Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/05d77566-f204-42b4-b2e2-f7a8e8157582.roa
File:                     05d77566-f204-42b4-b2e2-f7a8e8157582.roa (raw, json)
Hash identifier:          xCNiPV690268ZdbcmBkxW/6SmVGrVXqH9GbnDf4Xe7I=
Subject key identifier:   BB:6D:C6:EC:36:5B:F1:8C:95:37:9A:98:B6:B4:E3:B7:B9:0C:AA:F6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A1072F8F9903253FADFE303AF7AA016F0AE4ECF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/05d77566-f204-42b4-b2e2-f7a8e8157582.roa
Signing time:             Tue 19 Aug 2025 15:01:02 +0000
ROA not before:           Tue 19 Aug 2025 15:01:02 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.132.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:10:72:f8:f9:90:32:53:fa:df:e3:03:af:7a:a0:16:f0:ae:4e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:01:02 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=3307b1e755a8f3e0d7d2b6f41edb78284957cc7061e97b73029cb25ff8786d5d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b3:39:9c:4d:8c:da:7a:ad:b4:9e:f8:1d:92:
                    22:11:8d:01:9f:4d:4d:e7:85:d5:f9:0e:db:2b:29:
                    c9:e6:b1:fb:8e:48:53:21:e1:32:13:d5:f7:0d:77:
                    98:ec:b8:02:63:df:66:c9:dc:74:93:03:e7:3b:20:
                    bc:e5:85:4d:b0:e3:17:e4:fd:73:c5:ca:88:11:b0:
                    d9:4c:3d:a0:f7:29:7e:88:ac:c0:7a:fc:ad:e2:97:
                    c3:8e:d2:9b:04:a2:3e:ff:9c:a7:99:79:99:ed:8a:
                    74:11:e0:22:b5:89:a2:d7:65:90:67:06:ee:f9:7d:
                    5e:ad:e8:a2:fa:32:33:d9:13:64:c2:de:57:49:18:
                    d8:7d:fc:d6:41:5d:a3:e8:9a:06:f0:c3:11:b2:94:
                    7a:c8:6d:b7:8c:d0:ba:8c:8a:f6:40:2d:ac:46:e0:
                    55:94:a4:de:d3:c0:ee:42:9e:17:75:30:28:96:a8:
                    0c:70:d2:8a:17:57:1b:eb:a4:7f:28:3c:79:31:84:
                    9e:51:46:8d:70:14:bd:47:2d:ba:11:d3:82:c1:60:
                    96:07:34:6c:21:45:9f:ac:09:ac:2a:e4:13:11:1f:
                    e9:26:24:25:66:43:9f:f4:98:d2:3f:35:12:e0:4b:
                    6e:8f:9c:72:d2:58:86:66:97:3b:d3:4b:ec:4a:75:
                    07:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6D:C6:EC:36:5B:F1:8C:95:37:9A:98:B6:B4:E3:B7:B9:0C:AA:F6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/05d77566-f204-42b4-b2e2-f7a8e8157582.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.132.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         5e:dd:1b:c5:6d:83:dd:0e:77:4c:d7:18:15:b0:03:20:dd:4a:
         d7:a3:0d:cc:3e:f7:e7:29:22:49:e0:bd:08:82:de:a7:7c:80:
         36:17:1c:06:00:2e:a4:77:81:41:66:d8:a6:81:0e:c4:22:cf:
         9b:6c:b5:57:8b:89:57:5c:d1:18:33:1a:84:91:5d:af:85:74:
         31:16:ab:6f:22:27:8d:fe:9f:3d:ea:3c:3f:2d:d0:e1:ce:08:
         df:0e:67:34:72:6e:5b:e4:2e:d1:83:98:a6:c2:f0:84:d3:75:
         3d:d5:bb:95:87:0d:a9:25:e3:30:cc:7b:b3:91:02:01:ee:63:
         81:73:e6:5e:1b:2c:63:61:3d:f8:ea:89:46:20:d6:82:be:9e:
         7e:7e:0c:a8:55:d6:dd:0e:ab:e5:20:9d:73:e1:8f:e2:06:41:
         3e:39:bd:16:cf:c4:ed:5c:e2:4b:50:76:76:d4:22:f1:12:31:
         85:cf:9c:b1:4a:0e:9b:e0:9c:96:af:12:ce:34:7e:a2:0d:52:
         00:d2:f2:40:8b:5a:1d:41:b7:d6:79:08:8b:e8:bf:74:06:e5:
         78:e6:f0:71:0e:b8:fd:7e:76:d8:e3:7f:6c:91:37:db:4b:8d:
         88:bf:c8:7a:e9:03:e1:27:5d:4e:8a:45:1b:1e:9d:5a:ca:d3:
         47:2f:ff:57
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUChBy+PmQMlP63+MDr3qgFvCuTs8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUwMTAyWhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzA3YjFlNzU1YThmM2UwZDdkMmI2ZjQxZWRiNzgyODQ5
NTdjYzcwNjFlOTdiNzMwMjljYjI1ZmY4Nzg2ZDVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdszmcTYzaeq20nvgdkiIRjQGfTU3nhdX5DtsrKcnmsfuO
SFMh4TIT1fcNd5jsuAJj32bJ3HSTA+c7ILzlhU2w4xfk/XPFyogRsNlMPaD3KX6I
rMB6/K3il8OO0psEoj7/nKeZeZntinQR4CK1iaLXZZBnBu75fV6t6KL6MjPZE2TC
3ldJGNh9/NZBXaPomgbwwxGylHrIbbeM0LqMivZALaxG4FWUpN7TwO5Cnhd1MCiW
qAxw0ooXVxvrpH8oPHkxhJ5RRo1wFL1HLboR04LBYJYHNGwhRZ+sCawq5BMRH+km
JCVmQ5/0mNI/NRLgS26PnHLSWIZmlzvTS+xKdQcLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUu23G7DZb8YyVN5qYtrTjt7kMqvYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA1ZDc3NTY2LWYyMDQtNDJiNC1iMmUyLWY3YThlODE1NzU4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIDhDANBgkqhkiG9w0BAQsFAAOCAQEAXt0bxW2D3Q53TNcYFbADIN1K16MN
zD735ykiSeC9CILep3yANhccBgAupHeBQWbYpoEOxCLPm2y1V4uJV1zRGDMahJFd
r4V0MRarbyInjf6fPeo8Py3Q4c4I3w5nNHJuW+Qu0YOYpsLwhNN1PdW7lYcNqSXj
MMx7s5ECAe5jgXPmXhssY2E9+OqJRiDWgr6efn4MqFXW3Q6r5SCdc+GP4gZBPjm9
Fs/E7VziS1B2dtQi8RIxhc+csUoOm+Cclq8SzjR+og1SANLyQItaHUG31nkIi+i/
dAbleObwcQ64/X522ON/bJE320uNiL/IeukD4SddTopFGx6dWsrTRy//Vw==
-----END CERTIFICATE-----