Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa
File:                     f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa (raw, json)
Hash identifier:          3G/8hTJRXEOBxkwwGPQal6fLcSsLSqbdGIc9hPXHPYs=
Subject key identifier:   5E:02:0B:99:1E:7C:76:7B:6E:5F:89:B6:EB:90:9A:1B:4D:2C:E2:73
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       75DB37CEC03C238F52C760379FF5E9CC0947B4DB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa
Signing time:             Mon 16 Jun 2025 17:40:13 +0000
ROA not before:           Mon 16 Jun 2025 17:40:13 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.156.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:db:37:ce:c0:3c:23:8f:52:c7:60:37:9f:f5:e9:cc:09:47:b4:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 16 17:40:13 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=8f9b97809e30593c7840287656adc58b97ea4d93b1a8c5a34a7a9d0e0c3a26ea, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4a:8d:c4:74:b3:6b:e1:e8:f0:3b:38:fa:cc:
                    69:69:d0:84:0d:49:e6:dd:4b:59:6e:69:e8:68:d8:
                    92:3a:4d:c0:1a:1a:a4:19:28:23:0f:bc:9c:aa:2b:
                    c2:15:15:4b:38:d3:81:f0:d9:93:c6:cc:f4:b9:74:
                    d5:9e:1c:58:f7:68:b3:ec:b0:cd:89:20:e4:58:52:
                    43:81:07:5f:fe:c6:dc:68:d2:0e:35:d1:f3:f9:aa:
                    64:ac:70:db:60:99:c6:70:96:3d:65:95:91:51:85:
                    69:ff:87:60:d7:01:8b:63:b5:ea:38:6e:a3:67:44:
                    3c:78:ad:f1:bc:ce:80:c0:10:06:b7:d0:39:df:d7:
                    0f:af:e6:49:9c:1d:80:c9:b9:e5:ec:fd:a0:03:17:
                    54:3e:1b:f0:59:dd:12:33:b7:21:99:26:7a:ca:8d:
                    b2:34:b9:7f:57:76:24:d2:a5:d5:59:c1:6f:eb:f1:
                    51:ff:28:5b:ef:33:f4:1c:69:8b:b4:af:61:6b:dd:
                    f7:ff:2a:3e:96:ba:af:7c:47:e6:26:06:12:88:08:
                    e0:78:c6:47:e1:72:e4:48:1f:b7:e3:a0:09:5e:5a:
                    e9:b9:19:de:9d:a5:c1:12:f2:1c:b3:1d:b8:5f:34:
                    9c:fa:34:fd:e6:0f:ed:11:24:cf:f0:d8:83:93:76:
                    d9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:02:0B:99:1E:7C:76:7B:6E:5F:89:B6:EB:90:9A:1B:4D:2C:E2:73
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.156.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         39:3a:46:b4:0f:e7:66:74:41:7c:71:9e:9c:9a:57:66:3d:55:
         c5:1f:fc:c4:43:12:82:47:82:1e:b1:bd:d4:bc:bc:3e:57:a8:
         89:bf:f7:b9:e0:0e:76:8e:0b:be:32:3d:64:df:d2:b7:3c:7a:
         1c:ac:ab:fe:31:8e:aa:53:5b:ad:9e:62:c5:5a:3c:a6:f5:12:
         72:ef:59:1a:eb:da:fc:53:78:73:61:a7:05:87:ac:29:65:13:
         d5:24:84:af:f9:0c:3c:2a:1b:4f:63:c7:cd:ac:38:9a:be:35:
         79:b6:a0:63:3b:a3:68:36:04:fc:61:e3:31:ec:28:95:a3:02:
         fa:a2:71:da:83:f2:85:71:ea:29:f8:41:cf:47:cf:da:9d:66:
         60:b5:ab:fa:db:48:a4:bd:98:a7:4f:e2:2e:3f:88:ad:52:55:
         77:03:1e:ef:8c:e4:87:b1:99:fa:5d:cb:53:95:74:c5:d2:86:
         f5:14:b0:d6:0e:05:d0:05:ba:99:c3:a1:2b:5a:63:06:19:8b:
         39:ca:80:81:46:d6:ee:c6:98:60:db:7f:85:44:25:f2:14:3a:
         be:4e:8c:b7:4e:14:86:b8:0b:62:43:d5:d1:d3:4d:5c:4e:5a:
         d0:05:c9:f8:c1:10:82:af:c3:4b:d9:05:bd:9d:5e:8d:93:d3:
         5f:e3:44:89
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdds3zsA8I49Sx2A3n/XpzAlHtNswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjE2MTc0MDEzWhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjliOTc4MDllMzA1OTNjNzg0MDI4NzY1NmFkYzU4Yjk3
ZWE0ZDkzYjFhOGM1YTM0YTdhOWQwZTBjM2EyNmVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9So3EdLNr4ejwOzj6zGlp0IQNSebdS1luaeho2JI6TcAa
GqQZKCMPvJyqK8IVFUs404Hw2ZPGzPS5dNWeHFj3aLPssM2JIORYUkOBB1/+xtxo
0g410fP5qmSscNtgmcZwlj1llZFRhWn/h2DXAYtjteo4bqNnRDx4rfG8zoDAEAa3
0Dnf1w+v5kmcHYDJueXs/aADF1Q+G/BZ3RIztyGZJnrKjbI0uX9XdiTSpdVZwW/r
8VH/KFvvM/QcaYu0r2Fr3ff/Kj6Wuq98R+YmBhKICOB4xkfhcuRIH7fjoAleWum5
Gd6dpcES8hyzHbhfNJz6NP3mD+0RJM/w2IOTdtnDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXgILmR58dntuX4m265CaG00s4nMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y5Y2VhZTcxLTczMzMtNGQ0Zi1iNThlLTRlMWY5NTQ4NDJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIjnDANBgkqhkiG9w0BAQsFAAOCAQEAOTpGtA/nZnRBfHGenJpXZj1VxR/8
xEMSgkeCHrG91Ly8Pleoib/3ueAOdo4LvjI9ZN/Stzx6HKyr/jGOqlNbrZ5ixVo8
pvUScu9ZGuva/FN4c2GnBYesKWUT1SSEr/kMPCobT2PHzaw4mr41ebagYzujaDYE
/GHjMewolaMC+qJx2oPyhXHqKfhBz0fP2p1mYLWr+ttIpL2Yp0/iLj+IrVJVdwMe
74zkh7GZ+l3LU5V0xdKG9RSw1g4F0AW6mcOhK1pjBhmLOcqAgUbW7saYYNt/hUQl
8hQ6vk6Mt04UhrgLYkPV0dNNXE5a0AXJ+MEQgq/DS9kFvZ1ejZPTX+NEiQ==
-----END CERTIFICATE-----