Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8e3e61d4-d511-4b5c-b686-ca4337a7cd4c.roa
File:                     8e3e61d4-d511-4b5c-b686-ca4337a7cd4c.roa (raw, json)
Hash identifier:          kodT97aG/v+bUVprawDOHeKMlX904LIXsJGT7vffeAE=
Subject key identifier:   37:64:B5:89:44:7F:37:A5:A1:E8:11:0A:E5:8A:97:06:72:0F:D5:41
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7015FDF8042FD4DF3C6A81252D6D3CFC37E4DB15
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8e3e61d4-d511-4b5c-b686-ca4337a7cd4c.roa
Signing time:             Mon 14 Apr 2025 15:51:17 +0000
ROA not before:           Mon 14 Apr 2025 15:51:17 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.136.0.0/13 maxlen: 13
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:15:fd:f8:04:2f:d4:df:3c:6a:81:25:2d:6d:3c:fc:37:e4:db:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 15:51:17 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=057574cd339f17a1fafe769f28df8ce347b7f11b0e00c4c707cbdf73dc30ccc0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:96:33:4d:c3:6e:43:4f:72:a4:69:c9:da:6d:
                    57:79:8e:10:4b:c3:5d:c6:ee:73:2e:6f:2c:43:43:
                    7f:67:d7:97:70:65:78:38:80:03:bd:30:a1:f5:10:
                    84:93:d1:6e:fa:72:6d:8c:2a:18:08:6e:ee:60:16:
                    80:ed:73:3d:34:01:63:5e:69:4e:eb:3d:0e:61:2a:
                    c9:06:0c:85:d7:40:bb:fd:5f:1d:f9:80:08:be:56:
                    13:05:1b:85:51:5b:35:da:76:da:8c:7a:53:d2:35:
                    6d:32:9f:85:a9:29:fe:c4:b3:28:73:2c:78:ae:d0:
                    e1:e4:57:1c:11:d4:fa:99:20:a6:e3:2a:f5:4d:7d:
                    66:b0:9e:4c:07:ff:4a:6d:57:00:c7:39:ed:07:16:
                    57:33:f9:c0:4a:0c:71:a9:4c:50:81:f1:5a:ca:63:
                    dc:e4:b7:d4:b9:d1:1d:44:14:3d:58:f4:54:9d:b6:
                    99:f7:64:77:38:81:79:17:71:3c:53:f2:04:65:43:
                    0a:d8:f3:ca:f5:af:ea:7b:16:36:c1:21:5d:ea:49:
                    0f:46:b7:1d:9c:2b:96:f9:07:3a:1b:a2:3a:db:7a:
                    cb:0a:70:48:df:05:bd:db:a9:30:b0:b3:9f:92:00:
                    44:1a:ab:28:67:f6:7a:cd:a8:0b:74:48:b9:30:9b:
                    fd:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:64:B5:89:44:7F:37:A5:A1:E8:11:0A:E5:8A:97:06:72:0F:D5:41
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8e3e61d4-d511-4b5c-b686-ca4337a7cd4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.136.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         18:06:dd:1a:2d:1a:20:51:bb:91:c5:76:da:f2:d2:b0:44:d0:
         ff:de:84:51:94:72:d0:8a:5c:5e:f2:8a:13:e4:3b:ad:b4:30:
         9d:9f:07:58:dc:4d:23:08:a0:ae:d3:e6:98:99:45:a3:30:78:
         cb:ee:67:98:1f:80:4e:b1:3a:56:7f:3c:f4:fd:0d:ee:67:9f:
         43:08:bb:ae:48:6e:8a:8f:95:88:c9:be:11:12:90:f0:74:0c:
         8b:10:b1:ce:8c:15:b7:5c:a4:93:f2:b9:b8:69:35:83:3b:e5:
         ee:79:5b:19:51:30:a7:56:cd:ed:95:41:31:e0:56:46:5a:8a:
         76:8f:7c:c8:60:bb:84:40:05:e7:e1:3d:a5:7e:b9:3f:c0:69:
         b2:4c:41:d8:73:9c:ed:82:13:f1:ce:4e:f2:5a:99:9e:b4:3b:
         85:ef:12:d9:fc:20:28:cb:a0:03:b8:32:7d:b2:ea:96:25:97:
         9e:d8:66:13:3b:6b:28:59:59:04:29:f7:08:06:cc:8a:b9:4e:
         c8:7b:ee:f1:b7:bb:f9:a3:92:36:3c:2d:9f:07:08:13:13:f8:
         fe:b5:05:a5:7a:69:4d:da:12:4e:c6:ce:fb:4f:e4:30:62:c1:
         98:1b:2b:0a:19:52:c3:14:90:da:60:c1:d7:fd:dc:31:bc:93:
         e8:10:fc:33
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcBX9+AQv1N88aoElLW08/Dfk2xUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTU1MTE3WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTc1NzRjZDMzOWYxN2ExZmFmZTc2OWYyOGRmOGNlMzQ3
YjdmMTFiMGUwMGM0YzcwN2NiZGY3M2RjMzBjY2MwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSljNNw25DT3KkacnabVd5jhBLw13G7nMubyxDQ39n15dw
ZXg4gAO9MKH1EIST0W76cm2MKhgIbu5gFoDtcz00AWNeaU7rPQ5hKskGDIXXQLv9
Xx35gAi+VhMFG4VRWzXadtqMelPSNW0yn4WpKf7EsyhzLHiu0OHkVxwR1PqZIKbj
KvVNfWawnkwH/0ptVwDHOe0HFlcz+cBKDHGpTFCB8VrKY9zkt9S50R1EFD1Y9FSd
tpn3ZHc4gXkXcTxT8gRlQwrY88r1r+p7FjbBIV3qSQ9Gtx2cK5b5BzobojrbessK
cEjfBb3bqTCws5+SAEQaqyhn9nrNqAt0SLkwm/3HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUN2S1iUR/N6Wh6BEK5YqXBnIP1UEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhlM2U2MWQ0LWQ1MTEtNGI1Yy1iNjg2LWNhNDMzN2E3Y2Q0Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMDiDANBgkqhkiG9w0BAQsFAAOCAQEAGAbdGi0aIFG7kcV22vLSsETQ/96E
UZRy0IpcXvKKE+Q7rbQwnZ8HWNxNIwigrtPmmJlFozB4y+5nmB+ATrE6Vn889P0N
7mefQwi7rkhuio+ViMm+ERKQ8HQMixCxzowVt1ykk/K5uGk1gzvl7nlbGVEwp1bN
7ZVBMeBWRlqKdo98yGC7hEAF5+E9pX65P8BpskxB2HOc7YIT8c5O8lqZnrQ7he8S
2fwgKMugA7gyfbLqliWXnthmEztrKFlZBCn3CAbMirlOyHvu8be7+aOSNjwtnwcI
ExP4/rUFpXppTdoSTsbO+0/kMGLBmBsrChlSwxSQ2mDB1/3cMbyT6BD8Mw==
-----END CERTIFICATE-----