Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/863b9fc8-bafd-4b27-aba8-54ea14f095bc.roa
File:                     863b9fc8-bafd-4b27-aba8-54ea14f095bc.roa (raw, json)
Hash identifier:          ZdQfBxqrasVFRvdMGxBRWkKc26+lbOujIcaNN0eI8+o=
Subject key identifier:   06:3C:6D:7D:9C:7C:7E:27:C2:90:7E:4B:3A:8D:13:D8:8F:F6:97:5E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       20BC55597616F75A7585440DD04E8272BC0811C6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/863b9fc8-bafd-4b27-aba8-54ea14f095bc.roa
Signing time:             Mon 14 Apr 2025 16:11:03 +0000
ROA not before:           Mon 14 Apr 2025 16:11:03 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.208.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:bc:55:59:76:16:f7:5a:75:85:44:0d:d0:4e:82:72:bc:08:11:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:11:03 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=b6935ffa2eaca98d536fec8f7da3e3ed9c5fef68f43feb243d343fa108a4d0ba, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:07:12:ce:ca:dd:2b:84:b6:a7:fc:49:d9:d0:
                    b6:4f:bd:92:6f:ab:d6:67:25:85:15:18:25:19:c6:
                    e7:ee:2d:43:ca:f6:8f:8b:64:5b:ba:bd:4e:c0:03:
                    7f:7e:55:6b:2d:f9:84:87:f9:5b:61:c2:a0:5a:40:
                    0a:8c:74:ac:59:ef:fb:c8:7d:6f:b1:40:ad:e4:8a:
                    d3:7c:01:3f:db:3b:ee:5d:75:c8:2f:b2:d9:cc:ed:
                    2d:42:1a:39:95:68:24:38:f6:31:a2:ea:cc:1a:56:
                    e9:e1:a7:05:fd:99:af:69:1f:c7:35:80:80:33:36:
                    24:64:ae:d0:1b:5b:eb:ba:a4:17:64:8f:f6:4f:73:
                    38:dc:be:09:d5:57:6d:f0:c9:4b:39:be:fd:84:a2:
                    e1:ae:9b:98:19:a4:49:bc:75:1b:44:06:f1:2b:75:
                    7f:31:ee:f7:f0:6d:96:1e:9f:2c:f9:43:3c:25:f2:
                    f3:c2:ca:1d:5f:de:a9:8d:cd:1c:7a:83:d4:94:8a:
                    2c:41:8e:70:e4:fe:4e:4c:91:2c:d6:9c:ed:28:b9:
                    29:53:4d:23:ac:5e:f6:7d:fa:50:22:b3:be:e2:e6:
                    1f:5c:eb:c3:96:bf:df:d8:df:da:8b:53:72:01:a9:
                    ce:54:56:52:95:2c:c8:48:7a:b2:fe:d4:59:bb:83:
                    73:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:3C:6D:7D:9C:7C:7E:27:C2:90:7E:4B:3A:8D:13:D8:8F:F6:97:5E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/863b9fc8-bafd-4b27-aba8-54ea14f095bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.208.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         80:12:8f:73:ba:81:97:40:ac:a7:cc:5a:53:2a:6c:5c:7f:c0:
         32:4d:8b:09:e7:ea:99:ae:78:f8:0e:70:93:cc:b1:0b:48:2b:
         e3:60:e5:f2:f5:db:06:88:7d:fb:1d:08:c3:c5:0f:54:14:ff:
         a6:9a:7d:ee:ad:bf:25:06:42:9e:e2:33:9f:2b:19:15:c9:ea:
         5d:86:82:df:11:d5:99:2f:8d:1d:cc:82:d2:fd:37:b3:f7:0a:
         46:e3:b4:bc:8c:d6:84:bf:84:e1:ff:df:2b:13:26:fe:93:31:
         37:03:f0:b8:1b:5a:43:73:1b:08:7a:94:83:4a:e2:35:c7:05:
         15:9c:ec:21:68:7e:f4:51:6e:4b:6b:34:35:b1:99:87:9b:70:
         a8:f9:59:24:7f:2a:15:d0:ce:45:ef:e0:89:28:1f:e0:76:ae:
         b4:77:4b:bd:1f:76:90:e0:ca:14:ca:d8:5d:62:ff:03:a9:8d:
         2f:81:61:c8:21:02:a3:0e:c4:f6:8d:d4:67:80:4e:d0:3d:6d:
         82:2a:b5:9e:25:8c:e3:9b:db:0f:b5:10:89:68:79:0c:21:34:
         e8:d7:5c:8c:27:4e:b6:89:f9:de:eb:ce:54:e4:1a:1f:6f:05:
         df:80:83:4f:b1:6a:e7:13:db:43:91:13:75:90:d4:9d:75:e8:
         ae:0d:80:d5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUILxVWXYW91p1hUQN0E6CcrwIEcYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYxMTAzWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjkzNWZmYTJlYWNhOThkNTM2ZmVjOGY3ZGEzZTNlZDlj
NWZlZjY4ZjQzZmViMjQzZDM0M2ZhMTA4YTRkMGJhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEBxLOyt0rhLan/EnZ0LZPvZJvq9ZnJYUVGCUZxufuLUPK
9o+LZFu6vU7AA39+VWst+YSH+VthwqBaQAqMdKxZ7/vIfW+xQK3kitN8AT/bO+5d
dcgvstnM7S1CGjmVaCQ49jGi6swaVunhpwX9ma9pH8c1gIAzNiRkrtAbW+u6pBdk
j/ZPczjcvgnVV23wyUs5vv2EouGum5gZpEm8dRtEBvErdX8x7vfwbZYenyz5Qzwl
8vPCyh1f3qmNzRx6g9SUiixBjnDk/k5MkSzWnO0ouSlTTSOsXvZ9+lAis77i5h9c
68OWv9/Y39qLU3IBqc5UVlKVLMhIerL+1Fm7g3MLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUBjxtfZx8fifCkH5LOo0T2I/2l14wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg2M2I5ZmM4LWJhZmQtNGIyNy1hYmE4LTU0ZWExNGYwOTViYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQi0DANBgkqhkiG9w0BAQsFAAOCAQEAgBKPc7qBl0Csp8xaUypsXH/AMk2L
Cefqma54+A5wk8yxC0gr42Dl8vXbBoh9+x0Iw8UPVBT/ppp97q2/JQZCnuIznysZ
FcnqXYaC3xHVmS+NHcyC0v03s/cKRuO0vIzWhL+E4f/fKxMm/pMxNwPwuBtaQ3Mb
CHqUg0riNccFFZzsIWh+9FFuS2s0NbGZh5twqPlZJH8qFdDORe/giSgf4HautHdL
vR92kODKFMrYXWL/A6mNL4FhyCECow7E9o3UZ4BO0D1tgiq1niWM45vbD7UQiWh5
DCE06NdcjCdOton53uvOVOQaH28F34CDT7Fq5xPbQ5ETdZDUnXXorg2A1Q==
-----END CERTIFICATE-----