Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41ec2556-a73f-49cc-9d4f-0868883ecfc3.roa
File:                     41ec2556-a73f-49cc-9d4f-0868883ecfc3.roa (raw, json)
Hash identifier:          iAvuA0bEXcU8Ea3XMzA7WERX4efC3Xi/66V+14pNfBk=
Subject key identifier:   A1:A2:47:27:04:EC:2F:2E:64:C4:6F:34:78:23:4C:C1:F2:18:BE:A7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       20C1B5D715B78EB88709668541118E03E2069B43
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41ec2556-a73f-49cc-9d4f-0868883ecfc3.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.201.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:c1:b5:d7:15:b7:8e:b8:87:09:66:85:41:11:8e:03:e2:06:9b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d2:30:0d:6d:1c:7a:8e:5b:84:dc:e6:c9:fa:
                    5e:f1:49:f0:03:ab:c3:f7:20:6b:c3:f1:bd:c8:76:
                    ed:20:1a:99:fd:58:6c:24:02:65:db:09:12:b0:56:
                    4e:db:92:19:12:92:51:db:ab:ad:27:04:46:6c:7a:
                    fe:f5:f0:13:48:77:bd:1a:74:fa:50:1d:d7:e8:22:
                    82:2b:da:dd:66:c3:00:64:bc:f1:63:e2:bb:12:90:
                    87:39:c2:c1:8c:5a:8c:3e:04:37:3d:50:d9:c1:2e:
                    e8:e6:4c:3e:a8:4a:6d:71:4c:51:c6:4c:43:07:43:
                    5f:68:4c:7e:f3:5b:1b:5c:8c:ce:8b:b1:18:18:91:
                    65:0b:2d:57:24:78:1e:84:c0:33:79:75:29:db:d1:
                    cf:e5:c0:38:80:8f:c8:88:8d:81:79:5d:78:1d:88:
                    52:c2:35:23:75:65:5a:a7:f1:cd:1f:71:e0:e4:fa:
                    8f:b7:33:52:f1:1f:b5:68:97:2b:79:31:34:22:4e:
                    28:98:00:43:98:b7:fa:cc:df:67:d2:54:f4:ab:a5:
                    df:57:cd:89:85:af:a2:4b:74:23:06:48:04:63:c9:
                    5a:d4:7b:1c:99:f8:d2:e1:80:74:10:d3:86:75:9d:
                    5b:8d:b5:24:4a:c7:9e:46:14:8d:20:37:3e:2d:f9:
                    b0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:A2:47:27:04:EC:2F:2E:64:C4:6F:34:78:23:4C:C1:F2:18:BE:A7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41ec2556-a73f-49cc-9d4f-0868883ecfc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.201.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:6e:1b:9b:71:28:b3:a4:28:20:63:b5:26:1c:2f:4f:6c:a9:
         05:44:e8:c0:ec:a8:8b:8c:f5:60:d2:e3:ee:9f:f1:92:f0:a0:
         7f:17:85:e8:eb:69:b8:66:20:01:f3:6b:90:a9:03:af:2f:1e:
         a8:62:c5:5f:8d:74:6e:a3:7f:48:d1:f8:2e:26:8b:36:80:b2:
         8b:ce:3e:c2:71:97:9d:c2:fa:e9:69:57:79:28:ba:29:89:da:
         7a:08:05:af:5b:dc:74:b6:3d:51:7b:ee:19:eb:77:30:1d:8b:
         eb:6b:3f:49:00:68:cf:82:f0:80:44:de:df:d5:27:2c:ee:96:
         86:51:a9:e8:9e:d5:7a:56:04:a3:c2:f4:29:fb:ca:b0:33:3e:
         99:a6:65:ca:fd:c2:35:d0:ff:f0:a8:bc:76:02:b1:d2:92:97:
         24:53:69:87:c3:67:a3:3a:e4:96:5b:5c:8b:47:29:6a:7c:d3:
         6f:bb:83:76:c6:35:1e:4c:52:61:2f:ef:97:5c:8f:66:66:5b:
         76:b3:a4:96:f4:c5:57:fa:2f:7a:58:3a:47:72:17:9c:14:2d:
         df:57:af:ec:d4:be:d1:c3:8d:e4:c9:cb:6a:37:d0:a0:b3:51:
         7c:bb:03:cb:ae:2a:43:ab:19:81:67:51:b3:67:76:74:ff:11:
         c6:c2:98:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIMG11xW3jriHCWaFQRGOA+IGm0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjBmYjI0NWY1MzAyYTQzNDExMmJhODI3MjQyYjcxMGNl
ZjQzZWU5NTVkZDUyNWMyZGQ1ZjljZDYwNWUxZTcxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF0jANbRx6jluE3ObJ+l7xSfADq8P3IGvD8b3Idu0gGpn9
WGwkAmXbCRKwVk7bkhkSklHbq60nBEZsev718BNId70adPpQHdfoIoIr2t1mwwBk
vPFj4rsSkIc5wsGMWow+BDc9UNnBLujmTD6oSm1xTFHGTEMHQ19oTH7zWxtcjM6L
sRgYkWULLVckeB6EwDN5dSnb0c/lwDiAj8iIjYF5XXgdiFLCNSN1ZVqn8c0fceDk
+o+3M1LxH7Volyt5MTQiTiiYAEOYt/rM32fSVPSrpd9XzYmFr6JLdCMGSARjyVrU
exyZ+NLhgHQQ04Z1nVuNtSRKx55GFI0gNz4t+bCpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoaJHJwTsLy5kxG80eCNMwfIYvqcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxZWMyNTU2LWE3M2YtNDljYy05ZDRmLTA4Njg4ODNlY2ZjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANyecwDQYJKoZIhvcNAQELBQADggEBAApuG5txKLOkKCBjtSYcL09sqQVE
6MDsqIuM9WDS4+6f8ZLwoH8XhejrabhmIAHza5CpA68vHqhixV+NdG6jf0jR+C4m
izaAsovOPsJxl53C+ulpV3kouimJ2noIBa9b3HS2PVF77hnrdzAdi+trP0kAaM+C
8IBE3t/VJyzuloZRqeie1XpWBKPC9Cn7yrAzPpmmZcr9wjXQ//CovHYCsdKSlyRT
aYfDZ6M65JZbXItHKWp802+7g3bGNR5MUmEv75dcj2ZmW3azpJb0xVf6L3pYOkdy
F5wULd9Xr+zUvtHDjeTJy2o30KCzUXy7A8uuKkOrGYFnUbNndnT/EcbCmHw=
-----END CERTIFICATE-----