Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf9f241-1f2b-4a2e-92c3-717ec41ecfcd.roa
File:                     caf9f241-1f2b-4a2e-92c3-717ec41ecfcd.roa (raw, json)
Hash identifier:          4YK2sZM06p8mi/DR0biPVosbyZptnE6lEhyKmUX6Amw=
Subject key identifier:   41:DC:EF:0E:3F:7E:34:EF:04:49:FB:2D:35:E7:9B:2E:EE:1F:46:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5BDE23446D6A3C6D6A9344F76A219AF2FED3B0BF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf9f241-1f2b-4a2e-92c3-717ec41ecfcd.roa
Signing time:             Wed 21 May 2025 00:31:11 +0000
ROA not before:           Wed 21 May 2025 00:31:11 +0000
ROA not after:            Wed 25 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.71.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:de:23:44:6d:6a:3c:6d:6a:93:44:f7:6a:21:9a:f2:fe:d3:b0:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 21 00:31:11 2025 GMT
            Not After : Jun 25 23:59:59 2025 GMT
        Subject: serialNumber=ed0a92948287e6b79d12be175149a2e8c0e483ed0abbc8042fcdbebe8b807468, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c7:a7:60:b1:81:9e:05:bd:ac:e1:95:ce:33:
                    9a:af:ea:d0:e5:c3:c5:bf:49:f4:a7:ff:19:98:76:
                    86:0b:4f:1f:2c:fb:8a:3d:7a:c0:a6:f3:16:30:19:
                    2e:1e:6d:f3:03:8f:f4:cd:04:3f:e1:f3:40:19:90:
                    a8:3d:f8:99:04:a8:ed:c8:e7:e1:f7:e2:d1:1a:b9:
                    4e:c4:ad:33:db:d7:4e:31:21:d7:6d:4d:66:f8:86:
                    05:fd:b7:92:9f:f2:70:60:c6:35:0f:dd:f9:e9:66:
                    9e:68:13:54:15:b6:63:b3:88:58:81:4b:68:87:fc:
                    ce:0d:1c:09:6a:d3:b7:01:f4:af:bc:fb:fb:47:b5:
                    81:19:06:39:7b:d5:96:1c:9c:31:a0:23:c0:3b:ad:
                    c5:ec:09:96:68:ce:88:a8:2c:2c:d8:6c:31:b1:d4:
                    2f:33:ff:1b:f2:7d:27:ad:13:ec:31:d0:96:50:81:
                    a7:98:4b:c0:10:29:8a:ce:17:33:0f:ef:0c:a1:ba:
                    ea:3d:67:e5:58:66:5a:0b:86:34:a1:18:bc:12:cb:
                    62:bd:22:ee:b0:97:37:34:c5:c0:c0:ec:d9:ac:e6:
                    68:3d:f2:7f:31:25:c5:b1:b1:b8:75:6f:d2:00:9c:
                    35:0e:0a:00:7a:21:d0:1d:0a:13:5f:2d:16:9d:db:
                    02:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DC:EF:0E:3F:7E:34:EF:04:49:FB:2D:35:E7:9B:2E:EE:1F:46:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf9f241-1f2b-4a2e-92c3-717ec41ecfcd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.71.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         88:19:c8:cf:c4:10:7d:6e:83:3d:34:a4:85:95:b6:99:db:59:
         14:c7:46:22:86:4d:94:82:80:ba:6d:16:e3:8a:ec:a3:9b:f4:
         1f:0c:e5:7f:2b:35:79:17:0f:db:47:c9:6a:88:8a:a2:ce:5f:
         63:20:6f:4b:3b:73:a7:bf:33:8d:18:ef:98:68:15:d8:7e:a4:
         20:e5:28:3f:25:e3:39:a0:8b:1b:0b:0e:93:a8:3e:91:61:70:
         13:a7:fc:b4:34:47:86:b4:49:7b:3e:4a:67:6b:d3:0c:5f:2f:
         3c:1c:33:ce:a4:40:03:4a:a9:78:49:ab:3a:17:bc:d1:13:12:
         d8:85:de:ec:9f:28:09:02:26:53:db:e0:7a:0a:29:bb:de:d4:
         63:4c:67:a7:ab:10:81:64:23:1b:49:e7:b5:67:b9:89:de:75:
         75:10:84:95:15:f4:98:d1:fc:02:a7:92:f4:8c:25:8b:79:4a:
         ff:d6:46:93:7a:06:26:c5:1c:f1:14:65:49:08:b1:87:22:ae:
         1c:b5:5a:c9:63:0d:f4:d1:da:0a:8a:fa:33:bd:cc:04:62:b0:
         f1:ef:4e:33:8b:8a:1f:db:2f:cc:fd:01:64:65:eb:e5:51:53:
         47:22:6e:a8:f8:9e:81:c5:24:e7:46:35:62:69:6c:03:23:55:
         6a:c0:64:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW94jRG1qPG1qk0T3aiGa8v7TsL8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIxMDAzMTExWhcNMjUwNjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDBhOTI5NDgyODdlNmI3OWQxMmJlMTc1MTQ5YTJlOGMw
ZTQ4M2VkMGFiYmM4MDQyZmNkYmViZThiODA3NDY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUx6dgsYGeBb2s4ZXOM5qv6tDlw8W/SfSn/xmYdoYLTx8s
+4o9esCm8xYwGS4ebfMDj/TNBD/h80AZkKg9+JkEqO3I5+H34tEauU7ErTPb104x
IddtTWb4hgX9t5Kf8nBgxjUP3fnpZp5oE1QVtmOziFiBS2iH/M4NHAlq07cB9K+8
+/tHtYEZBjl71ZYcnDGgI8A7rcXsCZZozoioLCzYbDGx1C8z/xvyfSetE+wx0JZQ
gaeYS8AQKYrOFzMP7wyhuuo9Z+VYZloLhjShGLwSy2K9Iu6wlzc0xcDA7Nms5mg9
8n8xJcWxsbh1b9IAnDUOCgB6IdAdChNfLRad2wIdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQdzvDj9+NO8ESfstNeebLu4fRu8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NhZjlmMjQxLTFmMmItNGEyZS05MmMzLTcxN2VjNDFlY2ZjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcjR4AwDQYJKoZIhvcNAQELBQADggEBAIgZyM/EEH1ugz00pIWVtpnbWRTH
RiKGTZSCgLptFuOK7KOb9B8M5X8rNXkXD9tHyWqIiqLOX2Mgb0s7c6e/M40Y75ho
Fdh+pCDlKD8l4zmgixsLDpOoPpFhcBOn/LQ0R4a0SXs+Smdr0wxfLzwcM86kQANK
qXhJqzoXvNETEtiF3uyfKAkCJlPb4HoKKbve1GNMZ6erEIFkIxtJ57VnuYnedXUQ
hJUV9JjR/AKnkvSMJYt5Sv/WRpN6BibFHPEUZUkIsYcirhy1WsljDfTR2gqK+jO9
zARisPHvTjOLih/bL8z9AWRl6+VRU0cibqj4noHFJOdGNWJpbAMjVWrAZOM=
-----END CERTIFICATE-----