Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dfda3430-686b-4e73-b053-ee77b1ecde4a.roa
File:                     dfda3430-686b-4e73-b053-ee77b1ecde4a.roa (raw, json)
Hash identifier:          h7f8qaEDgDinFCOsb1dV7DIM2/jUzLpWFYhaxA6Y2g0=
Subject key identifier:   50:2B:1C:40:94:01:96:28:E7:86:6D:15:B4:45:8F:53:CE:84:E8:54
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3C25C3C46D2B5D49E0A18131AF463E9C55B08174
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dfda3430-686b-4e73-b053-ee77b1ecde4a.roa
Signing time:             Fri 25 Apr 2025 16:11:04 +0000
ROA not before:           Fri 25 Apr 2025 16:11:04 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        160.1.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:25:c3:c4:6d:2b:5d:49:e0:a1:81:31:af:46:3e:9c:55:b0:81:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 16:11:04 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=f6a78e78cd726709ae647891949ee90d1d8c994d5d64895a06868c87f754daf0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:65:07:6f:a0:a2:b6:b3:12:9d:5f:34:c7:37:
                    72:ca:91:50:30:10:c8:54:28:6e:e8:4a:27:e1:05:
                    1d:e6:fe:9b:fe:cb:97:2f:13:bd:9a:97:95:d4:84:
                    94:fe:5e:d6:ec:ed:42:c1:cb:65:5e:48:bc:7f:5a:
                    e6:4e:73:e9:d3:8f:58:5e:52:fe:cb:b3:f5:9f:3f:
                    aa:e7:05:70:66:5c:54:1b:1b:41:6e:26:58:8b:4f:
                    3f:45:47:e1:b8:0b:65:c3:40:dc:b3:c5:e5:72:7b:
                    c1:42:47:4c:15:db:74:cb:28:e9:79:c6:99:1d:b4:
                    2c:85:c5:11:1f:6b:27:8d:45:3e:a0:66:18:7e:05:
                    1f:fa:a5:8f:85:4a:b0:95:aa:af:38:4d:2b:b4:d2:
                    c4:8e:a5:39:85:a2:6e:a1:73:dd:75:d1:8e:01:30:
                    b5:98:ba:e3:26:fc:43:0b:fc:db:1e:a3:7a:c8:f4:
                    d4:17:b4:09:49:55:9a:b0:37:72:e6:d8:7e:b5:84:
                    92:9b:6d:53:a8:46:e7:b5:eb:dd:fe:96:e6:4a:1d:
                    14:7f:32:39:fb:63:e8:47:09:98:d0:2b:f6:a7:0a:
                    72:a6:21:d9:c4:55:c5:2b:0c:29:4d:d6:b6:07:8c:
                    be:cf:5c:85:6e:f5:7a:6c:71:1c:bc:c6:a7:b6:7a:
                    9a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:2B:1C:40:94:01:96:28:E7:86:6D:15:B4:45:8F:53:CE:84:E8:54
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dfda3430-686b-4e73-b053-ee77b1ecde4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.1.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         34:4e:99:6a:ab:10:a6:ea:40:a0:84:45:90:3e:6a:2a:ab:7a:
         75:ce:d3:5d:6c:4a:fe:cf:a3:7c:2f:3f:95:43:f7:5b:e7:8f:
         3e:9b:c7:39:69:a0:06:f1:6c:9f:4d:6a:51:5e:ee:e3:e3:c6:
         c8:1d:c5:0a:18:3d:e6:01:9f:09:f0:32:9a:ce:17:91:63:68:
         19:fa:3d:39:57:2f:ed:06:d1:a2:c7:0b:bf:3b:d7:92:24:3e:
         70:91:61:b7:13:a2:25:d8:58:4e:e2:07:1e:a2:dd:83:24:5a:
         ab:11:50:ee:43:b4:d4:7a:d3:76:0c:0d:52:c3:24:67:26:86:
         8a:31:77:77:f4:99:a9:72:ae:e1:67:a8:f1:18:82:69:4f:9d:
         7c:38:ea:ab:6c:2b:ab:11:7c:32:39:42:f1:0f:64:3e:28:e7:
         6f:ff:50:9a:71:e3:42:b7:72:a7:9a:68:a2:88:fa:5c:34:8d:
         d7:97:c9:71:14:00:67:6b:ef:38:96:f2:cd:c8:11:d6:96:0c:
         b1:84:be:45:45:80:db:ba:bc:e2:b1:06:0e:3e:9a:15:9e:47:
         03:99:f2:ca:ed:14:75:4a:63:20:68:6f:76:d7:de:ad:12:d4:
         5f:6d:26:2f:f6:bf:e1:87:bd:27:10:6d:8f:64:8d:f6:f1:07:
         9c:2d:98:a0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPCXDxG0rXUngoYExr0Y+nFWwgXQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTYxMTA0WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNmE3OGU3OGNkNzI2NzA5YWU2NDc4OTE5NDllZTkwZDFk
OGM5OTRkNWQ2NDg5NWEwNjg2OGM4N2Y3NTRkYWYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHZQdvoKK2sxKdXzTHN3LKkVAwEMhUKG7oSifhBR3m/pv+
y5cvE72al5XUhJT+Xtbs7ULBy2VeSLx/WuZOc+nTj1heUv7Ls/WfP6rnBXBmXFQb
G0FuJliLTz9FR+G4C2XDQNyzxeVye8FCR0wV23TLKOl5xpkdtCyFxREfayeNRT6g
Zhh+BR/6pY+FSrCVqq84TSu00sSOpTmFom6hc9110Y4BMLWYuuMm/EML/Nseo3rI
9NQXtAlJVZqwN3Lm2H61hJKbbVOoRue1693+luZKHRR/Mjn7Y+hHCZjQK/anCnKm
IdnEVcUrDClN1rYHjL7PXIVu9XpscRy8xqe2epqTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUCscQJQBlijnhm0VtEWPU86E6FQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RmZGEzNDMwLTY4NmItNGU3My1iMDUzLWVlNzdiMWVjZGU0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCgATANBgkqhkiG9w0BAQsFAAOCAQEANE6ZaqsQpupAoIRFkD5qKqt6dc7T
XWxK/s+jfC8/lUP3W+ePPpvHOWmgBvFsn01qUV7u4+PGyB3FChg95gGfCfAyms4X
kWNoGfo9OVcv7QbRoscLvzvXkiQ+cJFhtxOiJdhYTuIHHqLdgyRaqxFQ7kO01HrT
dgwNUsMkZyaGijF3d/SZqXKu4Weo8RiCaU+dfDjqq2wrqxF8MjlC8Q9kPijnb/9Q
mnHjQrdyp5poooj6XDSN15fJcRQAZ2vvOJbyzcgR1pYMsYS+RUWA27q84rEGDj6a
FZ5HA5nyyu0UdUpjIGhvdtferRLUX20mL/a/4Ye9JxBtj2SN9vEHnC2YoA==
-----END CERTIFICATE-----