Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7a4cd46e-b055-47b6-a4f5-54b4d9014b9e.roa
File:                     7a4cd46e-b055-47b6-a4f5-54b4d9014b9e.roa (raw, json)
Hash identifier:          slGFp1ItBhy0yczs/vnaTp9coYfW9qbhiw2QOKnYEco=
Subject key identifier:   F2:A5:92:45:CE:B1:B2:A2:76:73:15:AF:53:ED:CF:C0:AD:98:C5:41
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A9B36EACF5F0324E3FB7C84E6CD9CB455AAA058
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7a4cd46e-b055-47b6-a4f5-54b4d9014b9e.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.236.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:9b:36:ea:cf:5f:03:24:e3:fb:7c:84:e6:cd:9c:b4:55:aa:a0:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:86:8c:3e:39:65:25:cd:d3:4e:f6:fd:00:03:
                    0c:6c:51:e3:4f:40:b3:54:ce:9f:83:a2:12:b0:69:
                    74:24:7a:a7:f4:47:fd:10:cd:78:99:8b:3e:ab:02:
                    90:61:32:a9:a9:b7:1c:e9:af:3f:62:be:97:db:8c:
                    f5:1a:1f:f3:3f:e8:71:d9:58:6d:a2:4e:55:ea:67:
                    90:eb:71:bc:eb:ee:d1:60:ac:83:60:7d:51:77:a0:
                    ed:66:33:a0:44:01:61:0c:fb:37:06:f9:03:fe:6b:
                    d1:d2:c9:5a:96:02:3b:ff:38:19:a0:4a:5f:67:c7:
                    bd:96:a4:c5:4c:45:0d:e3:41:dd:b7:2e:e5:05:ac:
                    25:f9:fc:08:9d:e2:56:ab:b4:e1:42:47:33:a1:6c:
                    d9:fd:1f:e5:05:d1:cd:c2:0d:e4:9b:07:37:c3:74:
                    ed:15:5e:8a:eb:7f:67:82:f4:3b:8d:ed:b6:f4:23:
                    f6:83:7d:bf:c9:03:2d:d3:d8:67:d7:37:72:4f:34:
                    7c:b8:cb:ca:72:9f:b4:35:5e:07:44:e0:38:7e:b4:
                    1b:28:74:5e:b5:14:7e:b0:df:c8:87:33:8f:00:df:
                    32:58:eb:41:50:5e:4b:9a:3d:a1:1d:7f:2c:f9:8b:
                    86:b6:56:8e:4c:2c:76:5d:37:65:57:af:c2:e1:40:
                    63:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A5:92:45:CE:B1:B2:A2:76:73:15:AF:53:ED:CF:C0:AD:98:C5:41
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7a4cd46e-b055-47b6-a4f5-54b4d9014b9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.236.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:37:a8:a7:32:8f:fa:b7:d4:24:31:95:aa:94:b9:10:8d:6e:
         f5:d5:c2:d4:80:67:37:b1:d2:37:44:19:bd:bf:b7:4c:96:f0:
         52:e9:0e:de:fe:69:72:c6:14:a3:0f:06:10:60:d5:b7:a6:b7:
         b6:a7:cc:3f:21:1c:96:16:c9:fc:32:03:06:aa:81:82:bb:df:
         e9:66:37:37:a3:d5:9f:58:12:26:df:2e:30:ab:d0:3d:d5:1b:
         75:85:ab:14:1e:18:8e:97:bc:13:4b:2a:8f:95:fa:5a:60:67:
         95:28:f4:fc:1d:6c:38:b4:8b:36:0c:80:1c:c5:f8:de:e8:a9:
         7a:11:0e:01:00:d5:e5:a8:79:a1:8b:cc:98:ee:3b:3c:0c:78:
         d4:c7:1b:16:0a:e6:79:7d:77:83:5e:27:50:2c:c4:eb:43:33:
         2e:88:04:95:74:b4:eb:7f:4c:d4:a4:58:2a:c3:70:70:06:60:
         4f:1e:83:c6:89:49:c7:5a:a3:0b:b0:bf:6d:b9:51:9f:80:ff:
         bb:c5:09:e5:ba:0b:b2:a5:75:a9:c1:57:47:85:52:5b:52:95:
         06:0e:16:4a:34:af:10:bd:07:9e:96:0b:33:0d:cf:4f:06:38:
         58:f5:66:20:71:5a:eb:7e:6a:c8:8a:fa:d5:6e:74:37:ed:45:
         c0:91:39:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaps26s9fAyTj+3yE5s2ctFWqoFgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWE3NGI5ZGE0NWMzYTNkMTA3ZDJiMDQxYWM4ZWRlYTlm
OWZjNzkwZGQ2NmY4ZDU2ZGYzNzNhMTdiYjBmZDdkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1how+OWUlzdNO9v0AAwxsUeNPQLNUzp+DohKwaXQkeqf0
R/0QzXiZiz6rApBhMqmptxzprz9ivpfbjPUaH/M/6HHZWG2iTlXqZ5Drcbzr7tFg
rINgfVF3oO1mM6BEAWEM+zcG+QP+a9HSyVqWAjv/OBmgSl9nx72WpMVMRQ3jQd23
LuUFrCX5/Aid4lartOFCRzOhbNn9H+UF0c3CDeSbBzfDdO0VXorrf2eC9DuN7bb0
I/aDfb/JAy3T2GfXN3JPNHy4y8pyn7Q1XgdE4Dh+tBsodF61FH6w38iHM48A3zJY
60FQXkuaPaEdfyz5i4a2Vo5MLHZdN2VXr8LhQGPFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8qWSRc6xsqJ2cxWvU+3PwK2YxUEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdhNGNkNDZlLWIwNTUtNDdiNi1hNGY1LTU0YjRkOTAxNGI5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAID7DwwDQYJKoZIhvcNAQELBQADggEBAD43qKcyj/q31CQxlaqUuRCNbvXV
wtSAZzex0jdEGb2/t0yW8FLpDt7+aXLGFKMPBhBg1bemt7anzD8hHJYWyfwyAwaq
gYK73+lmNzej1Z9YEibfLjCr0D3VG3WFqxQeGI6XvBNLKo+V+lpgZ5Uo9PwdbDi0
izYMgBzF+N7oqXoRDgEA1eWoeaGLzJjuOzwMeNTHGxYK5nl9d4NeJ1AsxOtDMy6I
BJV0tOt/TNSkWCrDcHAGYE8eg8aJScdaowuwv225UZ+A/7vFCeW6C7KldanBV0eF
UltSlQYOFko0rxC9B56WCzMNz08GOFj1ZiBxWut+asiK+tVudDftRcCROTY=
-----END CERTIFICATE-----