Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/667cce7c-f6ee-42a8-93fc-00c115087f86.roa
File:                     667cce7c-f6ee-42a8-93fc-00c115087f86.roa (raw, json)
Hash identifier:          UxABSrM8tpJzFCYFACgQLkzGUm5GgHCRasfRNwFGfb0=
Subject key identifier:   0C:EB:15:53:46:B6:5D:14:E4:C6:61:AB:60:AF:B3:EF:28:6D:F1:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       73E723B9A3BBAEAD9A6F8A1949A5B28F5957C1BB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/667cce7c-f6ee-42a8-93fc-00c115087f86.roa
Signing time:             Tue 03 Jun 2025 15:11:49 +0000
ROA not before:           Tue 03 Jun 2025 15:11:49 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.255.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:e7:23:b9:a3:bb:ae:ad:9a:6f:8a:19:49:a5:b2:8f:59:57:c1:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 15:11:49 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=4d56779b4a6f2341cb21cdfe81bddfa3adda5df0ad425ee29f219a0a4e10c244, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6f:f0:b8:17:6d:42:6e:89:1f:6e:ba:b4:03:
                    ba:87:dd:aa:b3:c6:02:e8:3a:6f:61:f5:d3:2c:b1:
                    2b:c2:2f:f6:49:f4:cd:8d:63:45:ea:ea:f4:6d:98:
                    3b:4e:91:9b:f9:46:9a:32:69:73:67:43:26:5d:33:
                    d2:b9:c6:c8:df:33:0e:2e:e5:83:0a:11:18:2a:a8:
                    ec:ed:eb:5b:c0:5e:a2:dc:d6:33:cf:bd:3a:f7:da:
                    b7:9c:c4:ee:e5:fe:de:33:83:5c:83:dd:f1:2d:8d:
                    41:53:f6:f9:32:9e:7d:4c:0d:7b:ee:e1:44:1d:26:
                    e6:04:10:74:93:5d:7b:f8:30:9b:9b:e4:a8:65:e1:
                    c7:e9:f0:d3:4a:b1:b3:6c:32:b6:ce:7d:14:2c:a0:
                    df:89:4f:42:8c:bc:1c:9a:a8:c5:e1:e1:0e:d7:2c:
                    77:84:48:8a:8f:ca:c9:9c:f6:fe:4f:4b:f1:c4:68:
                    07:ac:c4:11:b4:61:a8:d5:92:d9:04:4d:ff:2e:55:
                    77:a3:af:21:7b:d1:a7:45:51:ea:72:8a:91:c9:25:
                    23:a8:64:44:df:ac:15:69:70:b8:44:04:a0:8a:3f:
                    d4:b9:3e:72:23:d9:31:f1:ad:4c:c5:2f:0b:fe:ef:
                    23:30:98:73:49:00:1c:85:07:cf:95:7c:6e:08:f2:
                    86:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:EB:15:53:46:B6:5D:14:E4:C6:61:AB:60:AF:B3:EF:28:6D:F1:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/667cce7c-f6ee-42a8-93fc-00c115087f86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.255.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         70:f8:09:99:b8:22:81:88:80:b4:b5:c2:97:d1:c7:ad:8e:57:
         5d:d7:0d:16:9a:3b:4b:65:c9:89:4e:35:7c:17:d8:df:49:dd:
         53:b5:38:21:df:d0:f2:3f:44:bb:8a:ec:c1:1b:1e:30:c1:82:
         0e:32:5e:1f:66:86:e1:a9:ad:b3:e7:25:d6:8d:9b:9b:8b:5c:
         16:f3:29:75:51:4d:5e:f5:75:d2:6b:4d:af:ee:12:53:bc:df:
         e9:ec:8e:d2:e7:ee:e4:62:db:c2:8d:5b:af:0a:d1:60:04:68:
         04:e6:e4:81:99:0c:8d:eb:de:d9:ca:23:a5:4b:e1:e9:bb:25:
         c7:2d:1d:1b:d5:ec:49:29:c3:a7:0b:cc:17:21:9d:34:c2:44:
         65:c1:eb:45:e3:19:e7:82:34:51:13:36:a1:3f:1b:73:42:d8:
         d6:84:e8:1b:7f:c5:99:b3:0a:ec:9f:0a:9f:de:ee:2a:6f:71:
         15:35:aa:ee:71:e0:57:1b:c0:21:f7:89:80:43:5c:9b:db:6c:
         11:08:5a:e6:ca:35:58:0d:9c:47:96:21:0a:1a:f9:2a:2c:d9:
         3c:4a:6a:f5:21:54:3f:4e:bf:e6:de:e7:01:50:3e:d7:c0:a1:
         71:64:d3:b1:5e:4c:f2:dc:01:45:13:b9:b0:33:ff:99:ca:71:
         e2:27:aa:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc+cjuaO7rq2ab4oZSaWyj1lXwbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTUxMTQ5WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDU2Nzc5YjRhNmYyMzQxY2IyMWNkZmU4MWJkZGZhM2Fk
ZGE1ZGYwYWQ0MjVlZTI5ZjIxOWEwYTRlMTBjMjQ0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7b/C4F21Cbokfbrq0A7qH3aqzxgLoOm9h9dMssSvCL/ZJ
9M2NY0Xq6vRtmDtOkZv5RpoyaXNnQyZdM9K5xsjfMw4u5YMKERgqqOzt61vAXqLc
1jPPvTr32recxO7l/t4zg1yD3fEtjUFT9vkynn1MDXvu4UQdJuYEEHSTXXv4MJub
5Khl4cfp8NNKsbNsMrbOfRQsoN+JT0KMvByaqMXh4Q7XLHeESIqPysmc9v5PS/HE
aAesxBG0YajVktkETf8uVXejryF70adFUepyipHJJSOoZETfrBVpcLhEBKCKP9S5
PnIj2THxrUzFLwv+7yMwmHNJAByFB8+VfG4I8oZfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDOsVU0a2XRTkxmGrYK+z7yht8YIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY2N2NjZTdjLWY2ZWUtNDJhOC05M2ZjLTAwYzExNTA4N2Y4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi/wAwDQYJKoZIhvcNAQELBQADggEBAHD4CZm4IoGIgLS1wpfRx62OV13X
DRaaO0tlyYlONXwX2N9J3VO1OCHf0PI/RLuK7MEbHjDBgg4yXh9mhuGprbPnJdaN
m5uLXBbzKXVRTV71ddJrTa/uElO83+nsjtLn7uRi28KNW68K0WAEaATm5IGZDI3r
3tnKI6VL4em7JcctHRvV7Ekpw6cLzBchnTTCRGXB60XjGeeCNFETNqE/G3NC2NaE
6Bt/xZmzCuyfCp/e7ipvcRU1qu5x4FcbwCH3iYBDXJvbbBEIWubKNVgNnEeWIQoa
+Sos2TxKavUhVD9Ov+be5wFQPtfAoXFk07FeTPLcAUUTubAz/5nKceInqqs=
-----END CERTIFICATE-----