Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ea66562-2b47-4847-be06-40c82e3c114e.roa
File:                     0ea66562-2b47-4847-be06-40c82e3c114e.roa (raw, json)
Hash identifier:          bFBPosh9dHAZZpugY/MwBfu2JLZ1keMlxf+qJLlpDJA=
Subject key identifier:   F6:38:11:D0:36:26:79:7A:78:D9:F8:7E:A2:C7:D6:DB:93:12:0F:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       14F34C7268E2C85D5849AA4D8658C335777107F8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ea66562-2b47-4847-be06-40c82e3c114e.roa
Signing time:             Sat 07 Jun 2025 00:50:54 +0000
ROA not before:           Sat 07 Jun 2025 00:50:54 +0000
ROA not after:            Sat 12 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.156.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:f3:4c:72:68:e2:c8:5d:58:49:aa:4d:86:58:c3:35:77:71:07:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  7 00:50:54 2025 GMT
            Not After : Jul 12 23:59:59 2025 GMT
        Subject: serialNumber=a4b4fb522e2b392b8f13861be24e49b210e36f60218d2a51ac123678fad8d599, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d6:4a:cc:84:df:25:f2:ab:3d:ae:09:6c:17:
                    fb:45:53:fc:14:31:fc:bd:5b:fe:1e:6b:84:87:03:
                    d4:fc:94:83:9b:04:3b:b6:d3:5d:82:02:c5:cc:18:
                    44:10:76:db:1a:30:8b:f5:d4:4a:94:98:52:ed:9e:
                    7c:c3:c2:54:46:16:75:74:0c:b8:f4:df:2a:99:c9:
                    29:36:33:33:8d:a1:70:2e:0e:6f:0b:53:ef:8b:89:
                    81:43:54:eb:16:ac:e9:f8:d2:aa:06:ca:7c:74:79:
                    6f:fb:e7:e2:39:99:ae:40:a3:71:5c:2c:4b:14:43:
                    58:c9:bb:70:29:aa:0e:d9:d0:f2:3d:a2:ba:b8:d4:
                    0f:04:0e:63:d0:1b:c9:39:a4:68:06:6a:29:e1:2a:
                    2f:a5:08:90:7a:0e:a6:db:89:5f:7d:88:b1:a8:bf:
                    10:0a:e3:5f:fa:d1:cc:e8:84:03:60:dc:c2:b7:e2:
                    6e:f2:0e:f5:db:5f:da:e2:f7:e6:ea:cd:84:c4:3c:
                    32:47:a2:96:54:23:df:a6:70:79:69:55:2c:12:26:
                    e3:21:4a:c2:83:96:a1:4f:1d:55:65:de:e6:be:83:
                    5b:97:49:33:8c:60:0b:70:51:d9:c6:2c:6c:56:8d:
                    a6:cf:f5:12:e5:81:25:22:5b:f3:60:63:2b:71:11:
                    7e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:38:11:D0:36:26:79:7A:78:D9:F8:7E:A2:C7:D6:DB:93:12:0F:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ea66562-2b47-4847-be06-40c82e3c114e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.156.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:10:e9:33:63:9b:e2:7a:3f:e2:5a:28:e0:a3:e5:43:c6:09:
         0c:c5:c9:ca:c8:43:5c:a3:c7:42:b6:46:7c:d6:61:6c:f3:98:
         bb:88:73:7f:1a:30:f0:04:0b:2b:8e:f8:d8:ca:c4:f0:55:a0:
         60:d2:0a:15:39:d0:d1:e6:55:3c:82:48:5c:9c:02:f4:0c:5c:
         d0:5d:b6:9f:22:33:33:3c:e0:24:b8:1c:5f:10:9e:ca:8d:65:
         13:25:c5:02:17:71:d1:b9:5b:c4:94:14:d7:fb:26:d3:bc:2f:
         67:f9:56:a0:89:e9:1a:26:7a:0e:b5:a3:ad:3d:37:d3:c1:6f:
         c8:ba:9f:24:54:13:b9:de:c4:ad:76:e9:ba:14:5a:2d:f3:df:
         27:1d:61:98:61:df:b2:c4:53:7c:47:ec:ea:e7:8f:a1:c1:90:
         8e:c0:53:9b:f9:3f:1c:fa:ce:84:ae:52:69:d3:fd:1b:2d:5d:
         84:19:7f:48:da:27:e0:36:8b:a4:7e:d4:b3:80:ad:c3:81:a9:
         e9:4a:0c:b4:56:5c:a5:68:99:0a:97:96:b9:72:6e:17:8d:8c:
         13:7a:44:fa:82:5a:75:f4:8a:dd:f3:1b:ae:7e:e6:7e:e0:f8:
         5c:74:ae:96:4b:42:79:d7:b4:d0:db:b2:47:8d:29:23:27:fc:
         22:fd:94:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFPNMcmjiyF1YSapNhljDNXdxB/gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA3MDA1MDU0WhcNMjUwNzEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGI0ZmI1MjJlMmIzOTJiOGYxMzg2MWJlMjRlNDliMjEw
ZTM2ZjYwMjE4ZDJhNTFhYzEyMzY3OGZhZDhkNTk5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZ1krMhN8l8qs9rglsF/tFU/wUMfy9W/4ea4SHA9T8lIOb
BDu2012CAsXMGEQQdtsaMIv11EqUmFLtnnzDwlRGFnV0DLj03yqZySk2MzONoXAu
Dm8LU++LiYFDVOsWrOn40qoGynx0eW/75+I5ma5Ao3FcLEsUQ1jJu3Apqg7Z0PI9
orq41A8EDmPQG8k5pGgGainhKi+lCJB6DqbbiV99iLGovxAK41/60czohANg3MK3
4m7yDvXbX9ri9+bqzYTEPDJHopZUI9+mcHlpVSwSJuMhSsKDlqFPHVVl3ua+g1uX
STOMYAtwUdnGLGxWjabP9RLlgSUiW/NgYytxEX4RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9jgR0DYmeXp42fh+osfW25MSDyEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlYTY2NTYyLTJiNDctNDg0Ny1iZTA2LTQwYzgyZTNjMTE0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2nAQwDQYJKoZIhvcNAQELBQADggEBAK0Q6TNjm+J6P+JaKOCj5UPGCQzF
ycrIQ1yjx0K2RnzWYWzzmLuIc38aMPAECyuO+NjKxPBVoGDSChU50NHmVTyCSFyc
AvQMXNBdtp8iMzM84CS4HF8QnsqNZRMlxQIXcdG5W8SUFNf7JtO8L2f5VqCJ6Rom
eg61o609N9PBb8i6nyRUE7nexK126boUWi3z3ycdYZhh37LEU3xH7Ornj6HBkI7A
U5v5Pxz6zoSuUmnT/RstXYQZf0jaJ+A2i6R+1LOArcOBqelKDLRWXKVomQqXlrly
bheNjBN6RPqCWnX0it3zG65+5n7g+Fx0rpZLQnnXtNDbskeNKSMn/CL9lB8=
-----END CERTIFICATE-----