4:2b:84:d6:dc:d1:57:dc:d8:ca:1f:
                    47:6a:73:2e:d8:84:98:01:4f:6e:8e:92:73:56:90:
                    93:e9:cf:c5:7b:ae:a6:75:bb:f0:02:3c:4e:38:b3:
                    2d:ce:77:3f:2c:9b:38:d6:dd:a0:98:24:6b:5d:82:
                    2a:fe:83:ae:4b:45:4d:7b:d3:2a:08:29:20:22:9c:
                    00:4b:77:5e:f1:56:56:6c:09:da:f7:48:52:33:6b:
                    89:6e:92:e6:d1:18:10:6c:4d:a4:2a:3c:6f:85:e9:
                    74:cd:0e:e5:82:81:95:06:d2:d4:3f:ec:dc:0d:29:
                    36:6a:59:cc:1f:d6:a7:a3:2c:b8:4c:48:54:a6:1c:
                    8b:f4:ed:90:41:4a:4d:5a:8b:c0:97:e8:99:04:2d:
                    e5:4f:39:0d:da:c9:2b:75:a4:f9:b4:6c:af:bf:61:
                    03:fc:7d:c1:c0:7b:18:3e:9d:40:b9:8b:28:fc:fa:
                    f6:db:db:38:92:cd:73:c0:94:85:e3:77:19:5c:5f:
                    80:8f:3a:67:19:18:99:d9:12:0b:1e:3f:b5:77:79:
                    79:d6:d9:3e:95:9a:43:8e:b4:41:a4:1c:59:c3:ba:
                    7b:10:d0:b0:53:89:d3:55:38:8a:40:77:0f:5b:0b:
                    60:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:6F:D3:AD:00:5A:FA:14:90:C5:3A:C2:1B:ED:35:E9:69:72:D3:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61767b62-5737-4db3-a965-04a50099f99d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.124.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8f:95:c5:3a:3d:ef:8e:41:7f:eb:c2:fe:7d:f8:13:48:ca:23:
         d5:bb:a6:69:a2:82:27:67:19:9f:19:cb:08:c3:ca:a8:a7:18:
         77:77:70:0f:f5:4c:e8:0d:a7:47:83:30:af:db:b0:e0:96:f1:
         c6:bc:e5:21:de:88:bf:72:62:8c:32:94:48:ef:91:09:87:36:
         de:b9:49:ff:4b:26:a7:3a:69:a5:18:fd:33:90:92:e3:16:be:
         32:39:c9:ac:77:87:46:54:79:e4:0c:e9:34:e8:c5:53:ba:64:
         37:ba:45:b7:53:9d:0a:d1:e9:e0:b1:b0:1e:53:b7:93:2f:7e:
         d3:b6:b5:07:20:d9:dc:82:dc:47:f6:ee:e9:cc:d3:f9:f4:8c:
         0f:ba:1b:91:7d:17:69:20:59:39:df:fc:48:03:46:3f:82:fb:
         1b:7d:56:e9:2d:02:9f:48:7b:94:36:c2:9d:55:5f:03:c6:54:
         00:b7:c7:6e:34:a2:a0:b8:dc:c2:5c:f2:be:5c:3b:9b:7a:99:
         79:7a:89:33:dc:40:72:69:42:de:63:39:a8:0d:87:13:16:c3:
         41:c8:3d:d9:e2:4b:d7:77:03:4a:ec:d4:bb:39:47:40:c0:91:
         0f:38:da:ea:0e:93:70:e8:15:7f:7b:3e:90:4a:db:a8:dc:81:
         e9:d9:e5:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUzGMknPHWHx2fWGQDq5prABJsWEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTU1MTAyWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyODk5OTFkN2JmNGMwNWY4ZTllZTZmNWRkYzMwZmVkYTYz
N2RiZTY1NTBkNTM1N2FlZGM0ZWM4NjQ1YTQxYWJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS2NGmZCA39fhilu7LeMXuHEOkK4TW3NFX3NjKH0dqcy7Y
hJgBT26OknNWkJPpz8V7rqZ1u/ACPE44sy3Odz8smzjW3aCYJGtdgir+g65LRU17
0yoIKSAinABLd17xVlZsCdr3SFIza4lukubRGBBsTaQqPG+F6XTNDuWCgZUG0tQ/
7NwNKTZqWcwf1qejLLhMSFSmHIv07ZBBSk1ai8CX6JkELeVPOQ3aySt1pPm0bK+/
YQP8fcHAexg+nUC5iyj8+vbb2ziSzXPAlIXjdxlcX4CPOmcZGJnZEgseP7V3eXnW
2T6VmkOOtEGkHFnDunsQ0LBTidNVOIpAdw9bC2AfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEW/TrQBa+hSQxTrCG+016Wly024wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYxNzY3YjYyLTU3MzctNGRiMy1hOTY1LTA0YTUwMDk5Zjk5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNfMAwDQYJKoZIhvcNAQELBQADggEBAI+VxTo9745Bf+vC/n34E0jKI9W7
pmmigidnGZ8ZywjDyqinGHd3cA/1TOgNp0eDMK/bsOCW8ca85SHeiL9yYowylEjv
kQmHNt65Sf9LJqc6aaUY/TOQkuMWvjI5yax3h0ZUeeQM6TToxVO6ZDe6RbdTnQrR
6eCxsB5Tt5MvftO2tQcg2dyC3Ef27unM0/n0jA+6G5F9F2kgWTnf/EgDRj+C+xt9
VuktAp9Ie5Q2wp1VXwPGVAC3x240oqC43MJc8r5cO5t6mXl6iTPcQHJpQt5jOagN
hxMWw0HIPdniS9d3A0rs1Ls5R0DAkQ842uoOk3DoFX97PpBK26jcgenZ5Wk=
-----END CERTIFICATE-----