Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ec62a8b2-8a8a-4a64-bf41-4c1e5865792b.roa
File:                     ec62a8b2-8a8a-4a64-bf41-4c1e5865792b.roa (raw, json)
Hash identifier:          dvcWEo3IJ+nLcIWxnnh9qlp5XDdMC3hBtA+4Vk4C/Uo=
Subject key identifier:   11:A3:1F:21:70:B8:79:57:AB:F3:48:EA:7E:DF:0D:5E:AA:82:0D:6D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       355838C930FF7FF24743696F90C118506E453050
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ec62a8b2-8a8a-4a64-bf41-4c1e5865792b.roa
Signing time:             Fri 09 May 2025 15:10:08 +0000
ROA not before:           Fri 09 May 2025 15:10:08 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.64.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:58:38:c9:30:ff:7f:f2:47:43:69:6f:90:c1:18:50:6e:45:30:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 15:10:08 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=1c1df9a69a38c43da16b81f7f5a7a845833f78572e245812bcd9f684c22824bd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:8f:96:91:fc:9a:eb:3a:1f:e5:cc:6e:7f:96:
                    5a:9c:64:7c:7b:f4:33:31:b7:24:11:29:a9:dc:0b:
                    3c:5b:b2:ee:46:d6:89:af:d7:f4:5a:41:55:d1:da:
                    1f:10:56:e5:c9:33:dc:7d:80:1b:54:61:71:51:b3:
                    b3:70:26:1b:dd:23:93:4f:c3:c9:3b:6e:96:5d:85:
                    25:85:b3:07:d6:64:c1:ab:c3:bf:de:5d:9e:2a:da:
                    bd:67:c2:0d:d3:e7:36:86:32:7e:bf:27:a6:09:55:
                    c0:63:ac:81:10:12:a2:81:06:17:f9:08:89:0c:2a:
                    48:da:6b:db:2e:31:09:6d:d2:19:9e:07:97:fb:3b:
                    a1:54:99:86:b2:ed:de:52:f2:27:91:9a:32:5d:45:
                    d6:4a:6b:ad:91:54:94:f0:73:62:d6:5e:ee:8e:0d:
                    8e:d7:3f:40:37:9c:c2:64:53:3a:3d:3d:ec:dc:d8:
                    01:f6:81:27:48:88:af:f0:3b:21:f3:66:44:d5:f8:
                    9c:85:40:33:1e:df:4e:c9:68:56:e5:6b:c0:02:c6:
                    a4:db:6c:f3:b1:ca:b0:7b:aa:97:57:a5:6c:00:b7:
                    de:95:14:b6:b6:78:d5:35:9e:da:1e:ce:a7:78:3e:
                    7f:d3:ea:f8:e8:79:a1:2a:15:b8:59:06:84:b8:ab:
                    77:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A3:1F:21:70:B8:79:57:AB:F3:48:EA:7E:DF:0D:5E:AA:82:0D:6D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ec62a8b2-8a8a-4a64-bf41-4c1e5865792b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.64.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         55:c5:45:14:90:a0:85:9e:d7:90:04:2b:dd:5d:a8:08:c7:6a:
         78:e3:29:56:62:09:bc:1b:16:42:7b:a4:97:d8:f8:21:f4:b6:
         3b:ec:25:dc:a6:86:96:31:af:09:75:f6:4a:a3:cd:33:8d:e6:
         c6:21:8c:0f:7e:61:e4:74:25:86:ce:12:3b:36:cb:86:6c:5e:
         ad:91:64:e1:0f:a3:a4:87:9a:e0:c5:e0:ad:ad:a0:fe:9c:cb:
         8e:12:ca:42:d8:92:86:83:7c:c3:8b:15:70:de:d9:3a:bd:0c:
         ce:33:62:a8:df:f5:9a:48:c4:97:c9:24:58:cc:ef:03:c1:b6:
         ab:d6:6b:63:1b:1a:eb:0c:a0:40:47:ee:96:37:b7:5a:0d:9e:
         c9:db:90:74:77:b5:d6:39:98:a6:d5:1e:cd:bc:86:97:5d:07:
         57:86:29:a8:3d:21:13:db:f7:c3:53:2d:37:01:2b:f4:c1:d7:
         ea:f0:dc:a6:85:a4:37:b7:9e:91:75:ac:89:bc:52:cf:41:5a:
         93:08:88:98:fb:29:c6:0b:50:26:d5:0c:72:4e:b6:ac:a1:87:
         82:7f:ef:8f:d4:40:89:9c:c0:34:f5:9a:90:f1:1a:24:d8:e1:
         d9:c4:47:69:4f:7a:01:ef:6e:69:ff:23:ef:e8:d2:80:9b:4b:
         68:48:52:0e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNVg4yTD/f/JHQ2lvkMEYUG5FMFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MTUxMDA4WhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzFkZjlhNjlhMzhjNDNkYTE2YjgxZjdmNWE3YTg0NTgz
M2Y3ODU3MmUyNDU4MTJiY2Q5ZjY4NGMyMjgyNGJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjj5aR/JrrOh/lzG5/llqcZHx79DMxtyQRKancCzxbsu5G
1omv1/RaQVXR2h8QVuXJM9x9gBtUYXFRs7NwJhvdI5NPw8k7bpZdhSWFswfWZMGr
w7/eXZ4q2r1nwg3T5zaGMn6/J6YJVcBjrIEQEqKBBhf5CIkMKkjaa9suMQlt0hme
B5f7O6FUmYay7d5S8ieRmjJdRdZKa62RVJTwc2LWXu6ODY7XP0A3nMJkUzo9Pezc
2AH2gSdIiK/wOyHzZkTV+JyFQDMe307JaFbla8ACxqTbbPOxyrB7qpdXpWwAt96V
FLa2eNU1ntoezqd4Pn/T6vjoeaEqFbhZBoS4q3e7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEaMfIXC4eVer80jqft8NXqqCDW0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VjNjJhOGIyLThhOGEtNGE2NC1iZjQxLTRjMWU1ODY1NzkyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQDQDANBgkqhkiG9w0BAQsFAAOCAQEAVcVFFJCghZ7XkAQr3V2oCMdqeOMp
VmIJvBsWQnukl9j4IfS2O+wl3KaGljGvCXX2SqPNM43mxiGMD35h5HQlhs4SOzbL
hmxerZFk4Q+jpIea4MXgra2g/pzLjhLKQtiShoN8w4sVcN7ZOr0MzjNiqN/1mkjE
l8kkWMzvA8G2q9ZrYxsa6wygQEfulje3Wg2eyduQdHe11jmYptUezbyGl10HV4Yp
qD0hE9v3w1MtNwEr9MHX6vDcpoWkN7eekXWsibxSz0FakwiImPspxgtQJtUMck62
rKGHgn/vj9RAiZzANPWakPEaJNjh2cRHaU96Ae9uaf8j7+jSgJtLaEhSDg==
-----END CERTIFICATE-----