Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/769c4dbd-3126-4995-aaaa-5fcc1a89ecbb.roa
File:                     769c4dbd-3126-4995-aaaa-5fcc1a89ecbb.roa (raw, json)
Hash identifier:          VgGxs9SzdHuM6cdMQLUIOC+oLj6mt+Ak3N4bq7qmqNU=
Subject key identifier:   F6:E0:06:0C:4F:0B:D7:D3:BD:D5:12:9A:E8:3D:34:F7:76:A0:25:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7418188BEBD5E458199E3E363592931728C463A5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/769c4dbd-3126-4995-aaaa-5fcc1a89ecbb.roa
Signing time:             Sat 08 Feb 2025 00:00:00 +0000
ROA not before:           Sat 08 Feb 2025 00:00:00 +0000
ROA not after:            Sat 15 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.0.0/14 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:18:18:8b:eb:d5:e4:58:19:9e:3e:36:35:92:93:17:28:c4:63:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  8 00:00:00 2025 GMT
            Not After : Mar 15 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9f:42:69:52:79:15:8e:86:18:05:28:f2:2a:
                    12:9a:6f:a9:ae:41:5c:a5:fc:52:f2:c8:6e:ac:df:
                    0d:2e:da:8f:b4:bc:91:19:ff:d4:31:1b:4c:f2:4b:
                    e1:8e:0b:72:30:91:1a:43:ac:3b:17:6e:76:04:95:
                    e7:92:be:68:63:de:c8:cd:cc:85:f1:8a:86:38:2b:
                    bd:a4:ff:c7:97:44:ed:50:df:a1:8b:5e:18:37:9b:
                    7d:32:eb:e2:2c:8a:52:93:4f:4e:89:15:c1:c9:b6:
                    b3:9a:c7:81:fd:6a:49:2b:83:9d:31:f2:be:58:ad:
                    ad:cf:2a:b4:d3:b7:e3:e7:c8:64:81:d2:9e:b8:db:
                    14:f7:16:78:90:87:47:13:93:03:ad:9b:4a:8b:e1:
                    e8:63:df:71:74:f9:d4:d2:30:51:dc:9b:0f:5b:f2:
                    3e:93:b6:19:77:d1:b1:d8:38:1d:ca:58:1a:9e:73:
                    ad:82:7e:e1:41:36:76:5f:9e:7b:48:f8:e1:48:79:
                    02:b3:47:e3:55:91:db:c6:71:4f:52:f8:d2:c9:b0:
                    66:44:11:e9:37:23:03:4e:d6:b6:c5:e6:bb:ad:99:
                    43:bc:92:f1:dd:b3:cf:b1:f7:39:a8:95:de:e8:7d:
                    67:f6:21:cf:ba:44:b8:c3:3e:46:e2:00:96:7d:47:
                    fd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E0:06:0C:4F:0B:D7:D3:BD:D5:12:9A:E8:3D:34:F7:76:A0:25:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/769c4dbd-3126-4995-aaaa-5fcc1a89ecbb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         2c:3e:80:d7:3b:61:b3:d8:2e:a3:44:18:81:44:04:5e:53:83:
         03:a9:48:71:b0:ed:1e:c6:ef:26:57:fc:8c:8f:7b:c7:19:02:
         05:44:1f:bd:ca:97:59:fa:9c:9c:d2:92:03:d5:0f:ab:fc:4c:
         41:4f:66:1d:61:1a:03:30:e2:a4:ba:9b:84:77:dc:33:66:f8:
         50:7e:e3:a3:5f:fe:c3:e2:b7:02:34:89:6c:c3:c5:90:3d:5e:
         49:f6:80:53:ae:7f:fd:70:79:b9:e8:32:17:30:a4:b3:54:20:
         11:a9:a5:6e:85:5f:58:c4:df:9d:02:67:7e:42:07:6c:05:09:
         04:55:92:44:40:8e:0f:8b:00:f2:85:a5:b0:03:32:09:74:c4:
         54:7f:13:62:f6:97:da:f7:22:8c:5c:fd:04:bf:8f:f7:7f:57:
         5f:a8:ad:87:f4:62:01:58:4f:30:d1:2a:50:5f:69:bb:1f:55:
         f4:39:05:0f:a9:9e:3e:6d:09:99:43:fd:eb:43:40:79:5a:75:
         9a:af:94:b1:04:7e:cf:79:9c:7e:80:8c:60:e8:f4:e8:c8:99:
         61:b9:fc:5a:b4:15:06:58:f2:30:32:af:a9:66:68:0b:64:3c:
         30:e1:6f:83:45:93:e3:5f:42:2b:d8:5c:54:e6:98:73:78:e3:
         16:31:c6:d3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdBgYi+vV5FgZnj42NZKTFyjEY6UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA4MDAwMDAwWhcNMjUwMzE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDcxNWJkNGExMTdiZTczY2RjNTMxNWJjZjI1Yjk4OTk5
ZWQzNDBlNjU5NGVkOTIzMzgyNThmZjc5OWQzYTEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgn0JpUnkVjoYYBSjyKhKab6muQVyl/FLyyG6s3w0u2o+0
vJEZ/9QxG0zyS+GOC3IwkRpDrDsXbnYEleeSvmhj3sjNzIXxioY4K72k/8eXRO1Q
36GLXhg3m30y6+IsilKTT06JFcHJtrOax4H9akkrg50x8r5Yra3PKrTTt+PnyGSB
0p642xT3FniQh0cTkwOtm0qL4ehj33F0+dTSMFHcmw9b8j6Tthl30bHYOB3KWBqe
c62CfuFBNnZfnntI+OFIeQKzR+NVkdvGcU9S+NLJsGZEEek3IwNO1rbF5rutmUO8
kvHds8+x9zmold7ofWf2Ic+6RLjDPkbiAJZ9R/23AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9uAGDE8L19O91RKa6D0093agJd4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2OWM0ZGJkLTMxMjYtNDk5NS1hYWFhLTVmY2MxYTg5ZWNiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIN4DANBgkqhkiG9w0BAQsFAAOCAQEALD6A1zths9guo0QYgUQEXlODA6lI
cbDtHsbvJlf8jI97xxkCBUQfvcqXWfqcnNKSA9UPq/xMQU9mHWEaAzDipLqbhHfc
M2b4UH7jo1/+w+K3AjSJbMPFkD1eSfaAU65//XB5uegyFzCks1QgEamlboVfWMTf
nQJnfkIHbAUJBFWSRECOD4sA8oWlsAMyCXTEVH8TYvaX2vcijFz9BL+P939XX6it
h/RiAVhPMNEqUF9pux9V9DkFD6mePm0JmUP960NAeVp1mq+UsQR+z3mcfoCMYOj0
6MiZYbn8WrQVBljyMDKvqWZoC2Q8MOFvg0WT419CK9hcVOaYc3jjFjHG0w==
-----END CERTIFICATE-----