Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac129866-e40c-4b2b-adc8-dad9d3e140ef.roa
File:                     ac129866-e40c-4b2b-adc8-dad9d3e140ef.roa (raw, json)
Hash identifier:          r2UiSml3Z+2XuptItG5Y++GlCAmsgvjEA9Ob/p6fwpU=
Subject key identifier:   CB:64:AB:62:E9:5E:CD:25:EE:6D:05:95:8C:A7:E6:35:6E:50:A8:EC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3B36CCA5FE02FD3ACAA715FF1D24376D14A9E4CD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac129866-e40c-4b2b-adc8-dad9d3e140ef.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.128.0.0/10 maxlen: 10
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:36:cc:a5:fe:02:fd:3a:ca:a7:15:ff:1d:24:37:6d:14:a9:e4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1d:2b:8e:c8:bc:38:fd:91:c7:df:cd:b9:56:
                    aa:b6:b8:7f:8f:e7:c1:f5:2f:d2:1b:9f:42:4f:f3:
                    10:14:5b:38:17:c3:98:6b:e3:27:da:2b:3a:b5:37:
                    21:70:5e:43:c3:f5:f7:98:ab:ab:cd:af:69:e7:ac:
                    d9:1a:8b:fd:5e:f6:04:ac:11:4f:7d:d4:3f:22:1c:
                    0c:c5:75:79:98:a3:6b:61:b6:14:05:ed:57:b7:1e:
                    4c:3f:fa:f4:8f:e9:a5:d5:e5:af:93:67:e0:26:e4:
                    b9:b6:16:82:2c:c5:74:f7:53:8a:1f:17:87:a1:ac:
                    dc:bb:dc:d6:03:80:8e:c8:65:5d:f7:ed:8d:42:74:
                    12:a0:94:e6:22:52:d4:3b:73:49:61:ca:a4:87:32:
                    66:17:6a:f7:22:a0:4e:15:c2:bb:c4:77:a2:a6:f6:
                    62:77:bb:6c:8c:3e:57:f8:49:f6:0c:c9:fa:5c:7a:
                    e4:b0:b7:3b:44:d4:f5:a1:c8:be:0f:2a:88:05:cc:
                    15:44:2f:0c:4a:9f:b9:df:8b:a0:09:4a:62:39:49:
                    a1:17:38:17:2d:01:4f:91:ca:ae:8e:7f:0d:70:02:
                    ca:54:cf:78:fb:d4:09:1d:c6:b2:c1:b2:48:d0:97:
                    54:3c:58:69:fc:54:ee:01:e7:5a:2f:89:7c:fb:80:
                    aa:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:64:AB:62:E9:5E:CD:25:EE:6D:05:95:8C:A7:E6:35:6E:50:A8:EC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac129866-e40c-4b2b-adc8-dad9d3e140ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.128.0.0/10

    Signature Algorithm: sha256WithRSAEncryption
         4d:96:ca:39:ae:cc:d5:ad:9d:61:bc:0f:89:2a:47:0a:30:67:
         c9:2a:d3:8f:61:26:23:e1:d9:8f:c2:47:a6:a7:98:bd:aa:5b:
         a3:69:85:a0:29:9b:61:80:dd:46:ce:34:c9:cf:7f:7f:39:d5:
         99:b9:bb:60:52:8a:b8:3e:d5:3d:f8:c5:84:79:65:04:e6:8d:
         e6:c3:f2:f1:2d:11:29:66:47:10:81:3e:bb:8f:38:e9:ae:62:
         df:39:ad:f4:d1:d6:87:af:6a:89:d7:f7:06:8d:d6:4e:7d:a0:
         58:7c:86:3a:3b:b3:ec:41:47:17:2e:83:b4:19:ed:23:65:bd:
         7d:6f:31:58:0a:c8:20:39:bc:64:4d:42:7b:a7:20:62:70:5f:
         83:28:4d:36:19:71:f1:ec:bb:0c:a7:b4:a9:6e:cb:7f:9f:6c:
         8a:72:dc:43:45:71:5e:d8:dd:d5:40:b2:0f:0f:98:b4:0a:cb:
         0f:3d:f7:16:1b:b3:dc:b4:4d:b2:34:78:41:a9:2a:8e:f7:5b:
         e7:bc:63:c0:60:91:7b:57:7f:6e:90:5a:3f:ce:cf:60:84:98:
         36:93:f6:e0:ad:a8:c9:b3:7e:bb:50:39:a5:39:4b:21:f1:9f:
         a2:e8:e8:e9:ba:b4:ab:55:b5:73:cb:d0:d7:ae:f9:2b:9c:75:
         07:1d:7a:34
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOzbMpf4C/TrKpxX/HSQ3bRSp5M0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTNlYmFjNTgwY2ZlNWYwZTA1ZjU2MDQ3ZWM0YjgxOTQ3
OWJhMjVhZTA2ODE4YmQxNDY4ODhkMGY5Nzg0NmEwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdHSuOyLw4/ZHH3825Vqq2uH+P58H1L9Ibn0JP8xAUWzgX
w5hr4yfaKzq1NyFwXkPD9feYq6vNr2nnrNkai/1e9gSsEU991D8iHAzFdXmYo2th
thQF7Ve3Hkw/+vSP6aXV5a+TZ+Am5Lm2FoIsxXT3U4ofF4ehrNy73NYDgI7IZV33
7Y1CdBKglOYiUtQ7c0lhyqSHMmYXavcioE4VwrvEd6Km9mJ3u2yMPlf4SfYMyfpc
euSwtztE1PWhyL4PKogFzBVELwxKn7nfi6AJSmI5SaEXOBctAU+Ryq6Ofw1wAspU
z3j71AkdxrLBskjQl1Q8WGn8VO4B51oviXz7gKrpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUy2SrYulezSXubQWVjKfmNW5QqOwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FjMTI5ODY2LWU0MGMtNGIyYi1hZGM4LWRhZDlkM2UxNDBlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwYDgDANBgkqhkiG9w0BAQsFAAOCAQEATZbKOa7M1a2dYbwPiSpHCjBnySrT
j2EmI+HZj8JHpqeYvapbo2mFoCmbYYDdRs40yc9/fznVmbm7YFKKuD7VPfjFhHll
BOaN5sPy8S0RKWZHEIE+u4846a5i3zmt9NHWh69qidf3Bo3WTn2gWHyGOjuz7EFH
Fy6DtBntI2W9fW8xWArIIDm8ZE1Ce6cgYnBfgyhNNhlx8ey7DKe0qW7Lf59sinLc
Q0VxXtjd1UCyDw+YtArLDz33Fhuz3LRNsjR4Qakqjvdb57xjwGCRe1d/bpBaP87P
YISYNpP24K2oybN+u1A5pTlLIfGfoujo6bq0q1W1c8vQ1675K5x1Bx16NA==
-----END CERTIFICATE-----