Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a5670e2-3a21-4962-958f-d6dba70b79be.roa
File:                     4a5670e2-3a21-4962-958f-d6dba70b79be.roa (raw, json)
Hash identifier:          R0tdvFaxLtRlrq/DgngcHdZz/wtVKpeOfRKcfONX1zE=
Subject key identifier:   CC:65:32:82:7F:52:13:45:B4:E3:40:29:BE:FB:61:37:B8:3B:5C:8C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       29BBBD93BA3A8D4D03379C12A3E9517B44AA4249
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a5670e2-3a21-4962-958f-d6dba70b79be.roa
Signing time:             Mon 30 Jun 2025 16:11:26 +0000
ROA not before:           Mon 30 Jun 2025 16:11:26 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.104.82.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:bb:bd:93:ba:3a:8d:4d:03:37:9c:12:a3:e9:51:7b:44:aa:42:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 16:11:26 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=ca60b635f77561b2dcbfa0ca7d3ac40f661ff5990bcef38ddb73c622ea29f459, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c6:10:19:c4:e8:0f:e6:d8:9e:7d:cb:22:ed:
                    fc:54:62:56:f7:0d:dd:f2:56:64:b6:b3:f4:3b:cc:
                    1f:63:7b:65:92:7a:e3:7f:38:3b:0e:90:15:95:71:
                    f8:f3:52:3d:96:34:e3:0f:2f:32:77:96:a5:bd:b6:
                    7b:1f:47:d9:5b:7d:61:6e:15:d9:e9:32:ad:ca:b7:
                    94:c7:fb:65:0c:67:32:32:9e:2f:77:5e:02:94:ad:
                    cc:a3:d3:ad:b5:c8:b9:79:40:04:e8:24:6b:ca:19:
                    40:85:53:97:f2:b6:a1:8d:2c:e9:aa:87:13:a4:4d:
                    33:95:f8:27:0a:9e:c3:91:0a:80:d9:fd:7e:8e:cd:
                    6d:c2:cb:26:d8:97:c5:b9:f3:38:19:eb:f3:68:9a:
                    fe:58:b5:0d:0d:b4:51:cd:37:e7:51:19:fa:26:af:
                    86:ea:d0:4f:d5:f9:e1:76:94:b8:ca:0a:33:c2:45:
                    32:66:78:79:02:51:27:cc:31:ee:b7:2c:7a:c5:5e:
                    da:fe:ad:7f:2a:6f:2c:f1:d5:98:95:89:13:65:7f:
                    4f:3f:6d:ff:d3:e4:f0:b7:ed:26:f7:8a:4f:bc:64:
                    eb:47:ea:0a:b4:fc:cb:9f:cf:bf:6c:69:7a:84:cd:
                    d2:9b:58:53:60:d3:d0:bc:de:75:cb:ce:b7:3e:d2:
                    55:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:65:32:82:7F:52:13:45:B4:E3:40:29:BE:FB:61:37:B8:3B:5C:8C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a5670e2-3a21-4962-958f-d6dba70b79be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.104.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:4e:c1:6a:ab:27:18:74:4e:8b:dc:2e:d9:fe:10:77:e5:a3:
         92:14:3a:c8:03:e1:bc:71:bc:7f:84:1f:19:79:7d:49:8b:b0:
         1d:6c:5f:96:9c:c7:16:d7:a5:b5:96:1e:d7:50:c1:6e:cc:c5:
         61:3e:c9:1c:53:3a:f2:a8:da:f0:de:2a:fa:40:5f:b4:0a:a5:
         86:01:dc:18:50:0d:7b:69:d1:6d:96:86:69:0e:b8:22:6d:f2:
         17:34:94:97:ba:2d:c7:05:52:dc:ef:a7:78:74:fc:aa:9f:a4:
         ec:9e:1d:0e:d0:6c:f7:22:11:7f:6d:fa:fa:f9:0d:bf:59:01:
         03:5f:43:9a:74:73:70:d7:32:35:93:71:e0:70:27:6f:2c:96:
         32:17:0d:f6:df:b9:f8:75:3a:97:3b:5e:00:e7:af:95:b0:1e:
         13:36:34:70:87:e5:58:d3:10:c5:10:36:0d:e8:95:fe:61:bb:
         89:56:00:e0:c5:10:d3:cc:13:67:7e:d8:a7:aa:d3:3c:99:91:
         d5:0c:81:3b:c0:b6:19:37:17:cb:3b:e4:3c:08:55:f0:03:93:
         58:96:57:6e:c4:14:de:95:a8:a0:e4:c7:b9:df:5f:9e:d8:08:
         9e:5c:6f:30:bf:81:82:42:dc:3a:8a:7f:0b:c9:70:7d:38:c7:
         47:9e:11:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKbu9k7o6jU0DN5wSo+lRe0SqQkkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTYxMTI2WhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTYwYjYzNWY3NzU2MWIyZGNiZmEwY2E3ZDNhYzQwZjY2
MWZmNTk5MGJjZWYzOGRkYjczYzYyMmVhMjlmNDU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzxhAZxOgP5tiefcsi7fxUYlb3Dd3yVmS2s/Q7zB9je2WS
euN/ODsOkBWVcfjzUj2WNOMPLzJ3lqW9tnsfR9lbfWFuFdnpMq3Kt5TH+2UMZzIy
ni93XgKUrcyj0621yLl5QAToJGvKGUCFU5fytqGNLOmqhxOkTTOV+CcKnsORCoDZ
/X6OzW3CyybYl8W58zgZ6/Nomv5YtQ0NtFHNN+dRGfomr4bq0E/V+eF2lLjKCjPC
RTJmeHkCUSfMMe63LHrFXtr+rX8qbyzx1ZiViRNlf08/bf/T5PC37Sb3ik+8ZOtH
6gq0/Mufz79saXqEzdKbWFNg09C83nXLzrc+0lVHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzGUygn9SE0W040ApvvthN7g7XIwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRhNTY3MGUyLTNhMjEtNDk2Mi05NThmLWQ2ZGJhNzBiNzliZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDaFIwDQYJKoZIhvcNAQELBQADggEBAHhOwWqrJxh0TovcLtn+EHflo5IU
OsgD4bxxvH+EHxl5fUmLsB1sX5acxxbXpbWWHtdQwW7MxWE+yRxTOvKo2vDeKvpA
X7QKpYYB3BhQDXtp0W2WhmkOuCJt8hc0lJe6LccFUtzvp3h0/KqfpOyeHQ7QbPci
EX9t+vr5Db9ZAQNfQ5p0c3DXMjWTceBwJ28sljIXDfbfufh1Opc7XgDnr5WwHhM2
NHCH5VjTEMUQNg3olf5hu4lWAODFENPME2d+2Keq0zyZkdUMgTvAthk3F8s75DwI
VfADk1iWV27EFN6VqKDkx7nfX57YCJ5cbzC/gYJC3DqKfwvJcH04x0eeES0=
-----END CERTIFICATE-----