Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22b078b7-c123-4298-8bd4-6cdabd20c90d.roa
File:                     22b078b7-c123-4298-8bd4-6cdabd20c90d.roa (raw, json)
Hash identifier:          SSsbKhuzI3AGNLK++LSXp0ARcVrxREuZYznzkX4ck7c=
Subject key identifier:   2B:79:F8:5A:52:D7:0E:F3:B6:B4:11:DD:71:EA:29:22:15:B8:18:57
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5BC1B194A95D03F0AC25E1737EA7A58705A01599
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22b078b7-c123-4298-8bd4-6cdabd20c90d.roa
Signing time:             Fri 18 Apr 2025 17:21:12 +0000
ROA not before:           Fri 18 Apr 2025 17:21:12 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.251.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:c1:b1:94:a9:5d:03:f0:ac:25:e1:73:7e:a7:a5:87:05:a0:15:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 17:21:12 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=91db9569f7508ac944934288c06d6af9657f17647f8465686d24990a7b11f851, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b7:5b:bb:da:eb:6e:26:4e:7f:99:a8:7d:48:
                    2a:50:cc:09:f9:ef:ad:f4:8e:a5:67:35:a7:31:c6:
                    aa:35:d0:2f:70:14:1e:ef:fc:8f:d5:34:c2:54:bd:
                    a3:d8:6b:9e:c6:a3:a8:19:77:21:49:77:c8:1a:4f:
                    1a:80:9b:d9:4c:1b:f4:a3:86:f4:06:2d:7f:22:fb:
                    c3:c4:d9:7f:4d:4d:6e:ef:75:7b:56:c8:bf:06:95:
                    99:ac:6d:33:3b:44:37:e1:90:ea:b7:0b:5c:5a:d0:
                    da:75:df:58:c9:a0:ad:c6:3e:bd:09:83:ef:e6:8f:
                    97:27:c1:50:49:78:fc:01:44:15:52:4b:f1:c5:c5:
                    7a:ce:00:54:ff:20:52:a8:e3:02:11:98:36:53:a7:
                    f7:71:dc:13:18:79:c4:ce:3e:cd:bd:a9:c4:74:c8:
                    7e:27:f9:df:19:34:8f:1d:7c:cc:20:1c:e0:49:b6:
                    ee:61:3d:c4:ea:9d:66:44:58:7f:aa:d3:24:9d:1c:
                    27:4a:da:81:6d:cb:76:9e:bc:b5:64:8d:24:7f:a9:
                    0a:db:7c:48:92:cc:b5:df:49:73:79:83:cc:b2:1d:
                    76:ce:99:cf:84:88:e5:c7:92:29:bb:a2:65:df:aa:
                    d9:f4:ff:b3:99:d0:3c:2d:4a:a5:44:f7:0c:ad:99:
                    fd:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:79:F8:5A:52:D7:0E:F3:B6:B4:11:DD:71:EA:29:22:15:B8:18:57
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22b078b7-c123-4298-8bd4-6cdabd20c90d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.251.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:65:81:fb:bb:34:e7:18:37:d2:bd:17:e7:65:b4:30:1c:e5:
         45:ab:97:ee:2b:8a:c9:8a:af:04:c7:8b:41:ee:72:47:9a:72:
         34:66:04:5f:18:f6:26:86:df:b9:1a:12:5d:57:59:0e:1b:59:
         56:29:c4:2c:91:bb:35:43:9d:fe:23:d4:16:42:20:09:dc:4e:
         69:af:e7:86:81:e6:c1:48:6d:d6:67:56:1c:3a:f2:7f:92:c8:
         2f:6a:98:28:f0:1e:bd:3e:0e:f1:5d:a6:e2:5b:e1:06:3a:a2:
         6e:b2:fb:84:f9:6a:9d:e0:93:e3:ae:ac:ca:67:5d:42:d3:e3:
         0d:dd:94:f1:a0:bf:14:b1:43:59:d4:57:7d:0b:76:ac:66:e2:
         ed:ef:a2:17:97:9f:fb:ae:49:0a:01:ef:22:59:26:a4:dd:56:
         a9:1a:6a:20:a3:ef:f7:42:71:3a:24:cd:50:b4:60:49:4d:bb:
         43:e8:7b:61:fd:a0:29:76:db:83:06:76:d1:cb:fc:33:de:87:
         87:8e:e8:02:29:6a:7e:9b:70:0d:4b:5b:52:62:3f:36:7e:50:
         54:45:29:3c:11:f7:eb:e5:d7:b6:8e:2b:2c:6a:91:b3:fb:f4:
         f1:73:a6:71:1e:f0:48:c7:d7:99:cd:50:db:2a:5c:69:a1:de:
         eb:2d:84:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW8GxlKldA/CsJeFzfqelhwWgFZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTcyMTEyWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWRiOTU2OWY3NTA4YWM5NDQ5MzQyODhjMDZkNmFmOTY1
N2YxNzY0N2Y4NDY1Njg2ZDI0OTkwYTdiMTFmODUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqt1u72utuJk5/mah9SCpQzAn57630jqVnNacxxqo10C9w
FB7v/I/VNMJUvaPYa57Go6gZdyFJd8gaTxqAm9lMG/SjhvQGLX8i+8PE2X9NTW7v
dXtWyL8GlZmsbTM7RDfhkOq3C1xa0Np131jJoK3GPr0Jg+/mj5cnwVBJePwBRBVS
S/HFxXrOAFT/IFKo4wIRmDZTp/dx3BMYecTOPs29qcR0yH4n+d8ZNI8dfMwgHOBJ
tu5hPcTqnWZEWH+q0ySdHCdK2oFty3aevLVkjSR/qQrbfEiSzLXfSXN5g8yyHXbO
mc+EiOXHkim7omXfqtn0/7OZ0DwtSqVE9wytmf3lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK3n4WlLXDvO2tBHdceopIhW4GFcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIyYjA3OGI3LWMxMjMtNDI5OC04YmQ0LTZjZGFiZDIwYzkwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2+/4wDQYJKoZIhvcNAQELBQADggEBAF1lgfu7NOcYN9K9F+dltDAc5UWr
l+4rismKrwTHi0HuckeacjRmBF8Y9iaG37kaEl1XWQ4bWVYpxCyRuzVDnf4j1BZC
IAncTmmv54aB5sFIbdZnVhw68n+SyC9qmCjwHr0+DvFdpuJb4QY6om6y+4T5ap3g
k+OurMpnXULT4w3dlPGgvxSxQ1nUV30Ldqxm4u3voheXn/uuSQoB7yJZJqTdVqka
aiCj7/dCcTokzVC0YElNu0Poe2H9oCl224MGdtHL/DPeh4eO6AIpan6bcA1LW1Ji
PzZ+UFRFKTwR9+vl17aOKyxqkbP79PFzpnEe8EjH15nNUNsqXGmh3usthOc=
-----END CERTIFICATE-----