Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbbaf6ca-d6ff-4a0d-8fb0-91210ecbc5ad.roa
File:                     bbbaf6ca-d6ff-4a0d-8fb0-91210ecbc5ad.roa (raw, json)
Hash identifier:          eYdR86m86QAi/StTX/uHJxzUJb3xe5hzWh23zsVFYWg=
Subject key identifier:   BD:02:81:C9:23:1F:B3:2C:9C:95:7B:5E:4D:DE:B5:25:B3:DA:AB:99
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2EB6914360326E60301F8E6E023209721C5792F2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbbaf6ca-d6ff-4a0d-8fb0-91210ecbc5ad.roa
Signing time:             Mon 30 Jun 2025 16:10:59 +0000
ROA not before:           Mon 30 Jun 2025 16:10:59 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:b6:91:43:60:32:6e:60:30:1f:8e:6e:02:32:09:72:1c:57:92:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 16:10:59 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=95bb2375d1a85ca61c6a4adb76b530da50e14e3a6a1d4386c9fd3d77944c2087, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:7b:14:b0:7c:f8:f6:5b:4d:7d:da:83:2f:59:
                    bd:75:69:bf:50:2a:d5:d2:28:07:55:d8:74:1f:86:
                    ee:57:71:e4:06:4a:36:54:f0:20:31:0a:60:f3:20:
                    89:64:3b:1e:67:19:65:4e:ff:f9:84:17:19:18:34:
                    34:76:a6:53:fb:af:e7:57:f2:6c:76:3e:22:22:f6:
                    c3:33:e7:f3:ec:f4:73:af:84:c6:7b:bb:1f:a5:0c:
                    46:37:8d:d7:53:3b:80:b6:78:43:f0:fd:9f:8d:51:
                    b6:a1:8c:da:7f:21:53:d7:ab:66:39:84:06:f7:8b:
                    ec:50:8d:f6:80:68:5e:f9:5b:31:2e:2f:44:8b:a7:
                    b8:ca:26:40:89:5c:88:e3:b1:6e:7c:4f:36:6f:ba:
                    1e:86:ce:f9:c3:db:3a:59:11:30:94:75:be:81:0b:
                    33:c4:be:cc:6e:f5:1b:71:db:9a:0a:77:e2:56:60:
                    e4:f2:14:58:4f:ea:6f:fe:45:06:dc:b0:ce:05:21:
                    fd:c9:31:b1:d7:19:24:18:9a:26:3d:db:fa:f9:18:
                    1c:c8:da:01:23:fa:1f:0b:fd:ab:d3:ae:58:2a:72:
                    86:50:c5:2a:bd:28:b4:83:37:5f:7b:bb:3a:0d:f0:
                    ce:99:4b:e9:ed:9c:98:06:6b:4c:03:5c:98:6f:de:
                    f8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:02:81:C9:23:1F:B3:2C:9C:95:7B:5E:4D:DE:B5:25:B3:DA:AB:99
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbbaf6ca-d6ff-4a0d-8fb0-91210ecbc5ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         0b:e3:a4:90:1b:17:76:be:49:5d:df:26:f0:d5:a8:5b:2a:85:
         4d:f1:a1:e8:3c:ee:9e:79:f5:a6:2e:52:73:0a:fd:9f:ac:53:
         cb:d1:18:fa:c5:19:c2:b1:e0:a2:f3:c2:65:b5:02:8d:01:d0:
         0f:39:12:95:6a:82:9e:da:ca:37:63:1c:78:6d:e3:e3:c0:b3:
         48:50:10:95:fb:0f:4a:8a:f9:c6:37:83:28:54:a0:77:78:33:
         1c:3e:45:e0:88:be:ca:7a:89:a2:56:25:be:0e:65:8d:9a:bd:
         e9:7c:14:7d:c8:58:2d:c9:86:b5:2f:1f:ab:d4:6c:3a:e2:02:
         29:95:de:38:d5:db:45:f2:59:75:e7:28:ca:db:8b:9e:50:4e:
         fc:bd:c0:1e:dd:e6:56:8c:55:0d:13:82:1c:b2:45:44:b8:ed:
         0b:ab:43:9a:83:71:9b:32:48:53:be:49:2c:f8:30:2e:cc:0e:
         19:8a:dc:5c:a3:b9:9e:57:2c:e2:25:74:59:4c:e7:14:d4:84:
         a1:2a:e8:d7:0e:ec:c8:38:d7:2d:d6:f4:2c:81:3b:99:4a:75:
         54:d0:40:13:7c:80:88:83:f5:15:b1:8f:89:a8:48:70:7c:01:
         35:90:9a:40:85:e2:fc:0c:dc:b5:cb:b7:f6:53:16:5d:6c:9f:
         f2:97:41:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULraRQ2AybmAwH45uAjIJchxXkvIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTYxMDU5WhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWJiMjM3NWQxYTg1Y2E2MWM2YTRhZGI3NmI1MzBkYTUw
ZTE0ZTNhNmExZDQzODZjOWZkM2Q3Nzk0NGMyMDg3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtexSwfPj2W0192oMvWb11ab9QKtXSKAdV2HQfhu5XceQG
SjZU8CAxCmDzIIlkOx5nGWVO//mEFxkYNDR2plP7r+dX8mx2PiIi9sMz5/Ps9HOv
hMZ7ux+lDEY3jddTO4C2eEPw/Z+NUbahjNp/IVPXq2Y5hAb3i+xQjfaAaF75WzEu
L0SLp7jKJkCJXIjjsW58TzZvuh6GzvnD2zpZETCUdb6BCzPEvsxu9Rtx25oKd+JW
YOTyFFhP6m/+RQbcsM4FIf3JMbHXGSQYmiY92/r5GBzI2gEj+h8L/avTrlgqcoZQ
xSq9KLSDN197uzoN8M6ZS+ntnJgGa0wDXJhv3vibAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvQKBySMfsyyclXteTd61JbPaq5kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JiYmFmNmNhLWQ2ZmYtNGEwZC04ZmIwLTkxMjEwZWNiYzVhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcD+AAwDQYJKoZIhvcNAQELBQADggEBAAvjpJAbF3a+SV3fJvDVqFsqhU3x
oeg87p559aYuUnMK/Z+sU8vRGPrFGcKx4KLzwmW1Ao0B0A85EpVqgp7ayjdjHHht
4+PAs0hQEJX7D0qK+cY3gyhUoHd4Mxw+ReCIvsp6iaJWJb4OZY2avel8FH3IWC3J
hrUvH6vUbDriAimV3jjV20XyWXXnKMrbi55QTvy9wB7d5laMVQ0TghyyRUS47Qur
Q5qDcZsySFO+SSz4MC7MDhmK3FyjuZ5XLOIldFlM5xTUhKEq6NcO7Mg41y3W9CyB
O5lKdVTQQBN8gIiD9RWxj4moSHB8ATWQmkCF4vwM3LXLt/ZTFl1sn/KXQU8=
-----END CERTIFICATE-----