Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d8d5bde-3454-48a3-aa94-1772cda89cd1.roa
File:                     3d8d5bde-3454-48a3-aa94-1772cda89cd1.roa (raw, json)
Hash identifier:          unrDJ2hC6DCsGY6noPZ/lvMZ+sQOgKFY7DI6n3IvaAc=
Subject key identifier:   39:32:6D:23:A5:C2:EB:96:4D:7B:77:3B:44:EF:FC:14:9F:B1:4E:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       116B1643F1CFE527D5AAFBB61AAAD9729A4A8E54
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d8d5bde-3454-48a3-aa94-1772cda89cd1.roa
Signing time:             Tue 19 Aug 2025 15:20:24 +0000
ROA not before:           Tue 19 Aug 2025 15:20:24 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.253.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:6b:16:43:f1:cf:e5:27:d5:aa:fb:b6:1a:aa:d9:72:9a:4a:8e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:20:24 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=d2db6c24f693eed88d136e8f96ac57e1c8bd526b9740944c7c8794d71b295bc8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a7:6a:36:ef:e4:99:f1:55:57:1c:e9:8c:b5:
                    18:33:36:d5:60:77:bb:e3:7e:fc:a5:72:95:53:15:
                    ee:7a:99:34:19:f8:d4:8c:76:0f:01:f5:db:9c:4e:
                    87:37:fe:fb:e9:a3:ed:5a:9a:65:96:01:58:72:1c:
                    f9:03:f1:d2:33:b6:d7:54:f7:e3:31:31:5a:0e:80:
                    01:99:36:bc:89:00:bd:f1:58:60:9a:3c:3b:41:3a:
                    11:9c:a3:6d:44:26:3f:ea:75:c4:f6:0f:76:aa:08:
                    59:89:26:9e:32:d6:d6:87:a1:60:80:3f:a9:90:26:
                    ce:98:74:c4:96:db:4a:b0:0b:e6:ae:06:c5:8d:f7:
                    fd:d7:26:e3:81:8d:44:4b:22:76:1b:d6:0a:5a:e8:
                    79:cc:c2:be:48:ec:ba:82:ad:ee:48:0e:50:c4:14:
                    63:4a:3b:0c:9d:f6:01:13:80:f8:33:dd:f7:52:81:
                    a1:60:fb:8d:99:ee:c8:22:d3:45:08:76:2f:50:80:
                    15:5c:eb:19:cf:2a:4d:ea:1e:2e:74:ec:db:a3:05:
                    75:10:ab:bd:fe:a3:ab:29:ad:e8:56:14:32:07:67:
                    06:db:6d:45:70:b9:55:49:97:bf:47:3f:fe:61:1d:
                    65:45:fb:54:81:82:99:61:6f:2a:c9:e5:11:fd:9a:
                    eb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:32:6D:23:A5:C2:EB:96:4D:7B:77:3B:44:EF:FC:14:9F:B1:4E:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d8d5bde-3454-48a3-aa94-1772cda89cd1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.253.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         50:94:3b:2d:d1:5b:32:f7:b2:bc:1d:d1:a9:ca:12:e4:32:fb:
         49:8f:6c:df:0c:6d:3a:50:21:7c:1b:99:65:69:e9:ae:cc:91:
         10:42:a7:9c:f4:63:57:c6:2a:ba:a1:e0:5b:87:f6:cb:ff:c0:
         e0:13:b0:2e:94:8e:eb:58:de:fe:03:4f:99:9d:b6:36:df:6d:
         c5:53:e9:51:7b:b5:66:39:8a:6e:76:fc:cd:8e:f0:c3:39:5c:
         c0:0d:c7:54:55:86:2e:e0:d3:b7:05:23:29:b8:fe:8a:25:19:
         69:5e:a1:a0:b9:db:5d:15:51:c0:d4:88:f0:61:31:d3:e4:9b:
         93:9e:8e:45:d6:1a:7d:0c:18:39:cb:dc:2a:c9:a8:92:09:10:
         a3:8f:c2:11:c0:15:89:72:51:4f:d8:a0:53:5d:4c:76:00:f9:
         36:15:cd:4b:1c:8b:e4:30:27:78:de:ac:d6:1e:e4:bc:cd:8e:
         9b:36:5c:7e:5c:f8:f6:d4:85:4d:e9:b0:5d:c8:19:84:0c:cb:
         4a:47:c3:f1:de:db:73:93:a8:07:38:c1:de:50:30:55:6a:3e:
         d8:68:dc:65:04:c3:88:dc:55:09:7e:ac:99:3d:de:0a:dc:19:
         7d:70:c0:51:39:06:77:bf:8a:a6:60:69:e0:8b:96:eb:d4:71:
         f5:a5:dc:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEWsWQ/HP5SfVqvu2GqrZcppKjlQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUyMDI0WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMmRiNmMyNGY2OTNlZWQ4OGQxMzZlOGY5NmFjNTdlMWM4
YmQ1MjZiOTc0MDk0NGM3Yzg3OTRkNzFiMjk1YmM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGp2o27+SZ8VVXHOmMtRgzNtVgd7vjfvylcpVTFe56mTQZ
+NSMdg8B9ducToc3/vvpo+1ammWWAVhyHPkD8dIzttdU9+MxMVoOgAGZNryJAL3x
WGCaPDtBOhGco21EJj/qdcT2D3aqCFmJJp4y1taHoWCAP6mQJs6YdMSW20qwC+au
BsWN9/3XJuOBjURLInYb1gpa6HnMwr5I7LqCre5IDlDEFGNKOwyd9gETgPgz3fdS
gaFg+42Z7sgi00UIdi9QgBVc6xnPKk3qHi507NujBXUQq73+o6sprehWFDIHZwbb
bUVwuVVJl79HP/5hHWVF+1SBgplhbyrJ5RH9muv1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOTJtI6XC65ZNe3c7RO/8FJ+xTr4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNkOGQ1YmRlLTM0NTQtNDhhMy1hYTk0LTE3NzJjZGE4OWNkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi/YAwDQYJKoZIhvcNAQELBQADggEBAFCUOy3RWzL3srwd0anKEuQy+0mP
bN8MbTpQIXwbmWVp6a7MkRBCp5z0Y1fGKrqh4FuH9sv/wOATsC6UjutY3v4DT5md
tjbfbcVT6VF7tWY5im52/M2O8MM5XMANx1RVhi7g07cFIym4/oolGWleoaC5210V
UcDUiPBhMdPkm5OejkXWGn0MGDnL3CrJqJIJEKOPwhHAFYlyUU/YoFNdTHYA+TYV
zUsci+QwJ3jerNYe5LzNjps2XH5c+PbUhU3psF3IGYQMy0pHw/He23OTqAc4wd5Q
MFVqPtho3GUEw4jcVQl+rJk93grcGX1wwFE5Bne/iqZgaeCLluvUcfWl3NU=
-----END CERTIFICATE-----