Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e509b26-eb2f-4b8a-8031-d39229950c03.roa
File:                     1e509b26-eb2f-4b8a-8031-d39229950c03.roa (raw, json)
Hash identifier:          AT7QcQQTlAt4xdWdsKMV1Yrj+iO3mki3ijU5CvOFWDA=
Subject key identifier:   45:90:76:6F:5D:53:A1:5F:C3:1E:BE:81:4E:17:28:2F:34:4E:A1:98
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       34D649FABAA42268313DB227571DB85B1BB8D247
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e509b26-eb2f-4b8a-8031-d39229950c03.roa
Signing time:             Mon 14 Apr 2025 16:40:30 +0000
ROA not before:           Mon 14 Apr 2025 16:40:30 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.163.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:d6:49:fa:ba:a4:22:68:31:3d:b2:27:57:1d:b8:5b:1b:b8:d2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:40:30 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=32c47fa7dc12ae415f646b91149a392101ec44931bec2ae8c77654064e1d59c4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f6:36:c5:1a:46:4c:bb:46:bd:6e:ff:2f:c0:
                    18:70:35:4c:09:93:2c:11:a6:8e:c6:3f:6e:84:f9:
                    0e:22:8f:a2:3a:7c:60:f2:32:50:26:64:45:f2:5f:
                    b7:a1:83:f4:65:6e:bc:81:f2:31:7b:57:3f:d1:8d:
                    21:e4:75:12:ae:33:3b:69:ec:e9:1b:dc:fe:8d:3f:
                    cf:a2:58:85:ef:7d:a9:9a:3d:05:ae:6d:16:3d:61:
                    a9:59:f9:40:83:45:c1:73:c2:ba:f4:3a:86:19:e8:
                    2e:71:91:84:13:74:aa:23:ae:8f:9e:3d:dd:75:a6:
                    b8:7c:34:95:a2:6a:63:41:14:9a:21:ce:30:d2:30:
                    30:86:aa:87:54:d3:ba:52:c8:b4:22:20:6b:49:40:
                    ea:9c:49:52:c3:33:54:51:d9:56:c6:0d:59:3e:31:
                    4b:d3:d2:91:c9:d0:ea:bb:16:bf:87:94:20:a4:50:
                    6d:16:18:59:57:5b:9e:b9:f2:f1:92:b0:aa:2b:53:
                    82:e3:f2:5a:03:a8:9f:05:e1:34:55:2d:c6:54:4a:
                    8c:af:56:19:15:2a:7e:59:b9:71:0b:03:f6:74:71:
                    1d:e9:c4:63:2d:3e:bf:0b:78:3e:ff:86:1d:67:45:
                    85:db:48:20:81:94:69:7e:6c:ba:8e:50:df:ef:82:
                    a3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:90:76:6F:5D:53:A1:5F:C3:1E:BE:81:4E:17:28:2F:34:4E:A1:98
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e509b26-eb2f-4b8a-8031-d39229950c03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.163.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8a:47:f6:1b:0e:25:13:a8:56:83:c3:f1:97:42:e5:48:48:56:
         e0:b9:c2:5a:28:e9:16:43:37:5b:b0:03:46:3a:07:35:16:35:
         a3:5e:d6:76:ab:90:15:30:6e:42:78:e3:d2:ae:62:b3:37:4f:
         71:1a:d1:1b:0e:27:63:3a:27:30:5c:a6:dc:5f:59:37:cf:8f:
         9b:15:7a:7f:32:62:c5:91:27:4d:0d:0c:75:d4:2b:58:5a:c9:
         5b:4a:ce:91:8f:79:4e:37:28:1a:33:13:57:43:5a:31:6b:ea:
         25:70:2e:cc:1f:42:cd:92:42:d1:82:ed:81:2f:10:97:61:49:
         e8:26:bc:08:01:c1:2a:dc:9e:7b:55:87:bc:c2:1d:ac:cd:12:
         8b:15:ed:29:b8:c9:9d:a0:39:b5:dd:da:1d:cd:75:20:2a:c7:
         82:e1:7b:cf:32:d5:5f:60:6d:f2:07:d8:54:e5:56:68:9f:21:
         f1:5a:d0:8d:90:14:4c:dd:79:6e:04:d2:78:5f:a6:a9:ba:e8:
         3b:a4:11:62:26:a6:bf:cc:b5:83:73:64:c3:79:c7:84:6a:58:
         79:a3:b4:10:5d:d7:5e:44:ed:23:78:31:48:37:70:fa:e9:a5:
         9d:65:da:b2:1c:30:d0:3b:47:05:bb:7c:68:71:c7:1d:59:22:
         0e:d9:e6:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNNZJ+rqkImgxPbInVx24Wxu40kcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTY0MDMwWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMmM0N2ZhN2RjMTJhZTQxNWY2NDZiOTExNDlhMzkyMTAx
ZWM0NDkzMWJlYzJhZThjNzc2NTQwNjRlMWQ1OWM0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl9jbFGkZMu0a9bv8vwBhwNUwJkywRpo7GP26E+Q4ij6I6
fGDyMlAmZEXyX7ehg/RlbryB8jF7Vz/RjSHkdRKuMztp7Okb3P6NP8+iWIXvfama
PQWubRY9YalZ+UCDRcFzwrr0OoYZ6C5xkYQTdKojro+ePd11prh8NJWiamNBFJoh
zjDSMDCGqodU07pSyLQiIGtJQOqcSVLDM1RR2VbGDVk+MUvT0pHJ0Oq7Fr+HlCCk
UG0WGFlXW5658vGSsKorU4Lj8loDqJ8F4TRVLcZUSoyvVhkVKn5ZuXELA/Z0cR3p
xGMtPr8LeD7/hh1nRYXbSCCBlGl+bLqOUN/vgqOXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURZB2b11ToV/DHr6BThcoLzROoZgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFlNTA5YjI2LWViMmYtNGI4YS04MDMxLWQzOTIyOTk1MGMwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2o4AwDQYJKoZIhvcNAQELBQADggEBAIpH9hsOJROoVoPD8ZdC5UhIVuC5
wloo6RZDN1uwA0Y6BzUWNaNe1narkBUwbkJ449KuYrM3T3Ea0RsOJ2M6JzBcptxf
WTfPj5sVen8yYsWRJ00NDHXUK1hayVtKzpGPeU43KBozE1dDWjFr6iVwLswfQs2S
QtGC7YEvEJdhSegmvAgBwSrcnntVh7zCHazNEosV7Sm4yZ2gObXd2h3NdSAqx4Lh
e88y1V9gbfIH2FTlVmifIfFa0I2QFEzdeW4E0nhfpqm66DukEWImpr/MtYNzZMN5
x4RqWHmjtBBd115E7SN4MUg3cPrppZ1l2rIcMNA7RwW7fGhxxx1ZIg7Z5pk=
-----END CERTIFICATE-----