Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/730c30f4-b9c5-4357-8ec7-06334f835343.roa
File:                     730c30f4-b9c5-4357-8ec7-06334f835343.roa (raw, json)
Hash identifier:          Fuu2JYTtlcffV5a0BFt42DwFJv7uLtEnCMjkl8M21m4=
Subject key identifier:   9E:33:DC:7B:CB:92:8A:0B:E4:1F:93:82:50:3E:17:1D:E1:56:24:4F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       043C869D55A4832C50A697A07C9780045A33C74D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/730c30f4-b9c5-4357-8ec7-06334f835343.roa
Signing time:             Tue 05 Aug 2025 16:31:00 +0000
ROA not before:           Tue 05 Aug 2025 16:31:00 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.134.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:3c:86:9d:55:a4:83:2c:50:a6:97:a0:7c:97:80:04:5a:33:c7:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:31:00 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=5c19727fbbc2fac24ba3c1754c44dc970832427e30954503258e17427014f742, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:83:67:0b:ae:a7:ee:6c:a8:42:89:a8:f9:17:
                    3c:7e:aa:04:c4:27:6e:e3:fa:25:b8:ee:b0:17:7c:
                    74:a3:36:1f:39:24:94:d0:1a:f0:5d:9f:b1:f0:9a:
                    d7:49:8f:8e:13:97:cd:0d:7e:d1:58:12:c0:99:7f:
                    c5:12:6b:6c:b3:2f:42:b9:78:af:31:11:72:ff:04:
                    91:b5:a3:73:c5:e1:95:b4:68:d7:75:02:ea:d1:be:
                    b7:80:1f:87:3d:25:44:55:4d:cc:e0:15:a5:62:6b:
                    88:e5:4e:20:26:f8:29:1a:2a:d2:9f:94:c9:79:1d:
                    4e:79:77:2a:7e:80:6c:7e:bb:bd:3a:2d:7c:7a:6c:
                    b5:f2:90:ab:d7:c1:c1:f3:97:f0:30:7e:ee:be:47:
                    4b:ac:56:15:2a:34:c6:08:ce:fa:f3:5b:7e:ef:ff:
                    48:eb:0b:3f:2f:9b:42:97:6a:7e:d1:0d:c8:d7:fb:
                    d5:d1:bb:32:92:1f:4d:1d:59:ee:51:af:5b:0a:8e:
                    10:ce:e9:37:2b:f4:7c:9c:f5:a0:81:83:ab:fe:73:
                    02:98:3a:9f:25:a1:91:67:d2:0e:56:4f:24:cc:bb:
                    33:25:e9:b4:62:06:83:28:47:6e:61:61:f2:49:60:
                    db:42:a8:2b:06:b1:89:53:a1:e2:4b:18:48:bc:a0:
                    9a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:33:DC:7B:CB:92:8A:0B:E4:1F:93:82:50:3E:17:1D:E1:56:24:4F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/730c30f4-b9c5-4357-8ec7-06334f835343.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.134.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0e:a7:20:eb:a4:3a:8b:bb:62:19:f0:c2:0c:fa:e6:8d:4b:b3:
         f6:03:89:1a:47:a8:b8:77:91:ae:74:d2:cc:5f:a9:cb:bb:d1:
         99:47:7d:3f:af:e3:14:5e:ce:3e:f9:bd:cc:39:4c:a7:ec:31:
         fd:5f:54:83:c0:94:93:68:19:8c:f9:95:1c:d2:8f:b8:f6:e8:
         6b:f4:44:70:b8:33:4e:35:4b:41:71:74:93:13:0e:d2:54:eb:
         7b:95:ec:0a:be:5b:8e:d3:83:f7:ce:31:c8:2c:a3:e9:f6:6a:
         b8:06:8c:26:f8:7d:93:2a:6f:c4:3a:43:bf:ca:1a:58:9b:11:
         f5:07:67:7a:77:4e:10:7f:1f:74:64:88:91:fe:71:eb:55:f9:
         25:77:cd:e3:fe:71:74:16:87:b3:4e:5e:a9:d3:cf:04:1d:80:
         e8:0e:cb:84:8e:0c:97:e5:b2:4a:bb:83:3d:61:3c:3b:cc:00:
         66:0f:8b:f0:de:49:f1:eb:7c:7f:5a:2f:76:44:6e:60:a8:b7:
         a2:eb:c9:3a:15:02:85:dc:0d:82:ee:1a:11:a3:73:a8:41:36:
         19:29:1a:5c:76:ec:4c:a7:71:20:bc:d7:49:94:59:1e:04:2d:
         17:96:20:23:e6:c2:48:91:46:d4:21:12:ce:31:5c:9c:41:6e:
         0e:99:4a:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBDyGnVWkgyxQppegfJeABFozx00wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTYzMTAwWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzE5NzI3ZmJiYzJmYWMyNGJhM2MxNzU0YzQ0ZGM5NzA4
MzI0MjdlMzA5NTQ1MDMyNThlMTc0MjcwMTRmNzQyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYg2cLrqfubKhCiaj5Fzx+qgTEJ27j+iW47rAXfHSjNh85
JJTQGvBdn7HwmtdJj44Tl80NftFYEsCZf8USa2yzL0K5eK8xEXL/BJG1o3PF4ZW0
aNd1AurRvreAH4c9JURVTczgFaVia4jlTiAm+CkaKtKflMl5HU55dyp+gGx+u706
LXx6bLXykKvXwcHzl/Awfu6+R0usVhUqNMYIzvrzW37v/0jrCz8vm0KXan7RDcjX
+9XRuzKSH00dWe5Rr1sKjhDO6Tcr9Hyc9aCBg6v+cwKYOp8loZFn0g5WTyTMuzMl
6bRiBoMoR25hYfJJYNtCqCsGsYlToeJLGEi8oJqtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnjPce8uSigvkH5OCUD4XHeFWJE8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzczMGMzMGY0LWI5YzUtNDM1Ny04ZWM3LTA2MzM0ZjgzNTM0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIhjANBgkqhkiG9w0BAQsFAAOCAQEADqcg66Q6i7tiGfDCDPrmjUuz9gOJ
GkeouHeRrnTSzF+py7vRmUd9P6/jFF7OPvm9zDlMp+wx/V9Ug8CUk2gZjPmVHNKP
uPboa/REcLgzTjVLQXF0kxMO0lTre5XsCr5bjtOD984xyCyj6fZquAaMJvh9kypv
xDpDv8oaWJsR9QdnendOEH8fdGSIkf5x61X5JXfN4/5xdBaHs05eqdPPBB2A6A7L
hI4Ml+WySruDPWE8O8wAZg+L8N5J8et8f1ovdkRuYKi3ouvJOhUChdwNgu4aEaNz
qEE2GSkaXHbsTKdxILzXSZRZHgQtF5YgI+bCSJFG1CESzjFcnEFuDplKbg==
-----END CERTIFICATE-----