Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa
File:                     1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa (raw, json)
Hash identifier:          l/ze1bnjKeW0WxqWax59DIbKoDZksrNytG29Uo6ejJg=
Subject key identifier:   BE:C9:1C:FC:EC:79:64:64:BA:BC:80:6F:62:0E:26:38:BC:DF:07:27
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       05F1C7A76119FEBD596593C5FD271E4BC3A74C9E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa
Signing time:             Mon 09 Jun 2025 17:10:52 +0000
ROA not before:           Mon 09 Jun 2025 17:10:52 +0000
ROA not after:            Mon 14 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.193.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:f1:c7:a7:61:19:fe:bd:59:65:93:c5:fd:27:1e:4b:c3:a7:4c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  9 17:10:52 2025 GMT
            Not After : Jul 14 23:59:59 2025 GMT
        Subject: serialNumber=41b70409a0675f54b82f80fd6b0b672b4f1b2f7b343111dc0788306b1d0b5ae3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:92:8d:d9:8d:34:96:75:2e:83:e0:5c:41:7f:
                    35:73:51:89:16:b3:74:24:35:a2:3f:ce:83:1f:81:
                    79:de:7e:9a:df:e4:8c:56:f9:90:58:09:86:48:ea:
                    e9:c7:6e:ce:11:70:01:20:46:d5:e7:c0:71:1b:19:
                    98:19:b7:47:3c:fd:24:87:d1:1a:b5:52:6d:59:b5:
                    15:86:11:a9:2e:bd:88:b7:32:17:df:24:7e:60:c0:
                    32:95:8a:bf:72:ae:e9:b7:94:19:34:9a:05:1f:d5:
                    c4:2c:23:1b:93:6d:99:d7:20:ce:c9:6e:44:52:85:
                    3f:71:03:01:c1:d9:d7:7e:42:8b:6c:73:6b:f8:6e:
                    8a:c4:38:3a:f7:4d:39:7a:d3:f7:0a:bb:0c:d8:66:
                    fe:f6:2f:4d:ad:1f:63:91:1d:57:a0:9a:25:7f:e1:
                    6b:f7:40:73:29:84:5f:62:5f:86:e2:84:85:ad:7b:
                    01:ee:9b:53:38:c2:80:bb:10:b0:3f:26:cc:ed:6b:
                    a0:8e:a1:34:9e:da:58:53:80:09:13:12:d9:94:ce:
                    04:d5:87:b1:cd:a4:51:89:66:72:1d:a7:c5:83:f4:
                    0f:c3:ef:8f:42:f5:e4:1e:b6:6e:67:b0:d5:fe:5c:
                    11:7f:6c:cd:9a:e5:f7:2c:c5:d8:40:a3:cf:c7:56:
                    77:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C9:1C:FC:EC:79:64:64:BA:BC:80:6F:62:0E:26:38:BC:DF:07:27
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.193.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3b:c0:85:ce:77:dd:a9:b1:45:6e:dd:b2:bd:0c:ea:37:3d:65:
         94:22:e9:e4:16:79:8d:dc:e3:a4:5b:36:62:f4:d2:18:58:1c:
         6b:c7:0c:67:10:45:75:61:9c:eb:69:a9:e2:0f:98:e2:73:13:
         80:3a:8d:ea:91:fb:41:0c:ba:8a:dc:e7:30:88:6c:9b:9d:43:
         e1:fc:9e:bf:f2:2b:5f:bf:ab:60:a4:62:67:38:46:84:90:35:
         8a:72:04:20:64:98:8e:d8:ba:88:09:fc:e5:f5:be:70:53:60:
         69:63:21:5a:93:5f:7d:39:52:35:66:11:ef:dc:4a:c5:ce:d3:
         3a:be:7c:0c:29:56:75:95:1a:56:37:63:ef:7c:ad:e2:c6:ba:
         34:e2:04:cb:9a:b4:02:28:4d:c9:41:eb:70:2a:7f:70:18:3a:
         e7:97:1d:5a:76:29:c8:59:73:28:ef:03:4d:69:cd:ff:b6:6a:
         69:93:0c:23:34:1b:bf:41:c4:94:55:8f:e2:9e:d7:16:3e:3d:
         a3:46:34:a9:10:4b:97:43:58:09:6c:99:52:81:f0:97:47:ce:
         cd:1f:25:f0:cf:07:24:22:a2:67:e7:bb:cc:ab:e1:b4:ce:10:
         ac:f0:09:29:31:c4:f0:a8:b2:62:ef:1b:5b:0b:d0:ab:94:c4:
         d9:dd:d0:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBfHHp2EZ/r1ZZZPF/SceS8OnTJ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA5MTcxMDUyWhcNMjUwNzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWI3MDQwOWEwNjc1ZjU0YjgyZjgwZmQ2YjBiNjcyYjRm
MWIyZjdiMzQzMTExZGMwNzg4MzA2YjFkMGI1YWUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZko3ZjTSWdS6D4FxBfzVzUYkWs3QkNaI/zoMfgXnefprf
5IxW+ZBYCYZI6unHbs4RcAEgRtXnwHEbGZgZt0c8/SSH0Rq1Um1ZtRWGEakuvYi3
MhffJH5gwDKVir9yrum3lBk0mgUf1cQsIxuTbZnXIM7JbkRShT9xAwHB2dd+Qots
c2v4borEODr3TTl60/cKuwzYZv72L02tH2ORHVegmiV/4Wv3QHMphF9iX4bihIWt
ewHum1M4woC7ELA/Jszta6COoTSe2lhTgAkTEtmUzgTVh7HNpFGJZnIdp8WD9A/D
749C9eQetm5nsNX+XBF/bM2a5fcsxdhAo8/HVncDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvskc/Ox5ZGS6vIBvYg4mOLzfBycwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFkZjc5NTJiLThiYTAtNDZlNS04YzhmLWU1MGE1YWRlZjI3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2wfAwDQYJKoZIhvcNAQELBQADggEBADvAhc533amxRW7dsr0M6jc9ZZQi
6eQWeY3c46RbNmL00hhYHGvHDGcQRXVhnOtpqeIPmOJzE4A6jeqR+0EMuorc5zCI
bJudQ+H8nr/yK1+/q2CkYmc4RoSQNYpyBCBkmI7YuogJ/OX1vnBTYGljIVqTX305
UjVmEe/cSsXO0zq+fAwpVnWVGlY3Y+98reLGujTiBMuatAIoTclB63Aqf3AYOueX
HVp2KchZcyjvA01pzf+2ammTDCM0G79BxJRVj+Ke1xY+PaNGNKkQS5dDWAlsmVKB
8JdHzs0fJfDPByQiomfnu8yr4bTOEKzwCSkxxPCosmLvG1sL0KuUxNnd0K8=
-----END CERTIFICATE-----