Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08f80ed4-3c00-4313-8805-d61f0b1663df.roa
File:                     08f80ed4-3c00-4313-8805-d61f0b1663df.roa (raw, json)
Hash identifier:          gBL54sRfhWiP/vVcpuoNzmucpdbZW4Tcw4sJjp9vruc=
Subject key identifier:   51:A7:27:B7:FF:B8:D6:CB:48:5B:C1:9C:90:D9:40:A4:01:1C:0D:F8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       461172F74A191F8AD60ED50858F3E75490057F7D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08f80ed4-3c00-4313-8805-d61f0b1663df.roa
Signing time:             Tue 22 Apr 2025 18:10:49 +0000
ROA not before:           Tue 22 Apr 2025 18:10:49 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.95.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:11:72:f7:4a:19:1f:8a:d6:0e:d5:08:58:f3:e7:54:90:05:7f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 22 18:10:49 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=ce7dbfa1f3db5bb46a1951ed258f71567554ff37eb0a8c63356c73f21399becf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1a:ff:20:cc:40:da:ab:1a:94:c7:70:fc:5a:
                    c6:0f:31:e4:d8:6f:00:76:8a:11:40:c3:de:69:81:
                    63:44:31:d6:fc:8a:e8:5f:31:1c:81:d0:51:0f:e7:
                    81:3d:3b:fa:00:48:cf:3e:62:bf:e1:96:5e:69:86:
                    1e:94:f1:d2:22:4d:df:60:f4:b3:7f:ab:63:45:4d:
                    81:7b:5e:01:b5:ad:ef:33:13:05:11:8b:27:35:68:
                    17:e5:16:a3:5c:2b:ab:69:e6:e1:75:21:34:ac:f9:
                    27:11:e8:a5:77:65:eb:76:c3:83:bc:71:f1:6b:21:
                    eb:13:cb:3d:7f:27:fb:8f:a3:07:a7:b6:1a:67:ca:
                    f2:c2:29:77:b8:71:a9:41:fc:88:0b:c2:dd:ce:51:
                    8a:9e:c7:2d:fe:d3:b6:62:b5:9d:4e:76:25:fa:74:
                    85:8f:6f:a0:f7:f8:33:60:a8:86:97:0e:f9:09:9a:
                    c5:64:85:21:21:90:f2:41:f3:50:74:d3:ee:5d:ac:
                    66:7a:c6:77:19:20:a4:fc:f0:08:43:f6:95:1b:8d:
                    fb:ad:99:a1:8c:ca:61:06:97:c8:69:34:4d:b7:de:
                    a5:55:51:53:86:ec:84:d1:cb:3e:bd:85:8c:c7:81:
                    03:96:b0:cf:b0:98:a9:08:c6:98:32:7c:68:03:a1:
                    32:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A7:27:B7:FF:B8:D6:CB:48:5B:C1:9C:90:D9:40:A4:01:1C:0D:F8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08f80ed4-3c00-4313-8805-d61f0b1663df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:03:d2:d3:4e:e7:30:ff:13:25:bf:ed:ed:13:b8:4a:e7:2e:
         6c:41:83:a8:fa:8c:9f:c1:52:75:58:c1:4e:d4:78:48:3d:b2:
         01:94:76:2f:40:8c:3b:b5:6e:55:74:3d:12:46:9a:b5:35:ad:
         c2:67:9b:ee:e4:35:da:b2:da:14:f4:26:3c:f1:4c:a0:84:f9:
         4f:4d:99:43:d7:50:d8:ab:e3:fe:99:a8:4c:dc:a7:44:96:56:
         44:8b:6c:eb:61:c3:15:dd:98:94:bf:a7:9b:17:3b:9a:9d:20:
         f9:24:f4:a5:3d:42:ea:9e:4b:17:2a:d0:26:2a:da:ad:0f:bc:
         d1:e3:72:ce:3f:2f:3b:69:b9:60:49:73:18:3c:3b:fd:cc:6d:
         14:07:a9:50:ae:e0:a8:22:13:10:ec:c5:f5:73:cc:a8:17:62:
         0c:dd:82:42:69:e6:4d:62:d8:68:b1:82:d2:21:c9:ad:d7:11:
         0b:3d:3c:af:3f:2f:5a:db:34:51:ad:e7:bc:bb:14:ee:cc:09:
         ca:b1:a1:72:1a:bc:43:e9:85:ae:1d:9b:ca:32:b3:8c:1c:25:
         b9:c3:14:0d:34:4d:bf:67:69:c8:bc:d3:1e:5e:ae:02:29:40:
         7d:cf:25:df:21:0e:cf:3d:2f:8f:9e:48:96:40:97:3e:2a:ba:
         20:27:a7:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURhFy90oZH4rWDtUIWPPnVJAFf30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDIyMTgxMDQ5WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTdkYmZhMWYzZGI1YmI0NmExOTUxZWQyNThmNzE1Njc1
NTRmZjM3ZWIwYThjNjMzNTZjNzNmMjEzOTliZWNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrGv8gzEDaqxqUx3D8WsYPMeTYbwB2ihFAw95pgWNEMdb8
iuhfMRyB0FEP54E9O/oASM8+Yr/hll5phh6U8dIiTd9g9LN/q2NFTYF7XgG1re8z
EwURiyc1aBflFqNcK6tp5uF1ITSs+ScR6KV3Zet2w4O8cfFrIesTyz1/J/uPowen
thpnyvLCKXe4calB/IgLwt3OUYqexy3+07ZitZ1OdiX6dIWPb6D3+DNgqIaXDvkJ
msVkhSEhkPJB81B00+5drGZ6xncZIKT88AhD9pUbjfutmaGMymEGl8hpNE233qVV
UVOG7ITRyz69hYzHgQOWsM+wmKkIxpgyfGgDoTJTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUacnt/+41stIW8GckNlApAEcDfgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA4ZjgwZWQ0LTNjMDAtNDMxMy04ODA1LWQ2MWYwYjE2NjNkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0Xz8wDQYJKoZIhvcNAQELBQADggEBAAgD0tNO5zD/EyW/7e0TuErnLmxB
g6j6jJ/BUnVYwU7UeEg9sgGUdi9AjDu1blV0PRJGmrU1rcJnm+7kNdqy2hT0Jjzx
TKCE+U9NmUPXUNir4/6ZqEzcp0SWVkSLbOthwxXdmJS/p5sXO5qdIPkk9KU9Quqe
Sxcq0CYq2q0PvNHjcs4/LztpuWBJcxg8O/3MbRQHqVCu4KgiExDsxfVzzKgXYgzd
gkJp5k1i2GixgtIhya3XEQs9PK8/L1rbNFGt57y7FO7MCcqxoXIavEPpha4dm8oy
s4wcJbnDFA00Tb9naci80x5ergIpQH3PJd8hDs89L4+eSJZAlz4quiAnpyI=
-----END CERTIFICATE-----