Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d6a34e1-99e6-4194-a306-a7899e802602.roa
File:                     8d6a34e1-99e6-4194-a306-a7899e802602.roa (raw, json)
Hash identifier:          ZnB7B7tOkowB67dUXJj5IdPSKndR5XsNQ69u7MiVBn4=
Subject key identifier:   11:77:07:1B:18:99:7D:9C:8D:C8:E3:53:D0:27:2D:B5:9D:76:05:69
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02B5BECC0E81FDD1AD16FD0CB584427308B92BD1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d6a34e1-99e6-4194-a306-a7899e802602.roa
Signing time:             Wed 16 Apr 2025 00:10:41 +0000
ROA not before:           Wed 16 Apr 2025 00:10:41 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.0.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:b5:be:cc:0e:81:fd:d1:ad:16:fd:0c:b5:84:42:73:08:b9:2b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 16 00:10:41 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=5b5b8593f97e5d11f9237b5b2b0044b4fb3c9a2d33b3eedae87758f7f72f75a1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:81:d1:5c:20:e3:32:74:e8:ea:28:ef:7e:73:
                    58:aa:e3:56:2b:11:b1:17:f6:dd:cc:52:4d:47:3d:
                    50:13:af:b2:fc:8b:ec:3e:db:db:51:7e:f7:33:5b:
                    37:3c:6c:ac:28:ba:06:f7:46:e2:ac:ee:f1:be:4f:
                    21:2e:b2:59:a4:a4:a8:9b:b4:c1:5a:0d:3b:fa:7e:
                    de:8a:39:0b:3d:c5:79:da:fe:61:91:a2:1d:55:06:
                    06:9b:96:44:8c:ff:8b:41:62:52:b8:ab:a0:cf:7d:
                    a0:16:33:a5:15:ca:04:f4:80:9f:68:3c:00:26:17:
                    eb:e9:9f:3e:da:32:a7:ce:40:d4:0d:eb:78:61:d3:
                    30:59:65:b1:11:9c:2c:cd:ea:fe:34:3b:fe:dc:d0:
                    5c:70:a1:b0:06:13:4f:31:03:d0:f2:98:4d:f2:8c:
                    1d:08:ff:ef:c8:0d:1a:75:a2:22:21:a5:cf:a5:1b:
                    55:33:4b:a7:6e:55:51:36:02:96:85:b5:d6:21:52:
                    9a:35:80:bf:e1:65:b5:19:1f:79:81:84:ae:dd:d1:
                    f9:e0:97:4a:ef:9b:13:d0:5b:c4:bd:b1:e5:8d:cd:
                    f8:d6:24:ef:fd:16:d3:bb:28:7e:b6:c8:5a:9d:7d:
                    b1:9c:18:fe:67:94:83:cc:36:ca:65:1d:11:ac:a9:
                    42:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:77:07:1B:18:99:7D:9C:8D:C8:E3:53:D0:27:2D:B5:9D:76:05:69
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d6a34e1-99e6-4194-a306-a7899e802602.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:92:21:76:ed:b5:75:ed:48:43:3d:1a:c7:a8:45:f3:dc:4d:
         b5:ce:f1:a7:59:5e:ef:3b:7d:d3:40:b1:cf:f1:61:70:67:a5:
         f0:49:69:7d:01:71:14:8c:93:1e:f4:7d:89:a9:66:84:54:2c:
         c3:b8:10:95:d5:03:9a:5d:26:4c:3b:b5:7b:91:95:8f:36:13:
         7a:41:de:67:ab:2e:1d:50:db:05:48:4c:12:13:74:41:33:15:
         2a:27:fc:3f:e5:4f:5a:b5:99:f7:b1:36:78:e3:84:8d:c3:78:
         44:1b:a8:72:d0:ec:85:f2:0e:c1:df:57:1e:c1:2c:97:aa:e0:
         4b:22:35:25:dc:d9:e4:56:a1:67:64:9f:1e:86:1a:b9:08:e7:
         ce:f9:e7:12:de:dc:a3:13:49:82:a9:6a:ac:4b:d2:ad:a8:75:
         ac:46:bc:fc:49:c1:7f:fc:40:c9:cb:b2:7c:c0:68:9c:77:35:
         41:ec:8e:4d:37:80:05:4e:66:24:14:3c:e5:54:d6:70:99:f2:
         50:6d:8d:94:82:fa:fb:18:57:80:a7:d1:05:5b:f6:9d:8f:bb:
         43:22:01:6a:b1:3e:13:1c:3a:e5:f0:2b:21:b2:75:82:14:dc:
         cb:84:6e:c9:2a:a0:93:5d:9d:40:08:0c:5d:ea:f1:31:9c:5a:
         f4:02:df:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUArW+zA6B/dGtFv0MtYRCcwi5K9EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE2MDAxMDQxWhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjViODU5M2Y5N2U1ZDExZjkyMzdiNWIyYjAwNDRiNGZi
M2M5YTJkMzNiM2VlZGFlODc3NThmN2Y3MmY3NWExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCogdFcIOMydOjqKO9+c1iq41YrEbEX9t3MUk1HPVATr7L8
i+w+29tRfvczWzc8bKwougb3RuKs7vG+TyEuslmkpKibtMFaDTv6ft6KOQs9xXna
/mGRoh1VBgablkSM/4tBYlK4q6DPfaAWM6UVygT0gJ9oPAAmF+vpnz7aMqfOQNQN
63hh0zBZZbERnCzN6v40O/7c0FxwobAGE08xA9DymE3yjB0I/+/IDRp1oiIhpc+l
G1UzS6duVVE2ApaFtdYhUpo1gL/hZbUZH3mBhK7d0fngl0rvmxPQW8S9seWNzfjW
JO/9FtO7KH62yFqdfbGcGP5nlIPMNsplHRGsqUIDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEXcHGxiZfZyNyONT0CcttZ12BWkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkNmEzNGUxLTk5ZTYtNDE5NC1hMzA2LWE3ODk5ZTgwMjYwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQN+AAwDQYJKoZIhvcNAQELBQADggEBAIqSIXbttXXtSEM9GseoRfPcTbXO
8adZXu87fdNAsc/xYXBnpfBJaX0BcRSMkx70fYmpZoRULMO4EJXVA5pdJkw7tXuR
lY82E3pB3merLh1Q2wVITBITdEEzFSon/D/lT1q1mfexNnjjhI3DeEQbqHLQ7IXy
DsHfVx7BLJeq4EsiNSXc2eRWoWdknx6GGrkI58755xLe3KMTSYKpaqxL0q2odaxG
vPxJwX/8QMnLsnzAaJx3NUHsjk03gAVOZiQUPOVU1nCZ8lBtjZSC+vsYV4Cn0QVb
9p2Pu0MiAWqxPhMcOuXwKyGydYIU3MuEbskqoJNdnUAIDF3q8TGcWvQC36I=
-----END CERTIFICATE-----