Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
File:                     fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa (raw, json)
Hash identifier:          Vx6f3y4malQFUpleTdynEY2xfK7ehKRmZb2jg+01hKY=
Subject key identifier:   C7:28:5A:78:05:21:D6:AB:0C:78:38:EF:B1:87:29:76:61:B1:3D:B4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       098561ADA4E99449534775ECD81905B9D8716A4E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
Signing time:             Fri 25 Apr 2025 16:50:51 +0000
ROA not before:           Fri 25 Apr 2025 16:50:51 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.80.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:85:61:ad:a4:e9:94:49:53:47:75:ec:d8:19:05:b9:d8:71:6a:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 16:50:51 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=a8dbb0b68ba5d7da4401952f05615c125dcbb1c575aeb50ed3848e994c9a7878, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:48:cd:98:54:bd:d0:f4:c4:95:65:b0:10:c0:
                    43:ac:06:63:e9:f5:e0:06:0b:2a:3f:17:90:8a:be:
                    c9:2d:c6:4f:d4:c4:51:de:d2:3d:e3:01:19:9c:1a:
                    29:e9:1c:83:1d:20:e0:cc:12:a6:11:57:6e:53:14:
                    fd:4e:8d:3a:d0:1f:d2:b9:f6:ee:95:53:f1:1b:4b:
                    e5:42:b0:19:a4:57:a6:82:55:3a:9b:73:6b:37:05:
                    90:d3:6b:95:0b:49:96:02:c3:7c:b2:6a:31:3a:61:
                    d3:ad:0b:c3:0f:9d:9f:b3:51:33:97:f7:05:e1:1c:
                    d1:11:8d:48:7f:4b:0c:34:2d:21:d1:cb:90:f5:de:
                    f5:f4:31:8f:6d:a1:66:3c:a2:46:93:bd:6e:db:30:
                    97:6a:ea:9c:b9:a5:0a:9b:47:47:1f:5d:2c:3a:d5:
                    4e:37:21:ce:cf:3c:d7:cf:10:e1:29:52:b7:a9:d7:
                    d0:a2:d2:dc:29:70:23:ca:25:0a:91:52:ac:7a:8a:
                    87:8c:b0:9a:04:82:7f:58:d0:57:81:a2:e7:4b:ae:
                    31:bd:ce:a7:04:d2:73:91:4c:52:61:89:e4:51:38:
                    af:29:0c:e0:db:ea:32:f9:85:40:93:d2:32:d1:0f:
                    d0:59:fe:da:83:a4:f0:8e:07:a5:6f:55:f7:9c:1d:
                    6a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:28:5A:78:05:21:D6:AB:0C:78:38:EF:B1:87:29:76:61:B1:3D:B4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.80.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         a9:dd:5c:0c:80:92:c1:cb:d5:34:cc:f1:b9:62:51:8a:93:7d:
         07:3f:0f:21:f6:c2:c1:0e:fa:ae:79:06:4b:43:3c:4f:2a:8a:
         e4:9c:8a:38:49:54:af:1a:5a:38:07:7e:df:48:70:ae:bf:42:
         91:97:23:70:6b:39:80:74:bb:a7:81:78:7f:60:73:e3:17:90:
         02:84:19:a7:56:8f:8d:c7:fc:db:3c:3a:88:89:26:7e:25:69:
         31:2a:48:6a:9f:01:d6:db:eb:8d:3a:a4:92:81:29:92:e1:e7:
         42:8a:ad:f2:b2:d8:f6:a1:cd:ea:2a:67:b7:6f:96:47:e2:ad:
         d3:69:22:1b:ba:61:ed:9a:ff:5f:a7:b2:29:ae:0d:78:44:bf:
         1c:e6:df:26:34:bd:9a:50:c5:2a:cc:ed:95:39:c0:73:87:aa:
         2b:39:70:25:b4:55:c0:f1:75:8f:90:fa:04:98:73:a0:be:1e:
         c1:88:49:8a:9c:88:2f:11:d3:c7:e8:c0:bc:19:1a:f9:6a:49:
         8c:c0:f2:c4:eb:c6:6f:d2:94:68:0c:0b:18:7d:23:62:f5:4b:
         44:76:e4:25:b8:da:29:81:25:c4:09:07:4f:fc:2c:e5:9c:db:
         b1:7a:c2:c4:3c:6b:17:f3:d2:6a:38:f0:da:7f:eb:16:10:bd:
         6c:0f:e9:28
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCYVhraTplElTR3Xs2BkFudhxak4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTY1MDUxWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOGRiYjBiNjhiYTVkN2RhNDQwMTk1MmYwNTYxNWMxMjVk
Y2JiMWM1NzVhZWI1MGVkMzg0OGU5OTRjOWE3ODc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+SM2YVL3Q9MSVZbAQwEOsBmPp9eAGCyo/F5CKvsktxk/U
xFHe0j3jARmcGinpHIMdIODMEqYRV25TFP1OjTrQH9K59u6VU/EbS+VCsBmkV6aC
VTqbc2s3BZDTa5ULSZYCw3yyajE6YdOtC8MPnZ+zUTOX9wXhHNERjUh/Sww0LSHR
y5D13vX0MY9toWY8okaTvW7bMJdq6py5pQqbR0cfXSw61U43Ic7PPNfPEOEpUrep
19Ci0twpcCPKJQqRUqx6ioeMsJoEgn9Y0FeBoudLrjG9zqcE0nORTFJhieRROK8p
DODb6jL5hUCT0jLRD9BZ/tqDpPCOB6VvVfecHWqHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxyhaeAUh1qsMeDjvsYcpdmGxPbQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZiMGUxYzMyLTVjNGQtNDE4NS04ZTE3LThiMGIwMDcwZTA2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjUDANBgkqhkiG9w0BAQsFAAOCAQEAqd1cDICSwcvVNMzxuWJRipN9Bz8P
IfbCwQ76rnkGS0M8TyqK5JyKOElUrxpaOAd+30hwrr9CkZcjcGs5gHS7p4F4f2Bz
4xeQAoQZp1aPjcf82zw6iIkmfiVpMSpIap8B1tvrjTqkkoEpkuHnQoqt8rLY9qHN
6ipnt2+WR+Kt02kiG7ph7Zr/X6eyKa4NeES/HObfJjS9mlDFKsztlTnAc4eqKzlw
JbRVwPF1j5D6BJhzoL4ewYhJipyILxHTx+jAvBka+WpJjMDyxOvGb9KUaAwLGH0j
YvVLRHbkJbjaKYElxAkHT/ws5ZzbsXrCxDxrF/PSajjw2n/rFhC9bA/pKA==
-----END CERTIFICATE-----