Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa
File:                     f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa (raw, json)
Hash identifier:          LGk7qkii0O7tVuLFmdf1KLydHpBOkyWYkZ3SkFYr/fw=
Subject key identifier:   1A:4F:A4:0D:E9:0F:20:DE:E3:87:64:6E:31:87:E1:32:66:22:96:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       60F9B5A25BE00960D07657CD52FDF8AC940853B5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa
Signing time:             Tue 05 Aug 2025 16:51:41 +0000
ROA not before:           Tue 05 Aug 2025 16:51:41 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.156.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:f9:b5:a2:5b:e0:09:60:d0:76:57:cd:52:fd:f8:ac:94:08:53:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:51:41 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=9efca341cec7b6583eedf814fc4805e899b74f9bd4c55209cf402dbffb24cddd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fd:c0:21:9e:d7:59:80:9c:b9:ad:8d:29:4e:
                    f7:40:1b:ed:af:cc:1b:ec:81:35:57:9c:48:89:85:
                    3c:a3:de:d3:11:c3:e3:a6:ab:f9:e8:0b:83:4a:a0:
                    69:c9:bd:e9:14:86:48:93:75:80:7e:0f:fc:65:3e:
                    74:74:f3:7d:9f:be:e5:fd:63:17:ff:a3:ae:a6:56:
                    aa:bf:87:f8:5f:e1:c5:a3:00:e7:03:76:dd:e1:d0:
                    8a:64:86:81:01:ee:4c:f1:6d:1c:9c:c7:e6:0a:7e:
                    c4:81:23:38:d8:86:0e:94:a3:aa:19:8d:16:c4:ea:
                    ff:90:dc:ab:df:22:f1:01:e2:fe:f0:5c:2f:e1:44:
                    7a:f2:36:92:a8:2f:6f:bb:a9:58:eb:e0:d1:ca:46:
                    1d:fd:8d:ae:66:a9:58:40:fb:8f:4d:e9:6c:77:fd:
                    a1:c5:3f:83:f8:04:ab:38:24:d9:e5:28:54:15:36:
                    46:7d:a1:12:26:33:d5:e4:d6:6a:9a:96:a3:0a:77:
                    ed:81:5b:61:97:f3:e5:08:ea:3c:62:9a:aa:c2:cb:
                    d9:d9:e5:06:d2:50:e5:e3:9a:e4:e2:e7:1f:ab:1a:
                    dc:b1:fe:f5:62:02:1c:b0:7b:d8:76:08:34:e9:18:
                    c3:d9:26:98:f6:a9:5f:ae:ee:af:99:eb:a7:08:b1:
                    62:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:4F:A4:0D:E9:0F:20:DE:E3:87:64:6E:31:87:E1:32:66:22:96:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.156.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         25:0b:2f:da:24:74:64:c3:1b:c5:58:5a:8e:0a:e0:c9:5d:11:
         8b:07:2b:57:a3:d3:d5:19:65:82:e1:46:6f:eb:16:22:8c:b6:
         0c:d0:23:b3:93:29:2d:63:7a:1f:92:b5:f3:e7:04:f8:62:62:
         1c:3c:b1:6d:69:0a:fb:81:76:09:46:6a:99:da:8c:07:20:fc:
         01:fa:ab:36:35:49:00:b8:fb:59:c7:34:ea:4d:ab:d0:5c:ee:
         e5:49:3e:12:0a:1e:4f:36:cc:7d:75:fb:a2:dc:71:e1:14:a9:
         73:de:06:97:9a:57:c1:9b:34:3d:c3:83:0c:bf:82:2a:09:7f:
         1d:3d:17:f3:cd:4e:97:61:8b:f8:3e:bf:b6:c0:ee:9e:7e:77:
         21:e1:16:c2:c9:1e:15:18:69:0d:04:a9:ce:1a:80:5e:83:a8:
         74:ab:1b:be:2c:bf:17:c2:52:58:3e:ec:6e:0a:35:94:57:0d:
         49:f1:ae:6f:b7:2a:a7:39:ec:61:4a:18:d0:48:02:f9:1a:c9:
         cc:de:5c:7c:12:0c:70:34:83:4f:73:25:32:53:1c:11:d6:54:
         e8:e9:a7:b7:ce:2d:d5:78:cf:26:56:3f:ac:09:75:7b:6f:66:
         de:60:1c:38:0f:52:73:6a:0b:75:5b:9e:2a:57:fd:95:ae:59:
         44:b3:af:10
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYPm1olvgCWDQdlfNUv34rJQIU7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTY1MTQxWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWZjYTM0MWNlYzdiNjU4M2VlZGY4MTRmYzQ4MDVlODk5
Yjc0ZjliZDRjNTUyMDljZjQwMmRiZmZiMjRjZGRkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI/cAhntdZgJy5rY0pTvdAG+2vzBvsgTVXnEiJhTyj3tMR
w+Omq/noC4NKoGnJvekUhkiTdYB+D/xlPnR0832fvuX9Yxf/o66mVqq/h/hf4cWj
AOcDdt3h0IpkhoEB7kzxbRycx+YKfsSBIzjYhg6Uo6oZjRbE6v+Q3KvfIvEB4v7w
XC/hRHryNpKoL2+7qVjr4NHKRh39ja5mqVhA+49N6Wx3/aHFP4P4BKs4JNnlKFQV
NkZ9oRImM9Xk1mqalqMKd+2BW2GX8+UI6jximqrCy9nZ5QbSUOXjmuTi5x+rGtyx
/vViAhywe9h2CDTpGMPZJpj2qV+u7q+Z66cIsWKZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUGk+kDekPIN7jh2RuMYfhMmYilo8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y5Y2VhZTcxLTczMzMtNGQ0Zi1iNThlLTRlMWY5NTQ4NDJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIjnDANBgkqhkiG9w0BAQsFAAOCAQEAJQsv2iR0ZMMbxVhajgrgyV0Riwcr
V6PT1RllguFGb+sWIoy2DNAjs5MpLWN6H5K18+cE+GJiHDyxbWkK+4F2CUZqmdqM
ByD8AfqrNjVJALj7Wcc06k2r0Fzu5Uk+EgoeTzbMfXX7otxx4RSpc94Gl5pXwZs0
PcODDL+CKgl/HT0X881Ol2GL+D6/tsDunn53IeEWwskeFRhpDQSpzhqAXoOodKsb
viy/F8JSWD7sbgo1lFcNSfGub7cqpznsYUoY0EgC+RrJzN5cfBIMcDSDT3MlMlMc
EdZU6Omnt84t1XjPJlY/rAl1e29m3mAcOA9Sc2oLdVueKlf9la5ZRLOvEA==
-----END CERTIFICATE-----