Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dc9a7302-bfee-427f-8a43-13714b479bcb.roa
File:                     dc9a7302-bfee-427f-8a43-13714b479bcb.roa (raw, json)
Hash identifier:          6viJSNdGhXarGIGXA2sFLI8asmPzLGC2cDlyo1Rb3To=
Subject key identifier:   20:23:28:51:42:52:A9:1E:A4:99:7D:0A:70:8C:B4:29:CC:7B:EB:E3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       41EBACD290F12D91AF2C0F2E7CC7C0D4130D6220
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dc9a7302-bfee-427f-8a43-13714b479bcb.roa
Signing time:             Fri 25 Jul 2025 15:31:39 +0000
ROA not before:           Fri 25 Jul 2025 15:31:39 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        34.224.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:eb:ac:d2:90:f1:2d:91:af:2c:0f:2e:7c:c7:c0:d4:13:0d:62:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 15:31:39 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=1b6e9b8af9b7325172de8113a1accd6c57c977102cf610fa3c4ea6d9fdace127, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:10:61:24:2e:d7:1d:1b:ff:b9:36:5d:cd:7d:
                    45:63:cf:3b:39:62:62:1a:a3:3f:5c:0f:a4:84:12:
                    7d:6e:1d:88:37:01:46:a9:3d:48:7e:71:61:5d:f9:
                    22:34:ca:b5:74:69:85:46:ad:b1:18:68:93:66:eb:
                    1f:25:fa:1d:51:11:a3:aa:d2:fa:56:c4:12:75:a3:
                    5d:40:d4:6f:c3:8a:e7:4b:a6:e3:c7:fb:44:9a:cb:
                    4b:38:3c:ed:9b:f2:ce:a5:1e:f6:4f:4f:d6:da:f0:
                    82:c4:b8:ae:65:3c:98:bc:8a:45:e0:2c:a0:35:f3:
                    84:d3:c8:ec:fa:4b:07:f9:27:68:61:d5:19:1a:ed:
                    e0:ad:7c:ca:00:51:ae:80:09:db:ae:13:99:c0:6d:
                    90:1a:2c:3e:81:a1:e9:d3:31:4f:67:77:c8:96:5b:
                    93:dc:7c:d2:78:fc:af:bc:2d:fa:26:16:ac:32:fd:
                    65:c5:74:da:5a:8e:56:31:bb:ee:56:53:c3:bb:4c:
                    2c:26:df:36:2d:57:7b:b1:98:8b:ae:4e:28:21:e1:
                    e4:0b:de:e1:cb:4e:0c:a4:25:f2:02:d8:4f:15:52:
                    06:e7:57:e0:61:6b:39:9e:ac:b3:74:c8:7b:69:f2:
                    fb:e5:e4:5d:1b:82:86:60:a2:02:c0:15:07:b7:8a:
                    26:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:23:28:51:42:52:A9:1E:A4:99:7D:0A:70:8C:B4:29:CC:7B:EB:E3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dc9a7302-bfee-427f-8a43-13714b479bcb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.224.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         2f:2b:20:d9:90:af:99:f6:8c:f9:32:87:8a:d8:a2:05:bf:a3:
         cd:8e:49:a3:bc:3d:1b:bd:1f:58:e2:16:49:b5:8f:f5:5d:b9:
         29:75:66:1f:98:c2:83:0e:40:ac:bb:81:dd:6e:3d:c8:73:45:
         bc:92:e9:8f:93:b0:ff:fa:e2:d2:b9:fe:9e:c1:78:91:ad:ed:
         de:cf:06:6c:c8:a1:ec:98:28:ec:43:fc:2f:06:9e:41:67:b0:
         29:af:3c:e1:32:3a:88:37:81:8b:8c:17:ae:83:f9:73:6f:33:
         c9:27:80:d6:5f:f8:32:4f:e4:55:3a:3d:cc:af:db:fe:46:f5:
         19:3b:62:83:e3:9b:e7:12:4f:c6:c1:9d:22:8c:6c:fd:6a:e5:
         f2:72:68:d5:e9:3a:45:a5:50:ae:4f:bd:6a:ab:e4:f9:c7:91:
         ff:3c:59:3a:60:91:48:aa:28:4c:7d:bc:e1:a8:02:3c:f3:56:
         7b:d4:84:d4:e6:82:b4:07:36:06:6c:13:9b:49:b0:0c:d1:f6:
         b6:7d:df:ad:4b:b3:e8:47:9f:ec:47:7c:c0:e6:d7:03:a4:36:
         94:88:1d:ac:39:74:ff:be:90:b3:8d:d3:15:9d:1b:32:51:db:
         8a:2e:07:dd:e6:8f:38:b7:8f:51:31:7d:58:65:c7:b0:d2:8e:
         06:ad:28:a4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQeus0pDxLZGvLA8ufMfA1BMNYiAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTUzMTM5WhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjZlOWI4YWY5YjczMjUxNzJkZTgxMTNhMWFjY2Q2YzU3
Yzk3NzEwMmNmNjEwZmEzYzRlYTZkOWZkYWNlMTI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFEGEkLtcdG/+5Nl3NfUVjzzs5YmIaoz9cD6SEEn1uHYg3
AUapPUh+cWFd+SI0yrV0aYVGrbEYaJNm6x8l+h1REaOq0vpWxBJ1o11A1G/DiudL
puPH+0Say0s4PO2b8s6lHvZPT9ba8ILEuK5lPJi8ikXgLKA184TTyOz6Swf5J2hh
1Rka7eCtfMoAUa6ACduuE5nAbZAaLD6BoenTMU9nd8iWW5PcfNJ4/K+8LfomFqwy
/WXFdNpajlYxu+5WU8O7TCwm3zYtV3uxmIuuTigh4eQL3uHLTgykJfIC2E8VUgbn
V+BhazmerLN0yHtp8vvl5F0bgoZgogLAFQe3iiYNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUICMoUUJSqR6kmX0KcIy0Kcx76+MwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RjOWE3MzAyLWJmZWUtNDI3Zi04YTQzLTEzNzE0YjQ3OWJjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQi4DANBgkqhkiG9w0BAQsFAAOCAQEALysg2ZCvmfaM+TKHitiiBb+jzY5J
o7w9G70fWOIWSbWP9V25KXVmH5jCgw5ArLuB3W49yHNFvJLpj5Ow//ri0rn+nsF4
ka3t3s8GbMih7Jgo7EP8LwaeQWewKa884TI6iDeBi4wXroP5c28zySeA1l/4Mk/k
VTo9zK/b/kb1GTtig+Ob5xJPxsGdIoxs/Wrl8nJo1ek6RaVQrk+9aqvk+ceR/zxZ
OmCRSKooTH284agCPPNWe9SE1OaCtAc2BmwTm0mwDNH2tn3frUuz6Eef7Ed8wObX
A6Q2lIgdrDl0/76Qs43TFZ0bMlHbii4H3eaPOLePUTF9WGXHsNKOBq0opA==
-----END CERTIFICATE-----