Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00ddac45-6ff3-44c5-b626-9a354eb9d483.roa
File:                     00ddac45-6ff3-44c5-b626-9a354eb9d483.roa (raw, json)
Hash identifier:          zVBfm4MB62fj2jvNEPRXv7At+tj2Oed3sd3eTNG6uRc=
Subject key identifier:   18:E2:60:E9:B0:DA:D5:7A:B8:CA:FB:62:B1:5F:6B:3A:48:36:42:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       246260910559510844FDD21C530A9C7025843FCA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00ddac45-6ff3-44c5-b626-9a354eb9d483.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:62:60:91:05:59:51:08:44:fd:d2:1c:53:0a:9c:70:25:84:3f:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:da:37:a1:c2:d1:22:b1:99:31:85:1b:fe:9d:
                    28:6b:4a:98:ab:6f:49:98:49:89:32:62:6a:12:48:
                    7a:2a:9b:ea:3f:e3:48:b1:4d:dd:61:b9:8e:34:45:
                    33:e4:bc:67:df:f4:aa:23:ed:d5:c8:63:b6:27:ba:
                    0b:4f:b6:bd:d7:05:de:e8:0b:93:cf:de:6d:97:02:
                    58:cd:21:b5:03:de:c6:2d:d4:39:e0:d1:9b:66:d9:
                    1a:3a:3d:ed:45:f4:de:8a:8c:cb:53:e1:50:5e:c9:
                    37:f5:43:1c:c5:dc:3e:25:9c:16:d6:6f:99:4d:be:
                    55:94:07:32:c7:2f:40:b1:cb:94:2b:e5:51:05:84:
                    0e:04:a4:80:d2:55:8a:ce:33:ad:40:c8:fc:f0:41:
                    f9:11:0c:a7:3c:b9:a7:9d:fd:44:92:10:4b:bf:44:
                    c6:61:47:cc:3b:1e:c7:22:06:45:58:ce:41:49:b3:
                    c9:fe:07:0b:e7:3a:f0:4d:9f:f9:c2:9a:f6:bc:4b:
                    6b:d4:22:c7:db:e1:1a:95:b1:1a:fa:a4:9b:79:53:
                    d8:94:24:ef:e3:9d:f0:71:88:ed:dd:9a:fd:9e:25:
                    d9:b0:fb:ce:c6:cb:d4:8c:25:d4:ca:b4:a9:be:a7:
                    da:14:2a:eb:4c:45:47:93:de:ec:48:e1:0e:e7:7b:
                    60:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E2:60:E9:B0:DA:D5:7A:B8:CA:FB:62:B1:5F:6B:3A:48:36:42:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00ddac45-6ff3-44c5-b626-9a354eb9d483.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         1c:97:dc:96:6b:3a:fd:ed:c1:58:1a:2e:15:b8:4b:5b:99:f6:
         6a:7e:24:8e:10:85:22:db:4a:8e:13:ea:a0:3e:fb:63:28:e3:
         ca:3a:af:a9:22:75:e8:ae:b2:fa:f7:00:da:4b:05:40:03:41:
         3e:54:86:1d:c8:af:55:25:b4:77:bc:50:63:fa:bf:c1:c8:a6:
         3f:ea:18:c5:1f:69:8b:85:15:02:00:4a:1f:ed:ee:a9:1a:26:
         1a:a4:bb:ce:53:f4:3a:11:81:38:b4:ca:b7:27:82:4b:fd:17:
         4f:88:22:ed:16:af:fc:24:fa:ef:7c:e1:d3:72:7f:b8:8b:d6:
         d9:47:30:a2:da:db:ff:44:4d:d1:4e:5c:f0:bc:55:35:7b:e0:
         5c:8b:69:19:71:fb:60:10:7f:33:3d:4c:d7:28:8d:74:b3:e6:
         42:60:ca:28:43:99:57:c6:b7:eb:e6:e6:ff:a1:26:2c:ee:76:
         25:53:e0:fa:37:4f:a3:fc:e4:c3:39:27:d1:6e:cf:e6:b7:4e:
         55:34:79:ff:30:49:9e:a8:76:65:cc:61:9d:ef:b3:f3:a0:50:
         9c:c8:cc:70:8a:4c:3b:f6:40:4c:1f:16:de:3b:d9:3e:be:37:
         95:bb:39:3e:de:b5:7a:18:34:87:f6:c0:ea:ea:60:44:2c:4d:
         a4:14:23:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJGJgkQVZUQhE/dIcUwqccCWEP8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NjE3NWM0NmVhZTMxMDMxMzRlMzNjMjI4MWZiMTFkN2Fh
NzM3M2VmOGQ4MTBiZDJkM2U1MGFlYTVlNDAyNDlhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB2jehwtEisZkxhRv+nShrSpirb0mYSYkyYmoSSHoqm+o/
40ixTd1huY40RTPkvGff9Koj7dXIY7YnugtPtr3XBd7oC5PP3m2XAljNIbUD3sYt
1Dng0Ztm2Ro6Pe1F9N6KjMtT4VBeyTf1QxzF3D4lnBbWb5lNvlWUBzLHL0Cxy5Qr
5VEFhA4EpIDSVYrOM61AyPzwQfkRDKc8uaed/USSEEu/RMZhR8w7HsciBkVYzkFJ
s8n+BwvnOvBNn/nCmva8S2vUIsfb4RqVsRr6pJt5U9iUJO/jnfBxiO3dmv2eJdmw
+87Gy9SMJdTKtKm+p9oUKutMRUeT3uxI4Q7ne2AzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGOJg6bDa1Xq4yvtisV9rOkg2Qm4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwZGRhYzQ1LTZmZjMtNDRjNS1iNjI2LTlhMzU0ZWI5ZDQ4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYD+IAwDQYJKoZIhvcNAQELBQADggEBAByX3JZrOv3twVgaLhW4S1uZ9mp+
JI4QhSLbSo4T6qA++2Mo48o6r6kideiusvr3ANpLBUADQT5Uhh3Ir1UltHe8UGP6
v8HIpj/qGMUfaYuFFQIASh/t7qkaJhqku85T9DoRgTi0yrcngkv9F0+IIu0Wr/wk
+u984dNyf7iL1tlHMKLa2/9ETdFOXPC8VTV74FyLaRlx+2AQfzM9TNcojXSz5kJg
yihDmVfGt+vm5v+hJizudiVT4Po3T6P85MM5J9Fuz+a3TlU0ef8wSZ6odmXMYZ3v
s/OgUJzIzHCKTDv2QEwfFt472T6+N5W7OT7etXoYNIf2wOrqYEQsTaQUI/s=
-----END CERTIFICATE-----