Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
File:                     fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa (raw, json)
Hash identifier:          bNiSN/KmgQz83f24xDfISQwSI5vfE5uoVJpGV3whUc4=
Subject key identifier:   FB:96:27:D5:F8:E2:B0:D1:0A:1F:15:CF:FD:8C:8D:48:AF:90:1F:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       35DC53B920152552A53BC225DE3F376BD3B37E28
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
Signing time:             Tue 20 May 2025 17:00:17 +0000
ROA not before:           Tue 20 May 2025 17:00:17 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.80.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:dc:53:b9:20:15:25:52:a5:3b:c2:25:de:3f:37:6b:d3:b3:7e:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:00:17 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=51510c93f08a9d546cd624782b17d8eea15b30090c0353d8d88ab41a5ae7440f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:29:d8:8e:81:9b:38:94:4d:b6:92:05:70:82:
                    a7:10:9a:c1:11:3c:f7:e7:37:20:22:8c:5b:35:4c:
                    f2:d5:97:fa:c4:70:b0:2e:f7:b3:3f:6e:f7:d7:97:
                    91:09:86:9a:03:0f:f8:8f:d1:22:71:8e:1c:70:ae:
                    e4:48:65:62:4c:7b:55:04:8c:58:02:e5:9a:0d:d3:
                    2d:46:d1:57:5d:34:2d:53:1c:85:64:de:cf:48:f2:
                    af:82:e5:de:46:21:d9:4f:32:20:9d:74:25:f2:da:
                    70:b5:46:62:9d:eb:5b:11:a4:dd:79:c7:dc:8d:7f:
                    0d:6c:a2:fd:a5:da:61:8c:0f:02:a0:14:96:e1:40:
                    75:f1:f6:89:5d:84:91:e7:10:10:04:ef:5a:36:0b:
                    6e:ba:b5:d5:b1:01:ae:14:46:bd:75:ac:fd:f7:96:
                    f3:80:9f:ca:b1:82:d1:09:a9:ff:fe:82:17:05:87:
                    0b:74:3f:51:95:7b:cf:b3:40:aa:c6:ba:3b:06:8e:
                    39:45:4f:85:c2:3c:2b:c7:e0:3b:4c:4b:fd:45:86:
                    9c:74:de:c9:ae:c3:75:b4:be:1e:65:eb:ed:ff:90:
                    c8:cf:c8:53:00:e9:78:56:40:77:87:7a:db:db:59:
                    9c:df:a3:e4:00:3a:b8:df:9c:15:16:71:4d:4d:67:
                    55:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:96:27:D5:F8:E2:B0:D1:0A:1F:15:CF:FD:8C:8D:48:AF:90:1F:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.80.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         a4:03:22:07:0e:95:37:9c:ea:e6:f9:ce:01:5d:1e:5c:5a:76:
         4a:bc:9e:e3:eb:b7:6b:08:f7:a5:b0:9f:7e:51:0e:0c:ec:54:
         85:52:7e:09:a2:63:68:04:f2:59:64:38:28:aa:14:8b:61:80:
         7a:ed:26:8f:7c:b8:3e:ee:c1:84:f7:49:f5:31:4c:8e:f1:3d:
         0f:81:61:2e:b6:00:b6:7a:10:c2:bf:34:21:e6:c4:db:67:d8:
         55:d3:bf:c5:c6:c6:87:84:5c:5c:04:14:00:89:5b:90:34:2c:
         72:18:df:ed:b7:4c:32:04:2f:1a:0d:e0:1d:ff:de:cf:f3:e5:
         1c:6f:2b:1a:0a:1c:fb:b6:9a:a4:f3:73:2d:25:a8:1c:81:21:
         97:40:8d:2e:79:13:bd:83:fc:99:6d:1c:d9:54:a4:65:04:63:
         6d:1c:9f:5b:8b:f5:9b:6f:cd:8b:ab:a0:10:29:58:5d:13:fd:
         02:01:51:de:d1:5c:76:e3:28:06:4e:86:2a:65:6f:3c:f4:f1:
         d1:92:58:9a:86:6e:98:bc:aa:5a:f3:d3:06:c5:b8:14:fa:3a:
         ea:cf:65:14:37:94:5e:3b:c9:30:c3:0b:13:27:14:de:b2:20:
         d2:e1:be:59:e0:e6:80:1d:aa:84:c6:15:2b:c0:e5:f5:97:40:
         21:16:01:f9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNdxTuSAVJVKlO8Il3j83a9OzfigwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTcwMDE3WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTUxMGM5M2YwOGE5ZDU0NmNkNjI0NzgyYjE3ZDhlZWEx
NWIzMDA5MGMwMzUzZDhkODhhYjQxYTVhZTc0NDBmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvKdiOgZs4lE22kgVwgqcQmsERPPfnNyAijFs1TPLVl/rE
cLAu97M/bvfXl5EJhpoDD/iP0SJxjhxwruRIZWJMe1UEjFgC5ZoN0y1G0VddNC1T
HIVk3s9I8q+C5d5GIdlPMiCddCXy2nC1RmKd61sRpN15x9yNfw1sov2l2mGMDwKg
FJbhQHXx9oldhJHnEBAE71o2C266tdWxAa4URr11rP33lvOAn8qxgtEJqf/+ghcF
hwt0P1GVe8+zQKrGujsGjjlFT4XCPCvH4DtMS/1Fhpx03smuw3W0vh5l6+3/kMjP
yFMA6XhWQHeHetvbWZzfo+QAOrjfnBUWcU1NZ1X3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+5Yn1fjisNEKHxXP/YyNSK+QH/cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZiMGUxYzMyLTVjNGQtNDE4NS04ZTE3LThiMGIwMDcwZTA2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjUDANBgkqhkiG9w0BAQsFAAOCAQEApAMiBw6VN5zq5vnOAV0eXFp2Srye
4+u3awj3pbCfflEODOxUhVJ+CaJjaATyWWQ4KKoUi2GAeu0mj3y4Pu7BhPdJ9TFM
jvE9D4FhLrYAtnoQwr80IebE22fYVdO/xcbGh4RcXAQUAIlbkDQschjf7bdMMgQv
Gg3gHf/ez/PlHG8rGgoc+7aapPNzLSWoHIEhl0CNLnkTvYP8mW0c2VSkZQRjbRyf
W4v1m2/Ni6ugEClYXRP9AgFR3tFcduMoBk6GKmVvPPTx0ZJYmoZumLyqWvPTBsW4
FPo66s9lFDeUXjvJMMMLEycU3rIg0uG+WeDmgB2qhMYVK8Dl9ZdAIRYB+Q==
-----END CERTIFICATE-----