Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa
File:                     f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa (raw, json)
Hash identifier:          GuVhzRiohW91HxuEaKgBj59vAehwE6bbVBQ2t30xpOU=
Subject key identifier:   F8:39:A8:76:5C:53:AD:3D:92:76:4F:79:D4:49:D5:79:FD:03:6E:D6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6EB88339EE3C75917FE39962D03DAB5A6BD30FEF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa
Signing time:             Fri 23 May 2025 00:31:05 +0000
ROA not before:           Fri 23 May 2025 00:31:05 +0000
ROA not after:            Fri 27 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.4.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:b8:83:39:ee:3c:75:91:7f:e3:99:62:d0:3d:ab:5a:6b:d3:0f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 23 00:31:05 2025 GMT
            Not After : Jun 27 23:59:59 2025 GMT
        Subject: serialNumber=82853a1d375c8a1c3c0201877f5d2db2f9b98a857ab061f525a7b45971725878, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1a:8c:71:f6:0b:6c:15:0a:60:b0:b4:b1:90:
                    dd:95:67:7b:e8:d5:80:c1:18:22:d8:50:33:c5:44:
                    7f:bb:f0:23:a4:59:fb:ab:78:cb:83:08:7b:62:8b:
                    e2:fd:5f:50:aa:e9:97:c1:15:61:da:61:51:4e:d7:
                    32:4d:b4:ce:42:0b:b8:62:6a:8f:8f:e4:88:e0:76:
                    ee:ad:47:0c:80:6e:f5:b2:9b:35:df:ff:8e:8b:f8:
                    a2:44:63:e3:ba:67:43:04:f0:e6:0b:d7:70:e9:8b:
                    b6:de:43:1f:39:17:de:f4:36:db:7f:a5:38:72:3c:
                    db:6e:63:35:a9:9d:22:25:74:b6:6f:68:c5:84:c1:
                    d0:ba:7a:79:02:6a:c7:6a:48:f0:ec:56:31:72:45:
                    a2:e4:4b:cb:9b:20:9a:e7:3d:43:80:55:11:09:8b:
                    87:3a:cb:df:3c:82:c1:38:f4:0d:72:40:1a:db:59:
                    66:9a:d3:f6:2d:13:83:18:4e:fd:20:69:5d:e3:02:
                    22:23:6e:ab:bb:3b:fd:6b:3a:be:e9:32:13:3c:3e:
                    8a:20:09:03:e6:ae:fb:52:04:8f:71:38:5e:c4:43:
                    ff:82:81:34:f1:2e:cb:88:1c:c9:69:2c:e7:8d:ed:
                    b3:45:2b:64:f1:66:db:4c:a4:32:20:46:64:4e:a8:
                    b4:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:39:A8:76:5C:53:AD:3D:92:76:4F:79:D4:49:D5:79:FD:03:6E:D6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.4.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7f:e2:2e:f9:d3:82:56:de:7c:0c:33:df:29:d3:ee:c0:25:
         b4:d1:26:06:fa:98:ef:7a:1f:e1:2a:39:fe:e3:ef:87:65:51:
         42:2b:64:c9:35:01:0a:51:67:da:d2:52:49:95:73:cc:1c:62:
         67:11:f6:99:7f:3e:7f:f4:bd:67:04:89:09:3e:0b:cc:79:15:
         36:57:d0:d0:61:a4:40:9d:ff:d3:53:62:f9:cc:4f:f4:ed:8b:
         24:0b:4c:c9:d1:64:27:45:5d:f8:48:60:28:50:8b:9f:e0:13:
         fe:e6:70:1f:35:29:2b:31:77:20:54:80:7c:7c:d8:0b:5e:f4:
         fe:2d:c9:31:d0:31:f1:4b:c3:18:7f:72:13:42:97:d8:e6:a3:
         70:db:20:ae:20:05:5d:68:30:5b:23:64:51:bc:68:27:97:0b:
         9a:f4:fa:90:9b:c2:58:02:f9:e4:ae:26:95:7b:28:8d:8e:bf:
         02:b0:0b:a9:6f:f9:ff:f1:32:27:fb:e5:80:ce:6c:ac:b3:74:
         6a:ba:9e:d0:44:78:d4:85:fd:35:f0:31:88:9c:16:3f:3c:66:
         9b:05:f1:06:1f:be:5b:d5:0c:bb:5e:e7:6c:c3:80:cc:4f:f8:
         26:ae:a8:ae:ca:df:21:23:da:63:2e:bb:ac:a0:a6:8d:06:17:
         6b:5f:c3:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbriDOe48dZF/45li0D2rWmvTD+8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIzMDAzMTA1WhcNMjUwNjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Mjg1M2ExZDM3NWM4YTFjM2MwMjAxODc3ZjVkMmRiMmY5
Yjk4YTg1N2FiMDYxZjUyNWE3YjQ1OTcxNzI1ODc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0Goxx9gtsFQpgsLSxkN2VZ3vo1YDBGCLYUDPFRH+78COk
WfureMuDCHtii+L9X1Cq6ZfBFWHaYVFO1zJNtM5CC7hiao+P5Ijgdu6tRwyAbvWy
mzXf/46L+KJEY+O6Z0ME8OYL13Dpi7beQx85F970Ntt/pThyPNtuYzWpnSIldLZv
aMWEwdC6enkCasdqSPDsVjFyRaLkS8ubIJrnPUOAVREJi4c6y988gsE49A1yQBrb
WWaa0/YtE4MYTv0gaV3jAiIjbqu7O/1rOr7pMhM8PoogCQPmrvtSBI9xOF7EQ/+C
gTTxLsuIHMlpLOeN7bNFK2TxZttMpDIgRmROqLRFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+DmodlxTrT2Sdk951EnVef0DbtYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyNTBjNzJhLTViZjYtNGRhMi05YWQ4LWZmODUwZDVhYTIxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADBAowDQYJKoZIhvcNAQELBQADggEBAHl/4i7504JW3nwMM98p0+7AJbTR
Jgb6mO96H+EqOf7j74dlUUIrZMk1AQpRZ9rSUkmVc8wcYmcR9pl/Pn/0vWcEiQk+
C8x5FTZX0NBhpECd/9NTYvnMT/TtiyQLTMnRZCdFXfhIYChQi5/gE/7mcB81KSsx
dyBUgHx82Ate9P4tyTHQMfFLwxh/chNCl9jmo3DbIK4gBV1oMFsjZFG8aCeXC5r0
+pCbwlgC+eSuJpV7KI2OvwKwC6lv+f/xMif75YDObKyzdGq6ntBEeNSF/TXwMYic
Fj88ZpsF8QYfvlvVDLte52zDgMxP+CauqK7K3yEj2mMuu6ygpo0GF2tfw7I=
-----END CERTIFICATE-----