Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa
File:                     471b7fbb-a1e3-44ab-8628-e10896f053eb.roa (raw, json)
Hash identifier:          fuEfuIK8cBZRIHxRFmZm7m/4N/Zi25UuyNDwjeCSVDI=
Subject key identifier:   AA:C0:26:F0:E2:EC:34:E6:C9:87:0F:94:2F:2E:22:C1:9B:80:CA:26
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21BE1C35BA6BD8F4E514837279C6CBE486892E7A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa
Signing time:             Fri 09 May 2025 15:11:09 +0000
ROA not before:           Fri 09 May 2025 15:11:09 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.248.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:be:1c:35:ba:6b:d8:f4:e5:14:83:72:79:c6:cb:e4:86:89:2e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 15:11:09 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=fa3ca596695846d1ba313afdbf622c6b22b2a6f27db563597fae3b266908d14f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ce:fd:49:1f:42:bc:09:c1:93:5b:b9:05:38:
                    c4:37:58:5e:21:4b:1c:b3:74:e0:ed:6b:cf:21:86:
                    b4:6a:1d:0b:05:a2:86:b9:78:3d:00:c6:0b:41:ce:
                    7b:f4:0e:3b:2b:02:ef:1c:c7:47:ed:f6:b7:07:73:
                    73:67:2d:69:f4:b9:c4:7f:81:9f:24:b1:38:20:df:
                    7d:71:7d:c3:07:13:1d:7a:28:60:2a:e4:79:a9:f6:
                    be:b5:42:6d:9c:fb:60:05:07:d2:21:21:78:d2:48:
                    65:8c:ac:a1:50:fd:6b:d9:ed:cb:66:01:14:c4:f6:
                    c0:fd:7c:0b:12:4a:d7:85:28:de:a7:28:00:e3:aa:
                    4a:5d:33:58:4a:83:c4:56:5e:ba:9b:78:91:89:7c:
                    8c:65:f6:09:dd:f0:28:e9:df:37:36:4b:d2:fc:af:
                    b8:64:8f:93:95:97:c7:55:01:b5:02:ef:ce:ad:a2:
                    9b:3b:8a:c4:0c:83:a1:aa:8b:09:d7:b1:a6:0f:23:
                    9b:2e:6b:b1:b6:2f:79:5d:de:92:2c:b3:74:23:91:
                    17:b1:04:34:54:cb:80:25:4a:40:be:d2:bd:a1:6e:
                    0f:1f:73:a2:f0:7c:e4:a5:08:ad:5c:9c:5a:6e:0a:
                    d3:9c:bd:bb:cd:9f:7b:5e:56:5e:d5:ce:08:2b:70:
                    56:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C0:26:F0:E2:EC:34:E6:C9:87:0F:94:2F:2E:22:C1:9B:80:CA:26
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.248.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         67:f4:00:2b:01:0d:bf:27:df:c8:6d:ae:01:ff:11:1c:de:d2:
         97:db:71:2a:09:e5:67:ee:1a:41:9f:82:de:3d:34:86:08:dd:
         58:ad:db:f9:91:6f:c6:cc:ef:f7:00:d3:df:6b:f0:95:b1:83:
         33:fb:a0:56:27:26:cb:78:7a:70:8c:3c:4f:bd:74:43:57:10:
         b6:28:da:62:4b:30:33:b6:08:cd:d6:83:f5:1a:82:a9:80:56:
         8f:d2:c1:70:5c:8e:92:43:91:0f:e4:57:32:27:72:10:f1:ef:
         90:79:60:99:8a:82:10:2b:39:c0:41:6e:19:60:65:37:49:56:
         80:3f:54:71:54:31:59:bc:46:90:be:fb:9e:e9:f6:7a:a1:21:
         02:f4:a0:30:f9:3a:c9:c9:86:e8:3f:89:fe:16:20:40:8c:7d:
         ea:41:bc:16:7d:8d:59:7d:7d:f3:41:43:30:3f:4c:bd:a2:a0:
         2c:49:5c:fa:34:b2:57:af:ce:20:35:b3:ce:02:02:85:93:48:
         f0:41:4b:57:aa:d6:02:e3:73:34:98:25:85:b1:64:15:e1:38:
         61:29:8c:3f:8a:db:87:3a:8c:6d:d4:ea:d0:de:34:ea:64:d8:
         d7:c6:2d:fb:e6:07:dc:59:a2:7b:c2:99:4c:b8:61:e0:be:ca:
         d7:8d:d8:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIb4cNbpr2PTlFINyecbL5IaJLnowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MTUxMTA5WhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTNjYTU5NjY5NTg0NmQxYmEzMTNhZmRiZjYyMmM2YjIy
YjJhNmYyN2RiNTYzNTk3ZmFlM2IyNjY5MDhkMTRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtzv1JH0K8CcGTW7kFOMQ3WF4hSxyzdODta88hhrRqHQsF
ooa5eD0AxgtBznv0DjsrAu8cx0ft9rcHc3NnLWn0ucR/gZ8ksTgg331xfcMHEx16
KGAq5Hmp9r61Qm2c+2AFB9IhIXjSSGWMrKFQ/WvZ7ctmARTE9sD9fAsSSteFKN6n
KADjqkpdM1hKg8RWXrqbeJGJfIxl9gnd8Cjp3zc2S9L8r7hkj5OVl8dVAbUC786t
ops7isQMg6GqiwnXsaYPI5sua7G2L3ld3pIss3QjkRexBDRUy4AlSkC+0r2hbg8f
c6LwfOSlCK1cnFpuCtOcvbvNn3teVl7VzggrcFbpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqsAm8OLsNObJhw+ULy4iwZuAyiYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3MWI3ZmJiLWExZTMtNDRhYi04NjI4LWUxMDg5NmYwNTNlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi+MAwDQYJKoZIhvcNAQELBQADggEBAGf0ACsBDb8n38htrgH/ERze0pfb
cSoJ5WfuGkGfgt49NIYI3Vit2/mRb8bM7/cA099r8JWxgzP7oFYnJst4enCMPE+9
dENXELYo2mJLMDO2CM3Wg/UagqmAVo/SwXBcjpJDkQ/kVzInchDx75B5YJmKghAr
OcBBbhlgZTdJVoA/VHFUMVm8RpC++57p9nqhIQL0oDD5OsnJhug/if4WIECMfepB
vBZ9jVl9ffNBQzA/TL2ioCxJXPo0slevziA1s84CAoWTSPBBS1eq1gLjczSYJYWx
ZBXhOGEpjD+K24c6jG3U6tDeNOpk2NfGLfvmB9xZonvCmUy4YeC+yteN2F4=
-----END CERTIFICATE-----