Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa
File:                     471b7fbb-a1e3-44ab-8628-e10896f053eb.roa (raw, json)
Hash identifier:          rRY/8nFG8hx3uMCs+FOkcdwPzxhMeMRw3izOLUrN3tQ=
Subject key identifier:   BE:CA:7A:11:A6:C4:DB:83:AE:F8:87:3D:FB:52:3A:ED:AA:BA:81:22
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A91EF48EBB0CBAAC6EF506CF3FCD7D8A9D77984
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.248.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:91:ef:48:eb:b0:cb:aa:c6:ef:50:6c:f3:fc:d7:d8:a9:d7:79:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c3:41:00:91:c7:48:17:1e:a0:79:dc:6d:6e:
                    00:db:77:41:74:a8:fe:4b:da:36:e8:64:eb:c5:38:
                    4b:4a:f7:80:6d:d7:19:c5:64:15:b6:b0:1b:c0:0e:
                    bd:58:1c:c6:c4:a1:d7:37:3f:0f:38:cb:2d:92:ac:
                    9b:8c:f6:40:b6:b1:ca:5e:83:cd:53:ab:ba:6e:70:
                    17:27:b1:b2:dd:ce:3a:b3:75:80:0e:22:77:aa:0d:
                    ad:4e:56:29:3d:aa:db:03:e8:7b:ef:50:6e:7e:1f:
                    76:a9:6f:7c:77:02:8c:ac:d7:60:b6:65:13:ee:b4:
                    00:ef:48:0c:6e:d5:c8:2e:c0:4f:3b:6a:87:76:ab:
                    10:c3:a3:6c:57:ff:c3:4b:19:51:ad:a2:ab:e2:a6:
                    aa:02:fa:c4:87:6c:2e:dc:c7:45:24:16:24:7c:c9:
                    3b:fc:6d:af:80:4d:0c:67:b3:60:3f:be:a2:e0:59:
                    d9:41:c0:81:49:fa:df:79:be:36:19:d5:ff:4e:c5:
                    0f:0c:4d:70:a4:d5:c8:4a:c1:63:07:cb:20:2e:ac:
                    e6:a4:0c:58:f5:3e:42:93:f1:a6:bc:c5:e4:db:28:
                    47:19:b2:6a:08:7c:81:ba:19:bf:c8:14:27:fb:91:
                    db:de:7e:52:76:69:cc:bb:f6:ac:40:f6:80:12:b8:
                    a1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:CA:7A:11:A6:C4:DB:83:AE:F8:87:3D:FB:52:3A:ED:AA:BA:81:22
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.248.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a6:b2:af:66:9d:ed:38:68:7b:78:6a:90:50:fd:6f:6c:d9:c7:
         00:5c:bd:5c:43:47:06:d2:f8:49:80:bb:f4:8c:29:48:b4:11:
         33:a9:c2:16:04:35:30:ae:af:6d:9f:44:1c:83:96:17:74:69:
         83:d5:11:54:5d:b8:1c:4d:4f:9b:45:23:b4:5a:bb:86:e9:57:
         16:8a:81:2f:1c:98:b0:22:e8:9e:34:10:08:fe:b0:b3:4c:68:
         f4:e8:71:66:99:7b:f6:48:18:97:d7:d3:8f:c1:03:86:92:e4:
         86:66:18:6e:e5:d6:b4:85:12:02:0b:4c:f6:3c:6f:42:19:18:
         51:a8:d2:ce:55:9e:30:93:15:32:37:9f:01:bb:8f:90:52:06:
         f7:8d:9d:73:db:55:5c:83:bc:0f:6d:fd:9f:18:da:bc:ea:4e:
         f4:43:6f:a7:cc:b5:44:f8:7c:ff:ec:cf:86:96:6a:b7:e1:d6:
         38:18:44:39:a2:38:99:fe:e9:a8:1a:f6:18:07:c9:64:a5:4a:
         35:09:68:ef:f0:87:fa:53:e6:00:56:67:79:62:94:12:53:12:
         75:c8:d8:c3:7b:f5:c4:9d:a1:3c:cd:3c:ac:46:72:ba:74:51:
         84:43:ac:85:15:c4:95:fa:0f:0a:4a:4a:a2:ed:d8:df:71:41:
         65:0c:0c:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCpHvSOuwy6rG71Bs8/zX2KnXeYQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjk3MjhmYjM4ZGI3OGJkMTBkMTg1NTA1ZDBkODA3ZTll
OTg3MmE1MjliNmQ5ZjU0Y2MwMmNiODlmOGE4Zjc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgw0EAkcdIFx6gedxtbgDbd0F0qP5L2jboZOvFOEtK94Bt
1xnFZBW2sBvADr1YHMbEodc3Pw84yy2SrJuM9kC2scpeg81Tq7pucBcnsbLdzjqz
dYAOIneqDa1OVik9qtsD6HvvUG5+H3apb3x3Aoys12C2ZRPutADvSAxu1cguwE87
aod2qxDDo2xX/8NLGVGtoqvipqoC+sSHbC7cx0UkFiR8yTv8ba+ATQxns2A/vqLg
WdlBwIFJ+t95vjYZ1f9OxQ8MTXCk1chKwWMHyyAurOakDFj1PkKT8aa8xeTbKEcZ
smoIfIG6Gb/IFCf7kdveflJ2acy79qxA9oASuKFtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvsp6EabE24Ou+Ic9+1I67aq6gSIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3MWI3ZmJiLWExZTMtNDRhYi04NjI4LWUxMDg5NmYwNTNlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi+MAwDQYJKoZIhvcNAQELBQADggEBAKayr2ad7Thoe3hqkFD9b2zZxwBc
vVxDRwbS+EmAu/SMKUi0ETOpwhYENTCur22fRByDlhd0aYPVEVRduBxNT5tFI7Ra
u4bpVxaKgS8cmLAi6J40EAj+sLNMaPTocWaZe/ZIGJfX04/BA4aS5IZmGG7l1rSF
EgILTPY8b0IZGFGo0s5VnjCTFTI3nwG7j5BSBveNnXPbVVyDvA9t/Z8Y2rzqTvRD
b6fMtUT4fP/sz4aWarfh1jgYRDmiOJn+6aga9hgHyWSlSjUJaO/wh/pT5gBWZ3li
lBJTEnXI2MN79cSdoTzNPKxGcrp0UYRDrIUVxJX6DwpKSqLt2N9xQWUMDHs=
-----END CERTIFICATE-----