Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e70ce68b-31f7-4410-903e-daadfc494273.roa
File:                     e70ce68b-31f7-4410-903e-daadfc494273.roa (raw, json)
Hash identifier:          Wza3LdIQBy07LLcTCVvbZaTlrdYg4iYNG3V3ssXtLGg=
Subject key identifier:   3E:76:25:B6:AF:9D:2A:5E:26:85:23:F0:60:BB:25:8F:11:06:43:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0101927EC6B81BBE5BA17792906D82FAEEA6A13A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e70ce68b-31f7-4410-903e-daadfc494273.roa
Signing time:             Mon 14 Apr 2025 15:51:48 +0000
ROA not before:           Mon 14 Apr 2025 15:51:48 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 08 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:01:92:7e:c6:b8:1b:be:5b:a1:77:92:90:6d:82:fa:ee:a6:a1:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 15:51:48 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=072d80c8bcc680aedc54fe05248d118c63c29fdf293be16504c61ad9dd511b97, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:67:c7:c8:d2:28:e6:34:03:25:05:78:52:33:
                    42:08:4a:07:9f:4b:67:c4:df:ee:45:77:85:1f:22:
                    f1:82:e4:86:84:ba:7e:73:4f:fd:a9:c2:c8:41:87:
                    12:59:e2:a7:e0:b5:11:5a:89:6d:8d:a3:4c:58:20:
                    62:a9:fa:04:e0:8e:8b:2b:17:80:95:84:50:09:ef:
                    71:0c:1c:6e:7d:de:0a:14:63:cb:32:60:9e:40:d1:
                    11:bb:df:b3:8b:9c:6c:74:51:f0:87:cd:b8:b7:88:
                    22:10:49:1b:f5:31:31:b2:98:97:2c:6b:55:ce:a4:
                    7d:51:e3:c1:87:99:c1:b2:a3:1d:01:ab:9a:22:50:
                    52:94:55:9b:b8:59:ba:d1:63:e1:8a:72:db:fb:86:
                    4c:db:93:06:25:65:08:1f:69:c8:49:4e:99:dd:b3:
                    61:48:17:10:a2:2a:01:06:85:11:f4:8a:ed:03:02:
                    1c:57:4e:1b:71:fc:64:5e:a1:81:9d:83:21:10:5f:
                    d5:7a:1e:94:4f:71:e6:31:26:a5:ee:8a:a4:82:ba:
                    1e:6f:67:8c:7d:eb:de:46:d5:72:c9:e4:15:d5:a0:
                    4f:04:44:2f:38:d7:d3:c3:ff:17:5c:1f:40:a6:0e:
                    a1:1d:1d:f6:70:30:d0:57:8a:2b:29:5a:fe:41:43:
                    79:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:76:25:B6:AF:9D:2A:5E:26:85:23:F0:60:BB:25:8F:11:06:43:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e70ce68b-31f7-4410-903e-daadfc494273.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:a3:14:34:4f:56:04:ce:aa:cf:8c:d9:9b:69:06:e4:b2:01:
         df:6e:77:b3:7f:0c:87:94:25:7d:04:e2:e5:1a:76:25:6c:0e:
         30:e5:ce:83:27:a7:af:80:67:79:33:61:38:c9:86:c6:fc:60:
         1b:14:bd:e2:c4:e2:ce:52:ea:16:49:fa:9c:da:4f:7c:b9:4f:
         7d:a7:6b:c0:32:ad:45:06:a5:6b:05:ff:89:ed:f7:8a:fd:e5:
         71:a2:98:0f:aa:7d:ad:f6:7c:7f:26:3d:03:22:46:3b:00:9b:
         b9:e7:0e:84:82:98:63:18:9c:7b:f4:29:a2:b4:f1:44:89:fd:
         94:cb:1a:b1:8f:cb:e4:dc:da:da:bb:72:db:79:51:63:87:da:
         f6:91:22:30:65:98:14:6c:ef:dd:3b:15:ce:5b:2b:b2:32:f1:
         36:87:47:dc:95:fd:83:b0:21:e8:ee:74:7f:7d:01:89:a9:41:
         7b:c3:45:dc:35:25:92:a6:b3:66:2f:92:8f:ee:39:19:88:78:
         52:45:fe:e6:77:56:48:f0:eb:11:7e:f8:00:70:33:94:29:9f:
         9c:7f:49:09:bb:ee:9e:49:7d:81:d1:54:86:fc:ae:1c:0c:3b:
         85:b1:8c:ba:11:b6:13:7b:55:cf:95:54:8d:6d:ab:75:0b:16:
         ff:e8:c9:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAQGSfsa4G75boXeSkG2C+u6moTowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTU1MTQ4WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzJkODBjOGJjYzY4MGFlZGM1NGZlMDUyNDhkMTE4YzYz
YzI5ZmRmMjkzYmUxNjUwNGM2MWFkOWRkNTExYjk3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpZ8fI0ijmNAMlBXhSM0IISgefS2fE3+5Fd4UfIvGC5IaE
un5zT/2pwshBhxJZ4qfgtRFaiW2No0xYIGKp+gTgjosrF4CVhFAJ73EMHG593goU
Y8syYJ5A0RG737OLnGx0UfCHzbi3iCIQSRv1MTGymJcsa1XOpH1R48GHmcGyox0B
q5oiUFKUVZu4WbrRY+GKctv7hkzbkwYlZQgfachJTpnds2FIFxCiKgEGhRH0iu0D
AhxXThtx/GReoYGdgyEQX9V6HpRPceYxJqXuiqSCuh5vZ4x9695G1XLJ5BXVoE8E
RC8419PD/xdcH0CmDqEdHfZwMNBXiispWv5BQ3nBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPnYltq+dKl4mhSPwYLsljxEGQ9UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U3MGNlNjhiLTMxZjctNDQxMC05MDNlLWRhYWRmYzQ5NDI3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAD+PAwDQYJKoZIhvcNAQELBQADggEBAIOjFDRPVgTOqs+M2ZtpBuSyAd9u
d7N/DIeUJX0E4uUadiVsDjDlzoMnp6+AZ3kzYTjJhsb8YBsUveLE4s5S6hZJ+pza
T3y5T32na8AyrUUGpWsF/4nt94r95XGimA+qfa32fH8mPQMiRjsAm7nnDoSCmGMY
nHv0KaK08USJ/ZTLGrGPy+Tc2tq7ctt5UWOH2vaRIjBlmBRs7907Fc5bK7Iy8TaH
R9yV/YOwIejudH99AYmpQXvDRdw1JZKms2Yvko/uORmIeFJF/uZ3Vkjw6xF++ABw
M5Qpn5x/SQm77p5JfYHRVIb8rhwMO4WxjLoRthN7Vc+VVI1tq3ULFv/oyZ0=
-----END CERTIFICATE-----