Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
File:                     fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa (raw, json)
Hash identifier:          lops/BBzaq2kv21qVY4aKyjd481f0naaKOyztGD8twE=
Subject key identifier:   4F:F9:14:DD:05:29:02:71:E6:B1:67:C6:F0:9E:A0:16:FB:D6:AE:32
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0B99117409A817EB99DCAFC27B736C6DCDEA6908
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
Signing time:             Fri 11 Jul 2025 16:51:34 +0000
ROA not before:           Fri 11 Jul 2025 16:51:34 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.80.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:99:11:74:09:a8:17:eb:99:dc:af:c2:7b:73:6c:6d:cd:ea:69:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 16:51:34 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=6d32adc8653e1fa04a042f4e8413b066894c43d52f2668a711f3f3e24e4d99c4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:90:3c:83:36:26:6c:ee:ca:7c:41:eb:7c:8c:
                    5a:57:c7:76:3e:01:27:69:eb:21:ea:f3:a4:a7:b3:
                    27:b2:2d:43:5f:7b:4b:b1:6b:38:43:47:98:d8:a3:
                    ed:2a:26:59:bb:94:b0:95:97:c5:a3:7f:5d:07:29:
                    d1:de:f9:06:80:27:ef:e6:9b:4d:d3:ca:d6:f0:9c:
                    eb:47:da:d8:96:71:98:8f:78:65:12:96:12:80:c0:
                    60:9a:ea:1d:45:f0:04:be:a2:e7:c7:e7:8f:d8:81:
                    89:7e:77:f5:41:36:f4:bd:3e:0a:9b:d7:02:a8:f6:
                    48:e7:65:f6:a1:7e:75:b6:94:42:04:7b:5f:5e:e9:
                    dd:af:0e:62:c0:15:ae:c2:5a:26:2d:9c:f7:08:37:
                    39:72:c2:59:a5:69:f3:5c:a8:ea:4d:53:f7:df:cd:
                    a6:0e:ac:e9:f7:fb:25:fb:ee:09:f3:ed:4b:26:6e:
                    b8:2e:f7:ca:bb:8c:d1:d4:f8:5a:48:75:27:57:ac:
                    d0:ef:69:62:85:8e:20:5d:66:43:d6:89:d0:53:69:
                    4f:97:31:cd:c3:7d:7f:da:41:0d:f3:36:25:3a:14:
                    4e:2a:91:a7:08:90:2c:9a:14:03:e7:fb:06:a7:1a:
                    80:b4:b8:23:9e:5a:2a:31:bc:75:e5:f2:d3:33:1d:
                    fc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F9:14:DD:05:29:02:71:E6:B1:67:C6:F0:9E:A0:16:FB:D6:AE:32
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.80.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         28:9b:20:fd:14:44:18:50:c9:ec:a8:c9:13:a7:53:55:82:99:
         ab:2a:38:fd:3e:ac:86:00:72:7d:55:81:d7:52:f0:cf:3d:03:
         a4:35:a5:8b:2d:b2:3c:91:a1:ea:f9:e4:c8:21:9b:e2:5f:38:
         a2:0b:c3:16:88:93:b6:00:f0:3e:5b:ab:3c:69:f3:f2:98:43:
         8b:6b:7a:bc:a6:ff:bc:45:34:eb:71:43:27:27:d6:12:8d:b3:
         28:73:54:30:7b:bf:52:1b:04:8e:dd:bd:79:ec:32:22:52:ed:
         09:36:54:0c:4b:61:2d:5a:14:8d:dc:6c:86:bc:d4:e0:21:0b:
         cd:33:c7:5c:94:41:fb:57:83:64:10:ea:6b:35:c7:01:b6:ff:
         c2:91:2a:5b:45:bf:7b:3d:0f:94:7d:59:1e:52:1c:1c:a1:24:
         ad:fa:5e:a8:d5:36:cd:a3:5a:99:dc:38:a1:14:a0:8e:e8:ac:
         26:0f:ba:ad:59:49:11:df:d2:e2:b4:c3:1b:e0:af:a0:4c:e6:
         50:62:ee:4e:d9:b0:aa:ed:00:3b:09:63:20:27:8e:05:25:1e:
         ab:1c:dc:06:4d:fd:7f:38:cd:b1:cb:b4:7d:32:91:c5:4e:f0:
         16:a8:2b:76:8a:a1:fb:2c:e8:88:a0:f6:bf:0a:d4:86:4e:f9:
         b5:68:94:19
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUC5kRdAmoF+uZ3K/Ce3Nsbc3qaQgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTY1MTM0WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDMyYWRjODY1M2UxZmEwNGEwNDJmNGU4NDEzYjA2Njg5
NGM0M2Q1MmYyNjY4YTcxMWYzZjNlMjRlNGQ5OWM0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYkDyDNiZs7sp8Qet8jFpXx3Y+ASdp6yHq86SnsyeyLUNf
e0uxazhDR5jYo+0qJlm7lLCVl8Wjf10HKdHe+QaAJ+/mm03TytbwnOtH2tiWcZiP
eGUSlhKAwGCa6h1F8AS+oufH54/YgYl+d/VBNvS9Pgqb1wKo9kjnZfahfnW2lEIE
e19e6d2vDmLAFa7CWiYtnPcINzlywlmlafNcqOpNU/ffzaYOrOn3+yX77gnz7Usm
brgu98q7jNHU+FpIdSdXrNDvaWKFjiBdZkPWidBTaU+XMc3DfX/aQQ3zNiU6FE4q
kacIkCyaFAPn+wanGoC0uCOeWioxvHXl8tMzHfzzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUT/kU3QUpAnHmsWfG8J6gFvvWrjIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZiMGUxYzMyLTVjNGQtNDE4NS04ZTE3LThiMGIwMDcwZTA2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjUDANBgkqhkiG9w0BAQsFAAOCAQEAKJsg/RREGFDJ7KjJE6dTVYKZqyo4
/T6shgByfVWB11Lwzz0DpDWliy2yPJGh6vnkyCGb4l84ogvDFoiTtgDwPlurPGnz
8phDi2t6vKb/vEU063FDJyfWEo2zKHNUMHu/UhsEjt29eewyIlLtCTZUDEthLVoU
jdxshrzU4CELzTPHXJRB+1eDZBDqazXHAbb/wpEqW0W/ez0PlH1ZHlIcHKEkrfpe
qNU2zaNamdw4oRSgjuisJg+6rVlJEd/S4rTDG+CvoEzmUGLuTtmwqu0AOwljICeO
BSUeqxzcBk39fzjNscu0fTKRxU7wFqgrdoqh+yzoiKD2vwrUhk75tWiUGQ==
-----END CERTIFICATE-----