Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/96095cfe-3a98-4d43-95f3-5c868c886bae.roa
File:                     96095cfe-3a98-4d43-95f3-5c868c886bae.roa (raw, json)
Hash identifier:          /ZhmaV+PYaVlMzgC5W98Oj2FVshQa/4KUcrSfcvUaVY=
Subject key identifier:   2B:CC:59:85:94:D0:EE:C5:C5:C5:41:52:00:61:30:D4:7D:14:77:11
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2768EE58627F0E1A0ADC91620D335DABDC1131D6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/96095cfe-3a98-4d43-95f3-5c868c886bae.roa
Signing time:             Mon 02 Jun 2025 16:00:31 +0000
ROA not before:           Mon 02 Jun 2025 16:00:31 +0000
ROA not after:            Mon 07 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.228.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:68:ee:58:62:7f:0e:1a:0a:dc:91:62:0d:33:5d:ab:dc:11:31:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  2 16:00:31 2025 GMT
            Not After : Jul  7 23:59:59 2025 GMT
        Subject: serialNumber=1de51d854c2cf501204b5964889c810415f27a55e62332291d4895b145ac0534, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:5d:e8:5c:24:a2:d7:36:eb:84:4d:8d:74:
                    e6:54:25:38:ab:0f:45:94:97:0e:67:4e:f3:f3:ec:
                    cf:72:52:67:2c:62:5f:f8:f5:e6:d2:56:55:e5:ff:
                    cd:a4:40:2d:e8:94:24:44:67:d9:69:c0:50:22:73:
                    c5:83:f0:31:c0:32:8b:a0:1e:e0:04:c7:76:51:79:
                    41:23:ad:18:fe:5f:05:20:e2:45:17:93:ef:bd:cb:
                    8b:45:4b:a0:26:30:2f:9c:38:fa:c8:a5:69:a7:d8:
                    ed:54:1c:e1:af:cb:bb:d1:fa:5b:b1:d3:01:07:34:
                    da:47:de:25:f5:1a:cf:8c:ba:47:8c:90:06:f2:c5:
                    ec:74:03:d3:56:4b:5b:38:82:7e:82:25:27:e8:68:
                    6e:5e:d8:d7:d8:40:d6:21:5c:5a:4b:02:a4:05:ec:
                    4d:bf:36:a3:31:8b:41:78:e9:36:34:81:26:f3:c2:
                    7a:b4:3e:99:c4:2a:a3:f4:5f:6c:63:1a:f3:b3:bb:
                    e8:81:5e:56:d3:32:37:40:a9:bf:e1:c1:eb:d5:e2:
                    de:12:49:10:cd:34:6b:7a:ee:43:5c:5d:0c:ab:80:
                    e5:ce:13:85:a7:99:d2:41:6a:bb:93:ef:16:91:6b:
                    b4:c6:21:6b:ae:6a:6e:1e:cc:66:03:f9:6a:e0:7b:
                    d5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:CC:59:85:94:D0:EE:C5:C5:C5:41:52:00:61:30:D4:7D:14:77:11
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/96095cfe-3a98-4d43-95f3-5c868c886bae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.228.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         84:bf:37:b9:16:e6:03:2e:c3:eb:84:26:a6:7a:a2:bb:92:77:
         f3:01:b2:9c:6b:53:94:f3:20:6f:55:fd:57:0b:6e:1d:d5:a3:
         0d:d2:85:25:f5:17:00:43:81:5e:d2:0e:1b:92:82:2e:6e:73:
         29:3b:9f:52:d1:75:78:cd:39:c3:d1:77:ce:4c:ae:25:6f:22:
         aa:7c:a4:69:25:3d:a2:64:b7:8e:21:a7:12:b1:fa:2a:e0:e4:
         4d:12:e8:7d:0d:b5:47:37:d1:d8:c6:f0:87:42:a0:4e:22:ee:
         cf:ae:d0:db:a4:86:97:b7:3b:39:54:f1:bc:d6:f9:fa:40:5e:
         2b:14:8b:59:ad:cc:9d:25:06:3e:32:5e:0d:89:44:23:6c:b0:
         7e:6a:52:16:03:f2:b6:fd:66:5a:bf:3f:bd:a4:2c:69:2d:57:
         71:d1:87:64:16:be:fb:59:a0:f6:09:47:e9:5f:ef:f5:08:44:
         41:f7:24:3e:25:3b:81:64:4f:25:2d:d6:28:48:92:c5:46:93:
         6e:f8:09:1a:80:cb:eb:18:7e:85:1d:d9:8b:f4:f5:72:ea:19:
         e8:bf:e3:c7:7f:96:a5:9c:0c:2c:0a:44:5a:e0:35:9c:58:bd:
         0b:c2:57:9c:1e:a9:65:25:d4:da:91:20:e6:f8:78:af:a3:4e:
         f3:6a:70:1f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJ2juWGJ/DhoK3JFiDTNdq9wRMdYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAyMTYwMDMxWhcNMjUwNzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZGU1MWQ4NTRjMmNmNTAxMjA0YjU5NjQ4ODljODEwNDE1
ZjI3YTU1ZTYyMzMyMjkxZDQ4OTViMTQ1YWMwNTM0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOD13oXCSi1zbrhE2NdOZUJTirD0WUlw5nTvPz7M9yUmcs
Yl/49ebSVlXl/82kQC3olCREZ9lpwFAic8WD8DHAMougHuAEx3ZReUEjrRj+XwUg
4kUXk++9y4tFS6AmMC+cOPrIpWmn2O1UHOGvy7vR+lux0wEHNNpH3iX1Gs+MukeM
kAbyxex0A9NWS1s4gn6CJSfoaG5e2NfYQNYhXFpLAqQF7E2/NqMxi0F46TY0gSbz
wnq0PpnEKqP0X2xjGvOzu+iBXlbTMjdAqb/hwevV4t4SSRDNNGt67kNcXQyrgOXO
E4WnmdJBaruT7xaRa7TGIWuuam4ezGYD+Wrge9WrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUK8xZhZTQ7sXFxUFSAGEw1H0UdxEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk2MDk1Y2ZlLTNhOTgtNGQ0My05NWYzLTVjODY4Yzg4NmJhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEN5DANBgkqhkiG9w0BAQsFAAOCAQEAhL83uRbmAy7D64Qmpnqiu5J38wGy
nGtTlPMgb1X9VwtuHdWjDdKFJfUXAEOBXtIOG5KCLm5zKTufUtF1eM05w9F3zkyu
JW8iqnykaSU9omS3jiGnErH6KuDkTRLofQ21RzfR2Mbwh0KgTiLuz67Q26SGl7c7
OVTxvNb5+kBeKxSLWa3MnSUGPjJeDYlEI2ywfmpSFgPytv1mWr8/vaQsaS1XcdGH
ZBa++1mg9glH6V/v9QhEQfckPiU7gWRPJS3WKEiSxUaTbvgJGoDL6xh+hR3Zi/T1
cuoZ6L/jx3+WpZwMLApEWuA1nFi9C8JXnB6pZSXU2pEg5vh4r6NO82pwHw==
-----END CERTIFICATE-----