Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fad4b756-0ede-49ec-a896-4d984bb5c8be.roa
File:                     fad4b756-0ede-49ec-a896-4d984bb5c8be.roa (raw, json)
Hash identifier:          pRJiRwaG9a7dg9sO9qlZR5aNiKGOPju8e6pJXbUNFpg=
Subject key identifier:   15:28:E5:2C:B8:3F:1B:00:0F:5F:44:24:8D:5C:43:E7:BC:ED:48:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       13025778811BF3A84D82CA9E778482BA0035318F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fad4b756-0ede-49ec-a896-4d984bb5c8be.roa
Signing time:             Mon 14 Apr 2025 15:51:17 +0000
ROA not before:           Mon 14 Apr 2025 15:51:17 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.152.0.0/13 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:02:57:78:81:1b:f3:a8:4d:82:ca:9e:77:84:82:ba:00:35:31:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 15:51:17 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=b689ea4cb3e3d0b94abc694f8bb9953c1d5185b63d264b1ac194afad7240554b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a2:f4:9d:83:a1:12:c6:0a:85:44:cd:02:4a:
                    dc:52:2b:74:f9:67:1f:aa:68:62:08:06:4e:8f:1f:
                    3f:50:9a:fc:f5:e4:37:e2:58:67:ae:32:ae:f1:c6:
                    16:c9:10:11:f9:92:d2:22:0a:66:0d:3d:71:ad:49:
                    bd:eb:41:33:0b:32:38:17:8e:42:cc:86:5a:6c:39:
                    06:3c:13:55:3d:ce:45:84:17:66:b8:b5:a7:71:a3:
                    b2:6a:d8:af:8f:20:1c:54:86:aa:7f:24:8b:e8:c4:
                    36:3c:1c:1f:58:b3:f6:5d:79:db:50:fc:d0:44:a8:
                    06:4e:c1:4b:58:f2:8b:df:13:d9:39:08:8d:79:13:
                    29:8d:e1:a2:53:90:a6:70:a3:07:8d:d9:a4:87:63:
                    cb:93:41:13:9a:84:54:e9:3f:45:e9:be:7c:a1:c1:
                    a9:ad:1a:b3:36:0e:de:9c:2d:b7:a9:d1:4c:03:e9:
                    55:3f:00:52:35:b3:54:f3:a4:6a:56:b9:3d:25:1a:
                    58:49:d0:7d:9e:a9:1e:e0:99:f3:dc:fe:ae:4c:74:
                    6b:13:06:68:95:21:43:88:fa:1e:29:e4:cb:47:0c:
                    c5:e9:b0:f0:94:69:0f:8d:f6:b4:e9:7d:9d:99:55:
                    2b:1b:4b:ba:e9:2a:e1:ce:74:71:2a:b1:f5:d8:b3:
                    af:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:28:E5:2C:B8:3F:1B:00:0F:5F:44:24:8D:5C:43:E7:BC:ED:48:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fad4b756-0ede-49ec-a896-4d984bb5c8be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.152.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         90:1c:37:1c:d2:61:5c:3a:e5:64:f5:2f:b1:68:e9:14:62:d8:
         da:0d:ad:93:cf:0e:ae:a9:98:5e:d3:37:76:10:41:f2:d3:17:
         2d:bc:8a:6c:c7:b5:36:d4:60:0c:3e:4b:e8:13:a1:be:71:b0:
         0b:db:da:70:f8:19:47:63:86:78:79:6f:44:d1:4d:9b:2b:c5:
         5c:e1:0b:2b:20:b9:05:cd:83:31:9d:41:bc:bb:37:08:76:75:
         5a:ec:ba:3f:77:6a:8b:0c:e1:3e:e2:4f:c8:c8:ef:d2:06:29:
         0f:e0:bf:7b:43:f8:23:c7:92:37:5b:33:62:dd:36:95:92:b0:
         8c:30:7e:6b:ea:37:d8:4f:b4:a8:7d:03:71:b9:f7:ff:85:f2:
         f0:87:d3:17:0b:be:01:46:73:85:e7:96:df:0a:6d:7e:c8:30:
         b0:81:dc:4f:3f:8e:07:a1:60:ed:21:f0:37:7f:01:79:48:c4:
         04:02:d2:76:40:f3:7a:65:9a:73:f5:bb:69:12:0a:48:cf:49:
         36:3e:e3:a8:b9:8d:22:37:6a:1d:98:97:bb:58:0b:21:6a:82:
         17:51:3e:b7:5e:10:fe:7b:fc:c3:a2:32:ae:75:36:6c:70:01:
         42:5d:97:89:5a:22:4e:a7:3d:03:a6:6d:22:93:03:37:04:93:
         bd:f5:0d:3d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEwJXeIEb86hNgsqed4SCugA1MY8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTU1MTE3WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjg5ZWE0Y2IzZTNkMGI5NGFiYzY5NGY4YmI5OTUzYzFk
NTE4NWI2M2QyNjRiMWFjMTk0YWZhZDcyNDA1NTRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkovSdg6ESxgqFRM0CStxSK3T5Zx+qaGIIBk6PHz9Qmvz1
5DfiWGeuMq7xxhbJEBH5ktIiCmYNPXGtSb3rQTMLMjgXjkLMhlpsOQY8E1U9zkWE
F2a4tadxo7Jq2K+PIBxUhqp/JIvoxDY8HB9Ys/ZdedtQ/NBEqAZOwUtY8ovfE9k5
CI15EymN4aJTkKZwoweN2aSHY8uTQROahFTpP0XpvnyhwamtGrM2Dt6cLbep0UwD
6VU/AFI1s1TzpGpWuT0lGlhJ0H2eqR7gmfPc/q5MdGsTBmiVIUOI+h4p5MtHDMXp
sPCUaQ+N9rTpfZ2ZVSsbS7rpKuHOdHEqsfXYs6/vAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFSjlLLg/GwAPX0QkjVxD57ztSIIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhZDRiNzU2LTBlZGUtNDllYy1hODk2LTRkOTg0YmI1YzhiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMDmDANBgkqhkiG9w0BAQsFAAOCAQEAkBw3HNJhXDrlZPUvsWjpFGLY2g2t
k88OrqmYXtM3dhBB8tMXLbyKbMe1NtRgDD5L6BOhvnGwC9vacPgZR2OGeHlvRNFN
myvFXOELKyC5Bc2DMZ1BvLs3CHZ1Wuy6P3dqiwzhPuJPyMjv0gYpD+C/e0P4I8eS
N1szYt02lZKwjDB+a+o32E+0qH0Dcbn3/4Xy8IfTFwu+AUZzheeW3wptfsgwsIHc
Tz+OB6Fg7SHwN38BeUjEBALSdkDzemWac/W7aRIKSM9JNj7jqLmNIjdqHZiXu1gL
IWqCF1E+t14Q/nv8w6IyrnU2bHABQl2XiVoiTqc9A6ZtIpMDNwSTvfUNPQ==
-----END CERTIFICATE-----