Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa
File:                     f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa (raw, json)
Hash identifier:          I1iUT/+uE48EVouXHtYXmWWWGXjq9IFLB121XTlVWvY=
Subject key identifier:   02:73:01:9D:5F:4F:11:9B:53:70:82:42:D9:52:7F:45:92:D5:FF:89
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       323FCF3EACD4D8B02596C64AE45C6713FD51B0F3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa
Signing time:             Fri 17 Jan 2025 00:00:00 +0000
ROA not before:           Fri 17 Jan 2025 00:00:00 +0000
ROA not after:            Fri 21 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.4.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:3f:cf:3e:ac:d4:d8:b0:25:96:c6:4a:e4:5c:67:13:fd:51:b0:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 17 00:00:00 2025 GMT
            Not After : Feb 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d4:2a:14:2c:fd:8a:ef:e7:1a:da:b7:f1:de:
                    99:22:9b:49:d2:8d:61:b0:f8:e8:d2:f9:c6:57:2f:
                    f5:de:55:1e:6c:ec:df:ea:7c:be:ed:3e:9c:f3:74:
                    64:8b:6c:11:57:70:12:27:de:a7:a5:70:e9:1b:fd:
                    21:cd:fd:2b:b7:72:43:94:5a:41:47:1d:c2:5a:11:
                    9a:ba:9b:26:2b:e6:30:cb:2d:0b:a8:af:22:e1:88:
                    f9:9e:6c:4a:2b:25:c2:77:7c:10:13:ef:a5:8c:b3:
                    0e:53:d3:db:0a:ca:79:ea:45:3f:5c:61:be:7b:25:
                    8b:fb:4a:dc:4e:19:c9:5a:4c:03:43:ce:89:e8:ea:
                    cd:a9:8e:15:0e:08:af:f2:0d:c7:c6:6c:02:fc:9f:
                    9d:c9:47:32:36:34:7f:0f:2d:ce:61:39:df:65:82:
                    0d:c2:5c:45:91:7f:90:9e:d9:c8:12:f4:29:4d:a5:
                    c9:61:73:55:2c:c8:55:af:de:5a:be:46:8f:15:0d:
                    88:c1:59:73:60:b8:64:be:f5:4a:42:59:07:84:d6:
                    b7:2a:28:bf:b3:7a:4c:b8:ec:b8:5d:28:49:af:0b:
                    d3:33:ce:9a:5e:81:62:b4:db:ea:e1:1f:3a:65:41:
                    7f:28:ca:a6:1e:b8:82:57:4c:4a:ad:6c:a4:6d:e3:
                    f4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:73:01:9D:5F:4F:11:9B:53:70:82:42:D9:52:7F:45:92:D5:FF:89
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.4.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:52:bf:0a:99:cd:84:f4:b5:11:ac:3d:3d:d0:cd:1d:95:5c:
         ee:73:67:e9:e6:a9:83:62:94:45:f7:a2:f0:81:76:07:a8:61:
         8c:28:88:37:68:4f:cc:c0:ed:13:cc:09:2d:07:a5:5a:7a:79:
         ba:f7:ff:b1:71:8f:91:d0:10:db:da:c9:1c:e3:bf:d6:89:cf:
         dd:4b:65:9f:47:11:ca:02:5e:41:f9:e8:33:e8:c9:7a:62:a8:
         d8:65:4d:e2:0f:ce:7f:03:18:55:d3:8e:2b:85:c1:88:28:c9:
         2a:f5:3d:04:57:ce:19:47:b7:d6:a2:fe:73:0b:30:47:b0:ba:
         99:06:fc:ac:2c:3a:a0:86:67:ce:c2:d1:76:5f:7a:85:46:2d:
         0c:dc:be:34:fc:73:c9:d7:18:61:50:43:54:23:3d:e2:9f:b4:
         ee:7a:42:7a:56:b0:98:eb:1a:a7:86:74:b2:92:29:be:8d:e9:
         08:2a:c6:2b:13:91:e8:40:a9:a1:42:e1:b9:d1:03:3a:3a:37:
         f8:6d:02:a1:24:db:cc:2b:55:be:ae:08:5e:6c:60:df:f2:d0:
         71:c3:16:48:cf:40:26:96:e1:24:a1:50:bb:63:30:d3:92:29:
         5f:ff:ab:e1:79:95:68:e4:c1:9b:bc:2e:f1:75:9b:46:cf:65:
         66:3a:24:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMj/PPqzU2LAllsZK5FxnE/1RsPMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE3MDAwMDAwWhcNMjUwMjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjc4Yjk1MjlkMjVkMWU3ZWM1MDZmNTU3MTA5MTE1ZmRh
ODIxYmNjOWY4OThmNGZjYjJlNTM4YmU0ZTk0YzVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC51CoULP2K7+ca2rfx3pkim0nSjWGw+OjS+cZXL/XeVR5s
7N/qfL7tPpzzdGSLbBFXcBIn3qelcOkb/SHN/Su3ckOUWkFHHcJaEZq6myYr5jDL
LQuoryLhiPmebEorJcJ3fBAT76WMsw5T09sKynnqRT9cYb57JYv7StxOGclaTAND
zono6s2pjhUOCK/yDcfGbAL8n53JRzI2NH8PLc5hOd9lgg3CXEWRf5Ce2cgS9ClN
pclhc1UsyFWv3lq+Ro8VDYjBWXNguGS+9UpCWQeE1rcqKL+zeky47LhdKEmvC9Mz
zppegWK02+rhHzplQX8oyqYeuIJXTEqtbKRt4/S/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAnMBnV9PEZtTcIJC2VJ/RZLV/4kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyNTBjNzJhLTViZjYtNGRhMi05YWQ4LWZmODUwZDVhYTIxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADBAowDQYJKoZIhvcNAQELBQADggEBAJlSvwqZzYT0tRGsPT3QzR2VXO5z
Z+nmqYNilEX3ovCBdgeoYYwoiDdoT8zA7RPMCS0HpVp6ebr3/7Fxj5HQENvayRzj
v9aJz91LZZ9HEcoCXkH56DPoyXpiqNhlTeIPzn8DGFXTjiuFwYgoySr1PQRXzhlH
t9ai/nMLMEewupkG/KwsOqCGZ87C0XZfeoVGLQzcvjT8c8nXGGFQQ1QjPeKftO56
QnpWsJjrGqeGdLKSKb6N6QgqxisTkehAqaFC4bnRAzo6N/htAqEk28wrVb6uCF5s
YN/y0HHDFkjPQCaW4SShULtjMNOSKV//q+F5lWjkwZu8LvF1m0bPZWY6JEE=
-----END CERTIFICATE-----