Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1da3f1fb-2590-422d-9b28-4bd14d22f09b.roa
File:                     1da3f1fb-2590-422d-9b28-4bd14d22f09b.roa (raw, json)
Hash identifier:          queazN3Rx/aCcOHEXDeiZn+zHMEHMDCphVVcAxk9x0s=
Subject key identifier:   BA:59:45:25:31:B6:85:B1:85:93:A4:58:DE:DA:76:36:D5:2A:08:C1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       71D610A6B0CE7CA833A35C323EDDDD27B37CE30E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1da3f1fb-2590-422d-9b28-4bd14d22f09b.roa
Signing time:             Fri 11 Jul 2025 17:21:03 +0000
ROA not before:           Fri 11 Jul 2025 17:21:03 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:d6:10:a6:b0:ce:7c:a8:33:a3:5c:32:3e:dd:dd:27:b3:7c:e3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 17:21:03 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=325687424e11b71acf1ba1dfb5ad3df0bd81740162b5b3c7350775cc02ee347b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:34:b4:7a:f8:58:f4:90:61:69:1b:bb:e2:70:
                    15:69:15:ed:02:ea:b8:fb:03:2e:f3:b2:71:3a:d0:
                    e9:b4:2e:e3:fb:54:4a:bc:57:e6:63:ee:19:a7:0c:
                    62:a9:b3:6d:7c:5f:1a:53:63:e3:f4:86:9d:c8:ee:
                    54:16:d1:8a:4a:ac:a6:91:58:f6:03:28:af:23:0a:
                    d4:02:48:94:4a:d0:94:ed:59:fa:6c:96:cd:1d:c7:
                    8a:2e:a0:2f:93:ec:99:ce:54:a4:3c:24:4d:80:d0:
                    59:35:70:a8:4b:1f:ed:d0:64:2e:d0:31:3e:f9:ab:
                    2c:66:ed:31:ed:86:19:dd:ec:bb:24:50:42:d2:cf:
                    0a:05:24:39:e7:91:59:61:4e:83:a2:06:5c:96:dd:
                    7c:e5:19:18:42:9b:8f:83:c0:67:c0:40:54:b8:47:
                    27:75:4a:1c:49:c9:81:a2:2f:12:d5:ec:4d:0f:c0:
                    47:fe:cc:43:97:ae:da:f4:db:b0:04:15:3a:b4:e8:
                    90:54:77:66:03:76:66:ed:f0:a7:cf:55:a9:03:e7:
                    69:65:3e:56:fd:1d:53:8e:0a:a4:0d:4f:42:cd:a1:
                    67:31:92:e3:56:3f:cd:9b:9a:95:5d:4a:90:51:a8:
                    6e:0b:48:c1:25:a6:99:57:0e:f5:86:84:12:09:b3:
                    cb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:59:45:25:31:B6:85:B1:85:93:A4:58:DE:DA:76:36:D5:2A:08:C1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1da3f1fb-2590-422d-9b28-4bd14d22f09b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:36:57:6a:bb:1c:5c:f0:32:cd:41:5d:3a:5c:8b:89:e6:4c:
         9e:68:7b:fd:ee:ac:62:21:b7:d2:7d:6b:a8:67:15:54:20:de:
         f2:7e:93:a5:33:32:f3:06:86:64:a9:10:f4:62:9e:a6:ba:fb:
         7c:81:1a:14:b5:f5:7a:0f:3d:2b:5f:28:29:da:a0:70:a4:8e:
         3e:bc:ce:b8:8f:2b:25:85:18:98:9b:c7:2f:06:7d:03:8b:8a:
         5b:41:e4:f2:fe:9b:d7:80:33:95:35:f6:a6:9f:75:74:02:fc:
         a1:30:d7:b6:a5:af:df:33:eb:48:e0:51:46:c7:ee:26:1c:49:
         e3:63:15:85:ae:87:10:fb:ba:11:90:0f:d4:56:48:62:1d:e9:
         a4:cc:4f:ef:89:3c:56:01:28:de:6c:0e:ee:01:01:b6:c1:17:
         62:15:8f:68:90:c1:ef:83:07:fd:db:eb:65:7a:a4:08:91:d3:
         33:63:73:c2:d5:35:90:41:dc:91:b5:2b:23:5c:44:48:3b:03:
         da:e7:4b:b2:24:f8:f0:5d:83:be:43:c5:45:1a:c0:e8:36:b6:
         df:5e:57:11:4c:46:22:22:62:ca:2c:80:59:5d:4c:59:23:1f:
         a2:c2:4b:11:d1:b9:2b:7a:4e:55:18:2c:f2:f0:0b:6e:cc:94:
         a5:2d:23:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcdYQprDOfKgzo1wyPt3dJ7N84w4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTcyMTAzWhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjU2ODc0MjRlMTFiNzFhY2YxYmExZGZiNWFkM2RmMGJk
ODE3NDAxNjJiNWIzYzczNTA3NzVjYzAyZWUzNDdiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCONLR6+Fj0kGFpG7vicBVpFe0C6rj7Ay7zsnE60Om0LuP7
VEq8V+Zj7hmnDGKps218XxpTY+P0hp3I7lQW0YpKrKaRWPYDKK8jCtQCSJRK0JTt
Wfpsls0dx4ouoC+T7JnOVKQ8JE2A0Fk1cKhLH+3QZC7QMT75qyxm7THthhnd7Lsk
UELSzwoFJDnnkVlhToOiBlyW3XzlGRhCm4+DwGfAQFS4Ryd1ShxJyYGiLxLV7E0P
wEf+zEOXrtr027AEFTq06JBUd2YDdmbt8KfPVakD52llPlb9HVOOCqQNT0LNoWcx
kuNWP82bmpVdSpBRqG4LSMElpplXDvWGhBIJs8snAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUullFJTG2hbGFk6RY3tp2NtUqCMEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFkYTNmMWZiLTI1OTAtNDIyZC05YjI4LTRiZDE0ZDIyZjA5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA273EwDQYJKoZIhvcNAQELBQADggEBAH42V2q7HFzwMs1BXTpci4nmTJ5o
e/3urGIht9J9a6hnFVQg3vJ+k6UzMvMGhmSpEPRinqa6+3yBGhS19XoPPStfKCna
oHCkjj68zriPKyWFGJibxy8GfQOLiltB5PL+m9eAM5U19qafdXQC/KEw17alr98z
60jgUUbH7iYcSeNjFYWuhxD7uhGQD9RWSGId6aTMT++JPFYBKN5sDu4BAbbBF2IV
j2iQwe+DB/3b62V6pAiR0zNjc8LVNZBB3JG1KyNcREg7A9rnS7Ik+PBdg75DxUUa
wOg2tt9eVxFMRiIiYsosgFldTFkjH6LCSxHRuSt6TlUYLPLwC27MlKUtI60=
-----END CERTIFICATE-----