Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bb2d8f1-00bc-4e2e-8e17-f80a0f4fe293.roa
File:                     4bb2d8f1-00bc-4e2e-8e17-f80a0f4fe293.roa (raw, json)
Hash identifier:          pjxVUBh85q/aCvyZ+407mQWNSzNRWabZezStz+sqKfA=
Subject key identifier:   2F:53:1C:2F:0C:61:87:85:7A:D6:0B:19:C3:C6:6D:07:AF:F9:48:7F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2FEB25017BDF92BDBA28DCB8371F935AD1E0A180
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bb2d8f1-00bc-4e2e-8e17-f80a0f4fe293.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        3.4.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:eb:25:01:7b:df:92:bd:ba:28:dc:b8:37:1f:93:5a:d1:e0:a1:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:80:a1:9e:22:9b:40:bc:b7:8d:67:43:18:3c:
                    b3:b0:02:66:23:ef:63:96:22:c3:af:ff:4f:79:98:
                    26:cd:fb:ad:0b:31:af:1e:05:04:b6:68:ff:26:88:
                    5b:62:d1:12:8f:33:3c:eb:39:83:28:0f:dc:d6:a7:
                    90:70:85:0e:9b:df:51:36:04:65:e7:20:2d:ee:2a:
                    33:12:48:60:06:af:62:fc:44:bb:d0:02:9f:af:18:
                    69:d1:83:ba:de:ee:5f:e6:85:6d:0c:e2:b1:19:03:
                    a2:19:60:e4:a5:c3:a5:5a:f7:e9:7e:af:e6:13:3d:
                    a3:f4:d1:ba:f1:04:13:87:1d:41:d1:0e:b1:5c:82:
                    23:f0:59:d1:78:a6:13:5a:23:d2:50:8a:5c:e3:1c:
                    55:48:93:61:e0:51:03:f8:74:b7:26:a5:a8:27:d4:
                    ea:b8:ba:ad:84:9a:21:c6:1c:ed:c4:e2:1e:c4:ae:
                    c3:06:fa:17:dc:c9:7e:db:3e:f5:80:f0:01:64:64:
                    12:8f:36:02:c7:1b:37:9d:b4:b7:26:6e:42:cd:8d:
                    b6:b5:e3:23:80:e6:f4:f3:ef:c4:06:f8:85:2c:d0:
                    55:06:0e:a0:1c:71:0c:c3:cf:97:aa:36:3c:02:19:
                    11:b3:bd:82:b9:20:e4:f7:d5:ef:26:11:45:db:53:
                    3f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:53:1C:2F:0C:61:87:85:7A:D6:0B:19:C3:C6:6D:07:AF:F9:48:7F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bb2d8f1-00bc-4e2e-8e17-f80a0f4fe293.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.4.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:23:95:ba:fd:e7:1a:dd:d1:a3:8b:ae:ee:bd:3e:f6:96:ae:
         64:14:30:4f:ea:9a:48:25:89:1f:8f:e9:42:5b:15:bb:36:97:
         48:e1:62:98:21:b3:81:cc:73:7f:cb:ea:05:87:5b:7d:09:e4:
         e9:71:61:6c:d1:2c:52:02:c0:1c:31:a1:9c:bd:fb:30:6c:72:
         eb:2f:4b:31:15:ba:da:27:70:08:10:2e:ab:50:ec:cd:8c:0d:
         4c:49:d1:88:36:52:74:4b:e8:14:41:f6:ef:01:82:98:8b:5f:
         b7:b6:7d:e9:5d:fb:11:49:7f:ef:35:1d:c1:40:1d:ce:2e:ec:
         4f:05:9e:ce:5d:af:d3:cd:e0:c2:13:e3:ad:5e:60:cb:c3:5d:
         b3:08:5b:4a:8b:94:60:40:cd:07:b1:4a:44:13:e7:45:21:4c:
         2f:32:b8:30:55:1d:89:21:75:6e:66:b0:43:2c:be:45:60:f5:
         24:78:43:7e:cb:e9:29:da:5d:9d:e6:21:e0:45:b4:eb:f9:26:
         17:fa:a3:1b:a8:7a:db:bd:47:42:63:18:e9:35:b4:b0:5d:00:
         02:3d:3e:5f:6b:b5:b0:9b:1c:b1:4f:1c:9d:86:e8:15:73:d1:
         a3:f1:92:ac:0e:99:78:f0:57:ba:4b:e1:b9:4f:40:12:2c:36:
         f9:84:c3:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL+slAXvfkr26KNy4Nx+TWtHgoYAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwY2Y2ZmIwYjU2OGNkYjIzMDVjNGY1MDE1NjU5NzZmMGVl
YzQyYTM0ODcxZThkZGI5MjI1ZDUwMjJlMTcyODQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVgKGeIptAvLeNZ0MYPLOwAmYj72OWIsOv/095mCbN+60L
Ma8eBQS2aP8miFti0RKPMzzrOYMoD9zWp5BwhQ6b31E2BGXnIC3uKjMSSGAGr2L8
RLvQAp+vGGnRg7re7l/mhW0M4rEZA6IZYOSlw6Va9+l+r+YTPaP00brxBBOHHUHR
DrFcgiPwWdF4phNaI9JQilzjHFVIk2HgUQP4dLcmpagn1Oq4uq2EmiHGHO3E4h7E
rsMG+hfcyX7bPvWA8AFkZBKPNgLHGzedtLcmbkLNjba14yOA5vTz78QG+IUs0FUG
DqAccQzDz5eqNjwCGRGzvYK5IOT31e8mEUXbUz/DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL1McLwxhh4V61gsZw8ZtB6/5SH8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiYjJkOGYxLTAwYmMtNGUyZS04ZTE3LWY4MGEwZjRmZTI5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMDBBAwDQYJKoZIhvcNAQELBQADggEBAHYjlbr95xrd0aOLru69PvaWrmQU
ME/qmkgliR+P6UJbFbs2l0jhYpghs4HMc3/L6gWHW30J5OlxYWzRLFICwBwxoZy9
+zBscusvSzEVutoncAgQLqtQ7M2MDUxJ0Yg2UnRL6BRB9u8BgpiLX7e2feld+xFJ
f+81HcFAHc4u7E8Fns5dr9PN4MIT461eYMvDXbMIW0qLlGBAzQexSkQT50UhTC8y
uDBVHYkhdW5msEMsvkVg9SR4Q37L6SnaXZ3mIeBFtOv5Jhf6oxuoetu9R0JjGOk1
tLBdAAI9Pl9rtbCbHLFPHJ2G6BVz0aPxkqwOmXjwV7pL4blPQBIsNvmEw6E=
-----END CERTIFICATE-----