Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa
File:                     3b70b41d-e89c-4531-9695-c56d4fbbf712.roa (raw, json)
Hash identifier:          HNUL4J6FRWP42v2RdcL7f6M6XwbmheEHkxhzcoHBWrI=
Subject key identifier:   2A:28:24:54:74:BB:79:61:BF:94:0B:6B:40:A0:32:08:F6:78:E4:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7A8EC49C236DBC9D255583B4D35BA5EB1E896F11
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.3.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:8e:c4:9c:23:6d:bc:9d:25:55:83:b4:d3:5b:a5:eb:1e:89:6f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b5:a0:0f:27:45:30:44:55:aa:6c:08:c1:7b:
                    91:82:fc:92:dc:63:44:99:b0:3c:7c:74:11:ef:28:
                    97:77:1e:a4:c4:5f:2b:2b:d9:73:2a:93:3a:24:06:
                    94:41:06:99:f3:57:c2:c1:bd:d4:ff:4e:39:f0:13:
                    b6:2e:a1:20:34:42:b4:63:d1:6b:96:17:55:01:14:
                    82:cc:6e:87:5b:5f:b7:47:d6:63:0c:88:86:53:11:
                    0a:1e:c3:b8:da:34:6c:62:77:eb:36:65:56:20:c2:
                    29:62:68:6d:90:3f:65:43:db:61:e7:b2:ad:9b:54:
                    57:3a:ff:7a:47:24:31:04:3c:9d:4a:20:73:fa:b8:
                    98:d3:33:4b:15:80:05:34:a6:b3:7d:05:bd:aa:57:
                    71:fb:8e:f6:f0:20:d6:6d:f3:df:97:6a:28:40:de:
                    95:e8:ea:e0:5f:08:76:39:27:8e:2f:07:99:5f:65:
                    0c:72:14:82:b7:1c:75:43:4a:0f:1e:b5:b2:4b:ba:
                    d2:b5:d8:32:da:13:9f:22:60:ab:69:a1:08:49:7d:
                    ac:f2:77:27:e1:84:37:ae:6f:23:f5:33:12:b0:df:
                    de:08:9e:f6:d6:41:d6:ad:8b:5d:7b:63:b9:b2:73:
                    64:96:7a:e1:75:78:df:71:dc:b6:03:67:6b:92:84:
                    a6:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:28:24:54:74:BB:79:61:BF:94:0B:6B:40:A0:32:08:F6:78:E4:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.3.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:56:10:bc:68:a1:1b:cf:a7:05:94:43:66:a9:a2:9d:df:86:
         de:ed:ee:2b:de:b3:cd:80:e4:5d:eb:c3:b4:18:9a:e7:0c:7a:
         bf:7e:80:4f:16:50:5a:3e:2f:e4:64:ba:51:f8:0c:e4:c8:84:
         e0:d8:e3:d6:26:63:66:9c:6d:10:77:57:31:85:08:95:bd:3c:
         f9:81:4b:3f:c4:d8:8f:aa:b9:e7:4f:2a:61:7f:7a:b8:c8:ee:
         ab:04:f7:6b:67:1b:46:c3:11:3e:d7:73:01:fd:e2:64:6a:08:
         87:12:cc:89:23:14:61:f5:29:41:b1:39:e2:c8:4f:c6:af:cd:
         f2:9c:be:c8:4c:99:bc:52:54:5e:7f:69:c5:16:63:35:71:38:
         b7:72:b1:01:74:fa:0d:26:30:87:bb:20:da:fe:3a:4f:61:2a:
         db:35:5c:9e:87:1f:f0:db:2e:ee:e8:ed:68:55:9d:04:ed:29:
         1b:95:18:92:97:8a:df:9e:23:cc:95:54:87:c7:b0:ea:be:cb:
         6f:c7:de:3a:04:a1:75:5d:76:96:9a:48:c6:be:09:59:4c:92:
         93:5c:f4:de:be:1b:c3:8f:b0:b4:15:f3:5b:20:60:d1:c5:ce:
         5b:9c:07:0e:7d:d3:35:2f:b1:8b:e3:b7:a7:19:d0:16:be:2f:
         6e:83:90:1c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeo7EnCNtvJ0lVYO001ul6x6JbxEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NzBmNGU5YmNmMzcxZWU0MzdmOWM5ZDRkYjBiN2VlZmQ3
Yjg4MWRhNzhiODMxZGI1NTdjNDJhOTQwZmZhNjk2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCktaAPJ0UwRFWqbAjBe5GC/JLcY0SZsDx8dBHvKJd3HqTE
Xysr2XMqkzokBpRBBpnzV8LBvdT/TjnwE7YuoSA0QrRj0WuWF1UBFILMbodbX7dH
1mMMiIZTEQoew7jaNGxid+s2ZVYgwiliaG2QP2VD22Hnsq2bVFc6/3pHJDEEPJ1K
IHP6uJjTM0sVgAU0prN9Bb2qV3H7jvbwINZt89+XaihA3pXo6uBfCHY5J44vB5lf
ZQxyFIK3HHVDSg8etbJLutK12DLaE58iYKtpoQhJfazydyfhhDeubyP1MxKw394I
nvbWQdati117Y7myc2SWeuF1eN9x3LYDZ2uShKZnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKigkVHS7eWG/lAtrQKAyCPZ45IEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiNzBiNDFkLWU4OWMtNDUzMS05Njk1LWM1NmQ0ZmJiZjcxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDAwAwDQYJKoZIhvcNAQELBQADggEBACJWELxooRvPpwWUQ2apop3fht7t
7ives82A5F3rw7QYmucMer9+gE8WUFo+L+RkulH4DOTIhODY49YmY2acbRB3VzGF
CJW9PPmBSz/E2I+quedPKmF/erjI7qsE92tnG0bDET7XcwH94mRqCIcSzIkjFGH1
KUGxOeLIT8avzfKcvshMmbxSVF5/acUWYzVxOLdysQF0+g0mMIe7INr+Ok9hKts1
XJ6HH/DbLu7o7WhVnQTtKRuVGJKXit+eI8yVVIfHsOq+y2/H3joEoXVddpaaSMa+
CVlMkpNc9N6+G8OPsLQV81sgYNHFzlucBw590zUvsYvjt6cZ0Ba+L26DkBw=
-----END CERTIFICATE-----