Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9cd42836-2ab7-4dea-ac47-f41584c49836.roa
File:                     9cd42836-2ab7-4dea-ac47-f41584c49836.roa (raw, json)
Hash identifier:          BJnjS0L3y4a9LhHq7qPdnO6mrIbXu/xh3Dw3mWK4q+o=
Subject key identifier:   E7:7D:01:F7:8D:6D:63:DB:EF:34:6E:B0:77:44:DB:5A:60:AD:F9:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0430FD58D0CFE162C7F2E894F050A51F8940CDBC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9cd42836-2ab7-4dea-ac47-f41584c49836.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.124.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:30:fd:58:d0:cf:e1:62:c7:f2:e8:94:f0:50:a5:1f:89:40:cd:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:57:de:e4:27:08:60:76:ad:1d:75:4c:ee:76:
                    04:ec:87:d3:c8:43:73:c1:58:06:21:e4:ba:33:49:
                    ba:9b:69:e0:e1:af:17:66:35:0b:18:c0:96:9e:d4:
                    53:a7:cf:d2:5a:35:91:d7:f5:1e:99:77:37:c0:83:
                    ff:9d:05:9e:d3:56:b3:2b:d6:b8:84:6c:16:c3:d3:
                    5b:80:63:7f:db:15:c9:87:4b:5d:61:12:9e:99:1a:
                    63:ab:c1:f6:02:0c:87:25:20:50:e9:24:1f:8e:8f:
                    0a:6c:32:ce:42:31:00:40:43:a1:76:47:4e:45:7a:
                    5e:12:51:db:64:e0:b6:9e:3a:78:bc:8c:82:63:71:
                    fc:ae:21:03:cd:94:7a:32:b6:cd:6e:4c:8a:16:4b:
                    37:c4:a7:a2:f3:59:ed:c4:46:b0:5c:bb:07:05:05:
                    d0:30:d4:8e:28:33:46:c7:93:ca:51:ee:1f:b2:17:
                    20:f6:73:2c:68:6f:cd:d8:aa:52:1e:ad:ed:18:28:
                    57:a9:e4:18:3c:03:43:de:01:fe:02:14:dd:65:52:
                    60:23:bb:80:c3:de:02:8e:2d:72:73:e2:0a:45:28:
                    b3:28:25:b7:e9:a7:9e:a3:ec:c6:16:df:e1:07:82:
                    df:17:6d:63:39:d4:1d:29:ab:49:9e:81:78:ed:a8:
                    07:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:7D:01:F7:8D:6D:63:DB:EF:34:6E:B0:77:44:DB:5A:60:AD:F9:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9cd42836-2ab7-4dea-ac47-f41584c49836.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.124.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         11:5a:26:da:7d:b5:47:9c:95:c7:d7:8a:fe:87:c0:c0:2d:c8:
         b5:d3:e6:f4:ac:7a:5c:a7:5d:77:c2:20:e6:52:bb:50:2c:50:
         48:49:84:56:71:9e:e8:bb:e5:5d:cf:91:81:d1:b2:03:30:d1:
         12:5d:9e:74:c1:6f:39:23:1f:45:c5:7a:f0:c1:cd:3a:57:e9:
         61:90:7e:5b:56:04:8f:aa:12:da:e5:49:72:c0:90:87:c4:df:
         c4:df:e9:ff:81:11:0e:44:7b:f4:4f:ed:10:cb:36:95:c5:94:
         0d:ee:a6:e4:f3:47:6c:79:ab:5b:4b:6a:49:eb:0f:d4:68:dd:
         52:9e:8e:9f:3d:0b:57:ca:6c:83:5b:34:33:6e:ca:a4:77:d7:
         77:62:26:a4:8b:87:ab:0e:46:37:92:ec:72:16:fa:0c:29:3c:
         8f:bf:32:50:7e:f3:c6:b7:9a:fe:c7:1f:d8:c9:7f:29:fe:5a:
         5c:af:67:b1:85:35:f1:02:3b:35:a1:1d:e0:6e:20:d8:82:26:
         a2:8f:77:e6:62:c4:24:81:41:a3:13:8e:57:1e:75:88:60:1b:
         b7:c6:a7:83:38:ca:f2:61:d4:66:ed:0f:b6:dc:57:b3:43:14:
         ec:0c:ad:f2:e1:e6:f3:97:b4:a3:04:3a:09:8a:d9:e2:b0:66:
         33:8e:0f:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBDD9WNDP4WLH8uiU8FClH4lAzbwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGM4NmUzYThmMzIzY2Q3ODhlOGEwOTZhNGY2ZWYyMjM0
YmUxYmQxZGEwMDFkOTFhOGJmMDgxMDdjOGY2NmIzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYV97kJwhgdq0ddUzudgTsh9PIQ3PBWAYh5LozSbqbaeDh
rxdmNQsYwJae1FOnz9JaNZHX9R6ZdzfAg/+dBZ7TVrMr1riEbBbD01uAY3/bFcmH
S11hEp6ZGmOrwfYCDIclIFDpJB+OjwpsMs5CMQBAQ6F2R05Fel4SUdtk4LaeOni8
jIJjcfyuIQPNlHoyts1uTIoWSzfEp6LzWe3ERrBcuwcFBdAw1I4oM0bHk8pR7h+y
FyD2cyxob83YqlIere0YKFep5Bg8A0PeAf4CFN1lUmAju4DD3gKOLXJz4gpFKLMo
Jbfpp56j7MYW3+EHgt8XbWM51B0pq0megXjtqAfJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU530B941tY9vvNG6wd0TbWmCt+QIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzljZDQyODM2LTJhYjctNGRlYS1hYzQ3LWY0MTU4NGM0OTgzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNfEAwDQYJKoZIhvcNAQELBQADggEBABFaJtp9tUeclcfXiv6HwMAtyLXT
5vSselynXXfCIOZSu1AsUEhJhFZxnui75V3PkYHRsgMw0RJdnnTBbzkjH0XFevDB
zTpX6WGQfltWBI+qEtrlSXLAkIfE38Tf6f+BEQ5Ee/RP7RDLNpXFlA3upuTzR2x5
q1tLaknrD9Ro3VKejp89C1fKbINbNDNuyqR313diJqSLh6sORjeS7HIW+gwpPI+/
MlB+88a3mv7HH9jJfyn+WlyvZ7GFNfECOzWhHeBuINiCJqKPd+ZixCSBQaMTjlce
dYhgG7fGp4M4yvJh1GbtD7bcV7NDFOwMrfLh5vOXtKMEOgmK2eKwZjOOD3I=
-----END CERTIFICATE-----