Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42f64c9c-867f-4163-be01-3ed7d0a66046.roa
File:                     42f64c9c-867f-4163-be01-3ed7d0a66046.roa (raw, json)
Hash identifier:          OwxMjzneYJwLV68lqtHtdLKUqZ1qCkj/Quj3/9HST+c=
Subject key identifier:   B9:7E:13:EE:4E:E2:0E:27:B6:38:99:46:7B:3B:87:DC:D8:D3:41:AC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4ACAB35ED277DD530CAD31244F15EA8A79E96F4D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42f64c9c-867f-4163-be01-3ed7d0a66046.roa
Signing time:             Fri 09 May 2025 00:40:11 +0000
ROA not before:           Fri 09 May 2025 00:40:11 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.208.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:ca:b3:5e:d2:77:dd:53:0c:ad:31:24:4f:15:ea:8a:79:e9:6f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 00:40:11 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=fe8de2b4b670c6b6524cf1a28a5a82a2ff15f386fe3e92008ef84f8a7f712198, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:66:6c:2e:a9:4e:4d:8c:79:91:92:b0:6e:9b:
                    25:28:89:42:42:93:b1:e4:a8:6b:50:ef:97:e8:d5:
                    e7:08:51:66:81:56:93:d0:d2:fb:71:34:08:66:e7:
                    8e:fa:5d:06:b8:8c:99:bc:68:23:93:18:eb:e8:d4:
                    59:fa:60:39:84:c8:fe:95:19:1f:8a:a3:4a:ba:3c:
                    3e:04:c1:81:92:44:82:06:d7:6f:20:38:d5:aa:ec:
                    c9:c9:1f:b2:a2:4e:f9:c3:ca:30:84:ae:2f:cc:e1:
                    51:b9:e2:21:70:75:6a:96:9a:c3:3c:7d:20:a8:76:
                    ba:63:d8:a5:7f:d7:06:39:8f:dd:2c:66:ee:3d:2f:
                    29:98:66:47:0c:5f:49:ec:21:f5:8c:85:e7:ef:eb:
                    ed:9d:85:55:a1:89:67:57:46:50:69:e2:7f:40:0b:
                    ed:9f:1e:bb:b0:03:62:85:d1:86:12:07:0a:62:74:
                    e2:95:08:ce:93:27:3a:a1:3a:ad:d3:b3:59:4a:45:
                    8f:61:21:2b:47:13:19:27:18:32:d2:16:be:75:b8:
                    dd:54:2a:7e:d2:b6:8d:f8:36:be:91:ae:6c:a3:71:
                    e5:cc:c1:99:8c:e5:53:1f:c4:f0:ed:f5:40:5e:84:
                    c6:b8:49:f7:47:52:ec:53:e2:87:4c:01:69:fb:1d:
                    90:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7E:13:EE:4E:E2:0E:27:B6:38:99:46:7B:3B:87:DC:D8:D3:41:AC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42f64c9c-867f-4163-be01-3ed7d0a66046.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.208.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         92:08:04:f0:a8:b8:02:17:1c:5c:d9:0a:d8:2c:40:d6:8d:51:
         46:e1:5c:1b:c8:3f:95:3d:bd:74:09:df:b3:97:8b:ab:99:bd:
         00:60:5b:dd:7b:d7:bc:d3:0f:07:5f:f4:f6:33:e1:7f:f6:79:
         ac:90:b4:36:9a:4c:d6:41:b6:bd:02:f4:23:bd:1c:62:2f:7c:
         bb:bd:62:19:93:a1:fb:cd:e2:91:3c:92:d4:b6:cf:e5:82:a4:
         4e:5f:e4:b8:82:85:a8:ec:f2:57:36:49:b5:17:07:11:89:55:
         2d:e7:4b:d3:75:a9:23:d4:2e:e9:c7:b6:ad:be:8d:85:e1:e6:
         5f:09:3f:48:a9:89:a2:1f:e3:c0:b0:62:a3:2b:1a:8b:c5:e1:
         e8:e5:06:97:73:57:ae:ab:6e:3f:eb:9e:41:f7:bd:ab:88:15:
         1a:3b:46:bb:3c:fa:96:be:62:f6:6a:4e:46:2e:33:28:62:61:
         24:bd:e7:ea:7f:28:8a:2c:9b:77:5f:1e:70:af:ac:ea:d1:1b:
         d5:50:bb:19:8b:ab:f4:cc:71:10:65:d6:86:3e:c3:9a:50:62:
         76:fc:79:6b:86:38:15:61:01:3d:12:b6:3c:48:bc:f1:e9:28:
         30:80:b6:96:d6:f8:2f:01:ed:fe:b6:40:d3:6f:36:b6:c2:6b:
         d1:66:5e:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSsqzXtJ33VMMrTEkTxXqinnpb00wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MDA0MDExWhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZThkZTJiNGI2NzBjNmI2NTI0Y2YxYTI4YTVhODJhMmZm
MTVmMzg2ZmUzZTkyMDA4ZWY4NGY4YTdmNzEyMTk4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0ZmwuqU5NjHmRkrBumyUoiUJCk7HkqGtQ75fo1ecIUWaB
VpPQ0vtxNAhm5476XQa4jJm8aCOTGOvo1Fn6YDmEyP6VGR+Ko0q6PD4EwYGSRIIG
128gONWq7MnJH7KiTvnDyjCEri/M4VG54iFwdWqWmsM8fSCodrpj2KV/1wY5j90s
Zu49LymYZkcMX0nsIfWMhefv6+2dhVWhiWdXRlBp4n9AC+2fHruwA2KF0YYSBwpi
dOKVCM6TJzqhOq3Ts1lKRY9hIStHExknGDLSFr51uN1UKn7Sto34Nr6RrmyjceXM
wZmM5VMfxPDt9UBehMa4SfdHUuxT4odMAWn7HZDzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUuX4T7k7iDie2OJlGezuH3NjTQawwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyZjY0YzljLTg2N2YtNDE2My1iZTAxLTNlZDdkMGE2NjA0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAN0DANBgkqhkiG9w0BAQsFAAOCAQEAkggE8Ki4AhccXNkK2CxA1o1RRuFc
G8g/lT29dAnfs5eLq5m9AGBb3XvXvNMPB1/09jPhf/Z5rJC0NppM1kG2vQL0I70c
Yi98u71iGZOh+83ikTyS1LbP5YKkTl/kuIKFqOzyVzZJtRcHEYlVLedL03WpI9Qu
6ce2rb6NheHmXwk/SKmJoh/jwLBioysai8Xh6OUGl3NXrqtuP+ueQfe9q4gVGjtG
uzz6lr5i9mpORi4zKGJhJL3n6n8oiiybd18ecK+s6tEb1VC7GYur9MxxEGXWhj7D
mlBidvx5a4Y4FWEBPRK2PEi88ekoMIC2ltb4LwHt/rZA0282tsJr0WZeqQ==
-----END CERTIFICATE-----
Generated at Fri May 9 15:46:50 2025 by rpki-client