Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa
File:                     29f093ea-842e-4432-8f4f-4a326cfc8411.roa (raw, json)
Hash identifier:          WHxW+U4hRFt16/A/O5owj1sz6eI4bthUxYRt+/nCPCg=
Subject key identifier:   4D:F2:14:DA:BD:F3:0B:3F:F8:70:2E:6B:7C:94:F3:20:3A:B9:1C:05
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28A34B0149ADBF3492EAB0DF418C53B370201F8F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa
Signing time:             Fri 09 May 2025 15:20:16 +0000
ROA not before:           Fri 09 May 2025 15:20:16 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.240.0.0/13 maxlen: 13
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:a3:4b:01:49:ad:bf:34:92:ea:b0:df:41:8c:53:b3:70:20:1f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 15:20:16 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=2bba52a82dd597eba86d53e72639e27ad36ded519434c5ae587f61fb381b6f2f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a8:55:d5:d1:18:e2:9a:8a:8f:2e:52:84:36:
                    12:69:6c:e6:95:16:a2:43:9f:33:f5:34:4b:58:b9:
                    f2:7d:07:0b:48:2d:eb:71:6d:38:2c:fe:1b:c2:e7:
                    f3:90:22:01:67:64:34:2b:51:72:8a:d2:74:87:5e:
                    79:60:9f:3b:32:ba:d6:ea:d2:53:76:05:6a:ed:d6:
                    01:a4:a1:c8:3f:c8:3f:a7:75:58:3d:e0:6b:c1:1e:
                    5d:80:90:fc:69:60:05:30:0b:ba:d6:e7:29:1f:58:
                    3f:ac:6a:5e:1d:6d:6f:90:7f:af:85:81:be:ec:35:
                    f3:cb:6a:ff:38:27:e0:1f:a2:8a:d3:85:e3:f9:8b:
                    cf:d8:91:35:65:40:64:70:93:89:fb:57:77:1c:c6:
                    6d:28:7e:11:c4:73:3e:66:4d:d2:ce:61:49:6b:c2:
                    b9:be:0a:43:da:f3:01:33:81:f0:12:a5:8d:a1:a6:
                    fa:42:bb:b7:dc:66:60:c1:4a:97:1e:ce:9f:35:42:
                    5c:89:44:14:ed:74:3b:7c:f2:b7:ad:a0:ff:94:f4:
                    4c:3f:d6:91:65:38:88:c5:21:58:f2:34:23:4b:21:
                    db:02:d9:f6:a1:99:ea:b0:86:60:45:8f:bb:96:9d:
                    e2:f9:d5:39:03:a0:eb:82:15:5c:b8:45:da:a9:4d:
                    94:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F2:14:DA:BD:F3:0B:3F:F8:70:2E:6B:7C:94:F3:20:3A:B9:1C:05
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.240.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         45:ee:db:55:48:e6:4d:c9:78:dd:ed:71:18:9b:3f:3a:dc:31:
         65:da:83:20:64:63:a3:c1:3d:76:83:db:65:c9:c1:52:f1:57:
         7a:62:c7:08:8b:b9:d2:d4:38:15:30:ba:e1:1b:91:f7:5a:3a:
         af:2e:e5:36:0d:e5:df:78:0d:1e:9e:75:a9:77:5c:ce:e2:f2:
         40:f4:4f:de:f8:d6:2e:7b:e8:46:2d:43:d2:2d:d5:5e:b3:96:
         ec:4c:ac:90:b1:c6:fd:b5:08:5d:23:50:01:bc:52:20:3c:9e:
         2c:a9:b0:fd:f4:22:9f:9e:62:86:bd:d4:1a:fd:f0:57:23:dc:
         69:c4:83:4b:ee:06:14:ab:39:a0:1c:b7:fd:ca:14:c1:a7:31:
         f8:60:42:eb:4a:56:16:bc:06:f1:19:6e:d0:4d:35:d6:db:29:
         1b:c2:93:fa:4f:c6:54:e0:2e:8a:0b:6a:c6:e1:30:d5:84:e2:
         3f:5f:ca:09:1c:63:a6:84:cb:30:e6:7e:cc:35:66:14:4a:22:
         21:20:27:74:ed:81:c8:c0:74:1e:9b:96:a3:b1:4b:23:61:00:
         bd:65:e8:2c:eb:ee:2b:fb:ac:65:a1:af:34:89:6b:4e:d8:0e:
         ed:78:ef:81:03:00:10:19:07:ea:ee:9d:23:dc:6c:e2:33:24:
         0a:97:ec:1e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKKNLAUmtvzSS6rDfQYxTs3AgH48wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MTUyMDE2WhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYmJhNTJhODJkZDU5N2ViYTg2ZDUzZTcyNjM5ZTI3YWQz
NmRlZDUxOTQzNGM1YWU1ODdmNjFmYjM4MWI2ZjJmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyqFXV0RjimoqPLlKENhJpbOaVFqJDnzP1NEtYufJ9BwtI
LetxbTgs/hvC5/OQIgFnZDQrUXKK0nSHXnlgnzsyutbq0lN2BWrt1gGkocg/yD+n
dVg94GvBHl2AkPxpYAUwC7rW5ykfWD+sal4dbW+Qf6+Fgb7sNfPLav84J+AfoorT
heP5i8/YkTVlQGRwk4n7V3ccxm0ofhHEcz5mTdLOYUlrwrm+CkPa8wEzgfASpY2h
pvpCu7fcZmDBSpcezp81QlyJRBTtdDt88retoP+U9Ew/1pFlOIjFIVjyNCNLIdsC
2fahmeqwhmBFj7uWneL51TkDoOuCFVy4RdqpTZTRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTfIU2r3zCz/4cC5rfJTzIDq5HAUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5ZjA5M2VhLTg0MmUtNDQzMi04ZjRmLTRhMzI2Y2ZjODQxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMi8DANBgkqhkiG9w0BAQsFAAOCAQEARe7bVUjmTcl43e1xGJs/OtwxZdqD
IGRjo8E9doPbZcnBUvFXemLHCIu50tQ4FTC64RuR91o6ry7lNg3l33gNHp51qXdc
zuLyQPRP3vjWLnvoRi1D0i3VXrOW7EyskLHG/bUIXSNQAbxSIDyeLKmw/fQin55i
hr3UGv3wVyPcacSDS+4GFKs5oBy3/coUwacx+GBC60pWFrwG8Rlu0E011tspG8KT
+k/GVOAuigtqxuEw1YTiP1/KCRxjpoTLMOZ+zDVmFEoiISAndO2ByMB0HpuWo7FL
I2EAvWXoLOvuK/usZaGvNIlrTtgO7XjvgQMAEBkH6u6dI9xs4jMkCpfsHg==
-----END CERTIFICATE-----