Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a721e853-0369-4d32-b3f4-ef9c261b1f58.roa
File:                     a721e853-0369-4d32-b3f4-ef9c261b1f58.roa (raw, json)
Hash identifier:          5B7OFwUe3Czv0Lg8q1XsXtbQwXYPJDPa5H4pzRHTRbU=
Subject key identifier:   E0:DE:F8:C0:AE:25:2A:C9:85:20:B4:43:25:C6:B3:DB:25:26:FE:6B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       582FFF7E731BC313D54002A798B876B74C01BC78
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a721e853-0369-4d32-b3f4-ef9c261b1f58.roa
Signing time:             Fri 09 May 2025 15:10:15 +0000
ROA not before:           Fri 09 May 2025 15:10:15 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.217.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:2f:ff:7e:73:1b:c3:13:d5:40:02:a7:98:b8:76:b7:4c:01:bc:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 15:10:15 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=570e4a9d649371cbf59f70130c74fa55b9b65d95cb828289990c1356139f37e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ee:98:09:dd:a9:f0:ba:7d:ea:d2:58:0d:b2:
                    6b:16:c5:c0:2f:74:b6:1b:cd:1f:b6:81:87:eb:a5:
                    8b:66:6d:b5:06:21:22:a1:ce:9b:cb:0c:58:b0:19:
                    a8:03:72:96:f4:b6:c4:fd:d8:44:35:2b:db:f6:cc:
                    fe:85:39:11:30:e3:83:68:57:cc:4d:cb:05:05:2b:
                    b7:9f:1a:fe:8d:a1:81:55:b1:e0:af:49:af:0d:fd:
                    6d:74:b9:39:ab:9c:80:54:ab:a4:3e:4f:cb:83:20:
                    15:0b:e5:cd:47:08:33:59:fa:b0:52:38:c2:4b:bc:
                    ca:eb:f0:4f:ca:44:f1:0f:4e:4b:bc:69:41:af:2d:
                    95:fc:82:1d:f9:c5:1b:c8:32:c3:78:22:1c:4f:6f:
                    2b:22:f4:aa:bd:21:0e:6d:9c:ed:6a:24:99:34:e6:
                    3f:2e:c0:71:c2:b9:83:aa:c2:03:ac:d2:3c:9a:69:
                    3c:6e:57:1d:9a:25:08:f6:eb:a4:ec:e8:19:7a:18:
                    41:de:40:dd:a9:26:2a:b9:fe:44:33:b2:23:fc:f6:
                    74:49:96:c3:b3:81:c9:eb:35:18:87:44:54:c4:82:
                    5f:80:13:c8:c9:3b:ac:c0:91:c6:7e:5b:99:f9:71:
                    8b:92:9a:f5:22:ff:da:bd:0f:e6:74:5e:56:2e:3c:
                    03:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:DE:F8:C0:AE:25:2A:C9:85:20:B4:43:25:C6:B3:DB:25:26:FE:6B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a721e853-0369-4d32-b3f4-ef9c261b1f58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.217.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:23:70:61:b7:49:2b:57:55:1c:f4:6a:36:84:f1:a3:fd:16:
         80:df:9f:3d:c6:e1:68:d4:bd:53:fc:20:42:a2:9a:72:22:a0:
         ba:89:8c:81:c4:4a:8c:7a:18:d5:c2:83:9f:72:a6:1f:b1:e7:
         bd:e9:ab:3d:2a:24:36:2a:9d:e9:6f:d3:1e:12:ff:95:d8:a8:
         52:fd:44:65:9d:8f:9d:f4:8c:f0:6f:df:79:b0:23:d5:11:00:
         c9:1d:0f:ec:56:d7:c9:ef:9e:87:33:fc:83:53:d3:3f:74:65:
         53:97:4d:2b:88:79:96:47:65:3e:92:64:21:60:b8:d2:91:26:
         87:86:56:61:6e:2c:4b:75:34:f6:44:22:af:8c:cb:cf:cb:ba:
         60:24:8d:b3:64:41:31:ee:02:14:c0:f6:d5:92:b1:e7:d6:b8:
         dd:1c:d4:5f:46:1a:07:3e:cd:9c:a8:a7:2a:85:64:19:de:8c:
         c4:48:e8:6b:3b:f7:14:18:0c:ab:e5:5d:db:5d:e2:c1:d3:34:
         8e:b7:61:c0:2a:b2:bb:ff:d0:a2:03:20:e6:67:03:65:2d:a0:
         f0:5c:f5:35:2b:7c:b2:9b:31:43:b2:21:ef:ad:76:8d:25:e9:
         8a:56:bd:fc:71:93:f9:ef:10:53:39:d0:88:8f:76:00:3a:12:
         a5:a9:2b:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWC//fnMbwxPVQAKnmLh2t0wBvHgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MTUxMDE1WhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzBlNGE5ZDY0OTM3MWNiZjU5ZjcwMTMwYzc0ZmE1NWI5
YjY1ZDk1Y2I4MjgyODk5OTBjMTM1NjEzOWYzN2U1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDq7pgJ3anwun3q0lgNsmsWxcAvdLYbzR+2gYfrpYtmbbUG
ISKhzpvLDFiwGagDcpb0tsT92EQ1K9v2zP6FOREw44NoV8xNywUFK7efGv6NoYFV
seCvSa8N/W10uTmrnIBUq6Q+T8uDIBUL5c1HCDNZ+rBSOMJLvMrr8E/KRPEPTku8
aUGvLZX8gh35xRvIMsN4IhxPbysi9Kq9IQ5tnO1qJJk05j8uwHHCuYOqwgOs0jya
aTxuVx2aJQj266Ts6Bl6GEHeQN2pJiq5/kQzsiP89nRJlsOzgcnrNRiHRFTEgl+A
E8jJO6zAkcZ+W5n5cYuSmvUi/9q9D+Z0XlYuPAOPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4N74wK4lKsmFILRDJcaz2yUm/mswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3MjFlODUzLTAzNjktNGQzMi1iM2Y0LWVmOWMyNjFiMWY1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAi2Y8wDQYJKoZIhvcNAQELBQADggEBAAsjcGG3SStXVRz0ajaE8aP9FoDf
nz3G4WjUvVP8IEKimnIioLqJjIHESox6GNXCg59yph+x573pqz0qJDYqnelv0x4S
/5XYqFL9RGWdj530jPBv33mwI9URAMkdD+xW18nvnocz/INT0z90ZVOXTSuIeZZH
ZT6SZCFguNKRJoeGVmFuLEt1NPZEIq+My8/LumAkjbNkQTHuAhTA9tWSsefWuN0c
1F9GGgc+zZyopyqFZBnejMRI6Gs79xQYDKvlXdtd4sHTNI63YcAqsrv/0KIDIOZn
A2UtoPBc9TUrfLKbMUOyIe+tdo0l6YpWvfxxk/nvEFM50IiPdgA6EqWpK58=
-----END CERTIFICATE-----