Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa
File:                     29f093ea-842e-4432-8f4f-4a326cfc8411.roa (raw, json)
Hash identifier:          W2GY5HRjdtaTrLQl05+Ec2cwpNiRkyJwQbhoMHj7dyU=
Subject key identifier:   15:36:C4:21:16:BE:24:7E:4B:29:B5:C6:84:32:3D:4E:3B:2A:64:37
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       52AF91D42E848A8304755DC64217F2778FA0ADDF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.240.0.0/13 maxlen: 13
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:af:91:d4:2e:84:8a:83:04:75:5d:c6:42:17:f2:77:8f:a0:ad:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0a:b7:ef:4a:3b:46:39:46:6c:a1:0d:7c:4f:
                    78:02:c3:9f:41:dc:ca:7c:df:eb:d6:fb:48:c7:aa:
                    d9:de:fb:23:e1:ea:10:bd:ec:98:56:8d:fd:65:a6:
                    51:3a:43:c5:89:bb:3e:50:99:30:90:bc:64:eb:2a:
                    97:fb:4e:11:68:27:cc:0c:73:e0:48:34:18:ae:92:
                    1d:5f:df:30:7a:cf:49:bd:b9:d3:69:b4:8d:47:f5:
                    19:00:e3:34:34:83:61:4e:64:ca:77:6d:8a:fc:2b:
                    ef:67:ae:2b:dd:28:22:9e:9f:6b:7d:67:e2:a6:63:
                    be:37:cd:2c:da:48:b1:8d:35:99:8f:12:f2:2b:d9:
                    f0:43:98:72:75:9f:f5:2d:b2:d2:f5:ca:ca:15:23:
                    5d:89:f0:e5:37:68:35:86:2d:91:c6:ef:e1:4c:ac:
                    37:67:8a:73:da:ca:ee:b5:fc:58:65:0d:d2:ff:4d:
                    95:f8:a8:6e:88:14:b0:e2:80:ae:41:88:2f:f0:0b:
                    3c:ef:fb:be:38:cf:53:a6:84:0d:c7:9b:57:cf:f2:
                    b4:a4:e0:94:ab:a7:da:bf:6e:06:61:88:79:99:3d:
                    2c:98:a9:f8:a8:a4:35:a2:79:3c:73:f0:dc:5e:79:
                    5a:9b:bd:ff:d3:71:a4:82:ed:4e:4c:39:61:5f:1c:
                    8b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:36:C4:21:16:BE:24:7E:4B:29:B5:C6:84:32:3D:4E:3B:2A:64:37
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.240.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         41:0f:d8:00:34:6c:5b:a8:f0:54:24:05:e3:54:98:e4:87:a5:
         ed:77:2c:81:78:95:fb:44:3e:f5:c8:82:fb:f9:8a:99:88:5e:
         17:b8:d1:09:90:df:0a:01:7c:69:61:eb:3e:64:e8:4b:12:ce:
         9f:3a:9f:4a:5b:1c:b9:b8:82:97:a9:d6:f8:12:ea:e3:1e:1a:
         ca:75:fe:56:a5:84:cc:80:70:0c:35:e9:34:b0:09:8a:2e:1a:
         5d:cb:f4:54:af:83:28:a7:46:0a:78:44:80:24:9d:89:33:b2:
         bf:8f:e0:fa:bd:45:85:7f:78:bf:86:41:30:42:15:38:af:f3:
         a7:54:aa:51:17:38:4a:d4:36:e4:b1:f3:78:cc:a7:72:df:ba:
         2a:06:39:4e:ff:4d:3b:cb:a1:28:e1:15:fa:fb:c9:50:7c:c9:
         3b:58:50:a8:7c:af:5e:d5:8d:97:09:32:7a:05:bf:20:fe:a0:
         59:a9:63:cd:4c:dd:cc:57:57:e0:14:d9:f1:90:f8:c7:98:08:
         e9:06:d0:80:f5:65:3f:5a:0a:0f:66:4d:a6:e6:93:31:84:b0:
         fc:24:07:e7:f4:22:08:78:4c:94:cf:4c:1b:4c:79:86:4b:e3:
         de:2d:f6:d0:03:17:b4:75:4a:43:02:a2:3a:97:ff:cf:6a:f7:
         dc:2e:18:3e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUq+R1C6EioMEdV3GQhfyd4+grd8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjUxNWFhZWFkYmUxMzdjMDczZjU0M2QxYzUyZGVmZjRj
YTU5MjEzN2UxZWIyODNhMGQzOTBhYTJkM2ZhNWZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjCrfvSjtGOUZsoQ18T3gCw59B3Mp83+vW+0jHqtne+yPh
6hC97JhWjf1lplE6Q8WJuz5QmTCQvGTrKpf7ThFoJ8wMc+BINBiukh1f3zB6z0m9
udNptI1H9RkA4zQ0g2FOZMp3bYr8K+9nrivdKCKen2t9Z+KmY743zSzaSLGNNZmP
EvIr2fBDmHJ1n/UtstL1ysoVI12J8OU3aDWGLZHG7+FMrDdninPayu61/FhlDdL/
TZX4qG6IFLDigK5BiC/wCzzv+744z1OmhA3Hm1fP8rSk4JSrp9q/bgZhiHmZPSyY
qfiopDWieTxz8NxeeVqbvf/TcaSC7U5MOWFfHIutAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFTbEIRa+JH5LKbXGhDI9TjsqZDcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5ZjA5M2VhLTg0MmUtNDQzMi04ZjRmLTRhMzI2Y2ZjODQxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMi8DANBgkqhkiG9w0BAQsFAAOCAQEAQQ/YADRsW6jwVCQF41SY5Iel7Xcs
gXiV+0Q+9ciC+/mKmYheF7jRCZDfCgF8aWHrPmToSxLOnzqfSlscubiCl6nW+BLq
4x4aynX+VqWEzIBwDDXpNLAJii4aXcv0VK+DKKdGCnhEgCSdiTOyv4/g+r1FhX94
v4ZBMEIVOK/zp1SqURc4StQ25LHzeMynct+6KgY5Tv9NO8uhKOEV+vvJUHzJO1hQ
qHyvXtWNlwkyegW/IP6gWaljzUzdzFdX4BTZ8ZD4x5gI6QbQgPVlP1oKD2ZNpuaT
MYSw/CQH5/QiCHhMlM9MG0x5hkvj3i320AMXtHVKQwKiOpf/z2r33C4YPg==
-----END CERTIFICATE-----