Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa
File:                     c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa (raw, json)
Hash identifier:          Hb5+sUU8Z47t38eOqf1s715tNerkHHTeoc3nrzamDvQ=
Subject key identifier:   F2:A0:F5:76:7D:8F:B5:09:44:17:41:53:FB:A8:80:23:04:C4:55:36
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       64EDCAB2FC67AC904F56C554F108092BB51F7E39
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa
Signing time:             Fri 06 Jun 2025 00:20:35 +0000
ROA not before:           Fri 06 Jun 2025 00:20:35 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:ed:ca:b2:fc:67:ac:90:4f:56:c5:54:f1:08:09:2b:b5:1f:7e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 00:20:35 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=44d4b1a7f96288f813bc316f0740c3e23e6becbea84f5de9f600d90e366671bd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:11:37:df:0b:ed:95:de:f8:87:de:25:45:fa:
                    46:22:88:08:f0:3e:70:64:7e:fe:fe:a1:ba:52:6d:
                    1a:3a:d8:66:1a:b1:cd:08:7d:4c:5b:e1:93:3d:e7:
                    ed:d7:5d:fd:40:f6:e8:7b:85:7e:9e:cb:1e:4f:6f:
                    a9:de:ff:90:6f:46:4d:c4:de:e8:4d:e0:4e:db:a8:
                    29:84:dc:e0:dd:11:28:2b:3d:b1:5e:81:8b:2b:c8:
                    59:7d:32:51:bf:4c:e3:ad:9a:fa:6c:ea:66:09:5d:
                    b2:b5:ac:10:8b:fd:6d:47:da:23:9f:5a:1d:4a:e2:
                    37:02:22:92:7a:2e:0c:9f:ff:3f:ad:5f:65:5b:82:
                    13:7b:28:d3:7c:c7:27:d4:6c:46:59:f9:d5:50:7f:
                    ce:d5:93:43:82:24:de:0b:b1:9d:9a:d8:02:7d:30:
                    d4:0e:d8:dd:04:68:5d:94:03:b2:6f:57:f0:17:1b:
                    ef:67:f3:2e:a0:a1:b6:4b:bb:ea:95:8d:55:7f:45:
                    38:2c:cd:f4:fe:8e:f2:c0:a9:95:b7:8c:c5:02:81:
                    ad:de:7d:77:c3:c8:44:3b:eb:01:d0:fd:5c:55:42:
                    85:ea:36:bb:58:56:d5:4e:fe:5f:b5:5e:82:21:f0:
                    f3:a4:66:96:e3:5f:9e:c8:1a:d8:4c:a2:ab:98:57:
                    22:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A0:F5:76:7D:8F:B5:09:44:17:41:53:FB:A8:80:23:04:C4:55:36
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:fe:06:cb:f3:b7:de:a9:8c:2c:36:c8:3c:37:1b:47:e3:df:
         21:2b:22:0c:e4:22:3d:66:56:b6:80:a4:5f:e7:76:75:b3:52:
         65:5a:8c:be:2b:b5:b7:f0:dc:14:68:b3:9f:77:58:9d:bf:ee:
         49:c2:0f:a8:7a:13:6d:be:62:da:f7:5a:0e:b4:1d:eb:6b:5c:
         6a:6b:3d:b7:31:e0:cb:39:3f:88:8c:8b:f4:ff:23:f0:59:11:
         09:f4:0c:a9:bd:a9:e1:45:49:72:ea:83:12:ea:ea:fc:71:09:
         9c:b2:ef:ec:00:67:6f:cb:d6:d5:59:cb:ec:a0:f4:58:51:b8:
         dd:1f:2e:c9:4d:9c:50:b9:95:e8:58:25:58:39:95:64:ac:89:
         c1:91:a1:73:73:ba:08:63:f7:50:b7:4b:fa:d0:a1:08:af:6e:
         52:fb:29:9b:38:58:81:3c:ae:62:79:cd:71:4c:32:e1:17:61:
         ca:68:6e:7b:59:5b:72:ed:60:40:a7:c6:55:34:fc:78:40:3a:
         a6:84:0b:5d:57:e8:ac:96:91:9e:af:1e:aa:15:a7:d7:e7:af:
         2b:c3:9d:66:e9:d1:68:d9:3c:55:11:49:d2:21:c6:17:55:6d:
         1d:cd:28:aa:62:7c:09:77:ca:11:0b:7b:1d:00:db:be:45:3d:
         27:35:9e:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZO3KsvxnrJBPVsVU8QgJK7UffjkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MDAyMDM1WhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NGQ0YjFhN2Y5NjI4OGY4MTNiYzMxNmYwNzQwYzNlMjNl
NmJlY2JlYTg0ZjVkZTlmNjAwZDkwZTM2NjY3MWJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnETffC+2V3viH3iVF+kYiiAjwPnBkfv7+obpSbRo62GYa
sc0IfUxb4ZM95+3XXf1A9uh7hX6eyx5Pb6ne/5BvRk3E3uhN4E7bqCmE3ODdESgr
PbFegYsryFl9MlG/TOOtmvps6mYJXbK1rBCL/W1H2iOfWh1K4jcCIpJ6Lgyf/z+t
X2VbghN7KNN8xyfUbEZZ+dVQf87Vk0OCJN4LsZ2a2AJ9MNQO2N0EaF2UA7JvV/AX
G+9n8y6gobZLu+qVjVV/RTgszfT+jvLAqZW3jMUCga3efXfDyEQ76wHQ/VxVQoXq
NrtYVtVO/l+1XoIh8POkZpbjX57IGthMoquYVyIbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8qD1dn2PtQlEF0FT+6iAIwTEVTYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M5ODNlNTc0LWJmZWUtNDNkNS1hOGVlLTc5YmRmZGQ4ZTE3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQN+GAwDQYJKoZIhvcNAQELBQADggEBAFD+Bsvzt96pjCw2yDw3G0fj3yEr
IgzkIj1mVraApF/ndnWzUmVajL4rtbfw3BRos593WJ2/7knCD6h6E22+Ytr3Wg60
HetrXGprPbcx4Ms5P4iMi/T/I/BZEQn0DKm9qeFFSXLqgxLq6vxxCZyy7+wAZ2/L
1tVZy+yg9FhRuN0fLslNnFC5lehYJVg5lWSsicGRoXNzughj91C3S/rQoQivblL7
KZs4WIE8rmJ5zXFMMuEXYcpobntZW3LtYECnxlU0/HhAOqaEC11X6KyWkZ6vHqoV
p9fnryvDnWbp0WjZPFURSdIhxhdVbR3NKKpifAl3yhELex0A275FPSc1noE=
-----END CERTIFICATE-----