Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa
File:                     d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa (raw, json)
Hash identifier:          r0kzWEpjYzcMRBc+saX25E+tfAnNgexxAhLLZ6ei1oA=
Subject key identifier:   1F:40:03:8D:DE:10:EC:09:60:22:96:CC:1E:E7:BB:F7:A0:DD:39:70
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       06817037784147F204E9993C905A4A5706F817E8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa
Signing time:             Fri 11 Jul 2025 16:51:29 +0000
ROA not before:           Fri 11 Jul 2025 16:51:29 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.71.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:81:70:37:78:41:47:f2:04:e9:99:3c:90:5a:4a:57:06:f8:17:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 16:51:29 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=3640c5f97a137ab7972b3ff9ae4b0b3ae3bc89bc860964a918802c04d338a999, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:54:b0:46:d0:d9:41:04:41:8a:40:03:25:cf:
                    5f:05:50:d7:15:1e:e3:2a:41:e8:4d:17:87:1a:c8:
                    b8:cb:e5:27:7f:80:1a:67:d3:35:6c:fe:ea:61:a6:
                    2b:d9:3f:08:de:92:6b:64:7f:2f:88:a7:49:f6:ed:
                    d1:ec:db:13:52:79:c5:e8:75:91:98:2a:95:be:9f:
                    7e:85:93:89:56:76:3f:47:c6:62:88:af:a5:a9:44:
                    df:cf:7f:34:f6:de:dc:25:16:b7:47:6a:8c:de:5e:
                    b4:ac:fb:fb:ad:91:db:e3:b9:fd:5f:55:b7:7b:f3:
                    3c:fb:21:07:83:90:24:bd:0c:6f:59:6f:d5:ca:57:
                    a7:c1:38:86:bf:22:48:ab:42:67:c6:0f:81:17:82:
                    ad:78:b7:27:3a:e3:5a:00:db:4f:56:1c:e9:14:e8:
                    0d:1a:15:5d:2c:e4:58:8f:38:ad:c6:2e:39:ce:41:
                    7b:dd:7b:86:d2:6a:84:1a:5a:8c:e0:be:d5:79:61:
                    68:b6:97:27:53:66:06:87:3e:c0:5d:de:4a:2a:3b:
                    46:f0:2c:42:6b:39:6f:ec:5f:4f:ab:54:e1:23:98:
                    54:c2:39:7b:36:a9:46:f6:b3:76:be:28:3d:7e:7a:
                    ee:1e:b1:8c:b8:76:0b:76:cf:d8:ea:fb:45:7c:26:
                    81:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:40:03:8D:DE:10:EC:09:60:22:96:CC:1E:E7:BB:F7:A0:DD:39:70
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.71.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:eb:59:17:7f:ea:94:f4:cc:51:bf:53:c8:d3:b1:99:f2:8f:
         c8:dc:b5:d4:31:29:6a:af:fe:b8:ef:cc:05:f5:7d:d3:ba:48:
         67:27:08:c4:57:bd:6e:77:08:00:91:5b:c5:3a:f0:31:ec:b8:
         79:f8:d3:38:64:b8:ae:7a:39:c2:46:2c:27:d3:1d:84:41:35:
         4a:62:1f:c5:c5:6a:66:9c:63:79:de:20:5c:e2:ef:f9:a4:06:
         c9:b8:cc:3d:b6:2c:38:c7:f9:af:7b:a8:70:e6:5d:02:7a:6e:
         fb:5d:c8:cc:30:cc:7b:7d:f6:30:b0:60:57:04:11:ea:01:86:
         95:73:e4:5c:22:3b:f2:25:b2:7b:68:3c:18:4f:9b:f4:a5:f2:
         66:ec:6c:e8:bf:0c:a6:d4:50:b6:38:b2:0b:3c:66:57:ea:bc:
         ce:6c:60:6d:ba:0e:c2:8b:1f:2b:4e:4c:99:27:cf:bf:14:26:
         06:1e:27:77:61:2a:94:ae:d7:d4:56:46:c7:ca:58:67:de:12:
         a1:6a:d5:68:80:dc:66:86:40:f2:0d:54:2c:58:f1:e0:7e:17:
         1c:88:58:89:f0:eb:2b:f5:92:05:40:03:11:d1:67:d9:36:d5:
         a8:4d:62:1f:15:1c:04:ba:6f:b8:5e:6f:15:3a:0d:5a:2a:ab:
         b2:ad:58:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBoFwN3hBR/IE6Zk8kFpKVwb4F+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTY1MTI5WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNjQwYzVmOTdhMTM3YWI3OTcyYjNmZjlhZTRiMGIzYWUz
YmM4OWJjODYwOTY0YTkxODgwMmMwNGQzMzhhOTk5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVVLBG0NlBBEGKQAMlz18FUNcVHuMqQehNF4cayLjL5Sd/
gBpn0zVs/uphpivZPwjekmtkfy+Ip0n27dHs2xNSecXodZGYKpW+n36Fk4lWdj9H
xmKIr6WpRN/PfzT23twlFrdHaozeXrSs+/utkdvjuf1fVbd78zz7IQeDkCS9DG9Z
b9XKV6fBOIa/IkirQmfGD4EXgq14tyc641oA209WHOkU6A0aFV0s5FiPOK3GLjnO
QXvde4bSaoQaWozgvtV5YWi2lydTZgaHPsBd3koqO0bwLEJrOW/sX0+rVOEjmFTC
OXs2qUb2s3a+KD1+eu4esYy4dgt2z9jq+0V8JoHBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUH0ADjd4Q7AlgIpbMHue796DdOXAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QyZThmNmY0LTBkNWQtNDNjNC04NDkzLWNhOTNjNDNhNDI5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIjR0QwDQYJKoZIhvcNAQELBQADggEBAEPrWRd/6pT0zFG/U8jTsZnyj8jc
tdQxKWqv/rjvzAX1fdO6SGcnCMRXvW53CACRW8U68DHsuHn40zhkuK56OcJGLCfT
HYRBNUpiH8XFamacY3neIFzi7/mkBsm4zD22LDjH+a97qHDmXQJ6bvtdyMwwzHt9
9jCwYFcEEeoBhpVz5FwiO/IlsntoPBhPm/Sl8mbsbOi/DKbUULY4sgs8ZlfqvM5s
YG26DsKLHytOTJknz78UJgYeJ3dhKpSu19RWRsfKWGfeEqFq1WiA3GaGQPINVCxY
8eB+FxyIWInw6yv1kgVAAxHRZ9k21ahNYh8VHAS6b7hebxU6DVoqq7KtWB8=
-----END CERTIFICATE-----