Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3501a782-a1e0-4963-a366-c934bf773113.roa
File:                     3501a782-a1e0-4963-a366-c934bf773113.roa (raw, json)
Hash identifier:          07cgvGaVCPrehbpakKWAE1i3/80NtrMNyobY48aQsD8=
Subject key identifier:   45:90:9C:0F:78:12:A3:F7:C3:49:53:4B:8A:75:BE:A2:16:EC:E1:FB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42A6C285CF876D506100FA41B38C3E7E01382B2E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3501a782-a1e0-4963-a366-c934bf773113.roa
Signing time:             Tue 22 Apr 2025 18:01:43 +0000
ROA not before:           Tue 22 Apr 2025 18:01:43 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:a6:c2:85:cf:87:6d:50:61:00:fa:41:b3:8c:3e:7e:01:38:2b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 22 18:01:43 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=886b767372122940e825690efe1cd23120538e19ad0b6c3a5627c02bfae9c3b2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:54:3b:58:a2:7e:db:81:06:87:36:31:56:06:
                    3d:bb:20:d9:d3:bf:37:46:f3:8b:45:96:57:b8:1a:
                    ab:ba:3b:9b:16:0b:3d:ea:1d:5a:82:f0:7b:fc:73:
                    2d:40:b4:ad:81:76:44:53:bd:51:31:16:00:c2:9a:
                    db:c1:81:56:40:85:5c:52:28:11:35:f2:c1:77:26:
                    e0:77:b3:5e:2a:8f:f3:bb:21:3c:0c:dc:d1:dd:81:
                    4e:74:63:d6:f4:18:07:06:cf:76:48:cf:b4:0b:00:
                    73:99:c9:d0:e7:ba:a4:02:f0:8b:86:fc:b1:f2:d3:
                    8e:b8:c2:99:f5:5e:9b:43:9d:74:b4:d8:16:37:ea:
                    ce:4f:5f:80:53:ea:09:eb:18:71:f0:61:5b:1f:ca:
                    69:1f:2a:d7:43:bb:21:2f:12:97:d4:e6:9a:de:8c:
                    78:8e:4d:00:1c:80:d9:9d:dc:54:e2:fb:6f:4a:b1:
                    96:7e:a1:f4:38:69:23:8f:04:0c:4d:ff:8a:77:1e:
                    f9:71:03:32:c6:39:db:9e:eb:24:ae:e7:39:b8:68:
                    7f:b9:d9:ca:70:fd:db:93:05:0a:73:c9:17:bc:5f:
                    94:cd:5a:1c:74:6e:87:4d:54:d1:79:3b:d2:05:3f:
                    0b:b4:bf:c4:84:d1:ce:45:07:2d:fd:b4:48:6d:ae:
                    fd:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:90:9C:0F:78:12:A3:F7:C3:49:53:4B:8A:75:BE:A2:16:EC:E1:FB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3501a782-a1e0-4963-a366-c934bf773113.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         68:d8:16:b9:9b:a8:23:99:62:ff:62:d9:50:d9:1c:de:21:56:
         97:ed:da:db:f1:d7:25:de:55:66:e0:cc:74:a0:e8:1b:5a:59:
         fb:bc:08:1d:f8:1c:d4:69:28:30:cd:a2:0d:5a:55:d2:e1:d4:
         52:db:6f:49:2e:08:58:f8:e4:18:4d:d4:f3:e6:87:a2:8c:6e:
         2c:c0:66:c9:cf:5a:00:19:0d:e2:d6:7b:e0:9f:47:67:c0:c0:
         65:df:b7:88:1b:51:3f:de:d4:0b:0a:f9:85:f3:0b:01:6c:75:
         ac:96:a8:9c:1d:3d:c9:29:02:38:92:78:69:77:d4:85:c3:f8:
         7f:0f:2e:9d:76:77:ce:31:7d:2b:b5:73:03:19:1c:8e:e0:85:
         ad:41:6c:cc:20:3b:09:cb:1d:58:7e:8e:50:dc:e4:ae:94:d9:
         4a:e3:87:3b:c0:53:09:6f:8d:f7:30:96:0d:87:4d:7c:77:13:
         2a:4e:a8:c4:c9:17:31:fd:2c:5c:9a:27:b0:84:9f:d6:a7:25:
         21:b4:e7:ee:f8:ae:ae:cc:a2:52:a2:56:b1:13:c8:47:00:5c:
         76:56:43:3c:1e:0f:c8:96:2f:e5:4a:29:21:15:9e:0b:22:19:
         3f:7c:8e:b3:c0:71:4c:40:6c:5c:4d:bc:c9:e5:e1:25:b1:1f:
         fd:36:2d:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQqbChc+HbVBhAPpBs4w+fgE4Ky4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDIyMTgwMTQzWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODZiNzY3MzcyMTIyOTQwZTgyNTY5MGVmZTFjZDIzMTIw
NTM4ZTE5YWQwYjZjM2E1NjI3YzAyYmZhZTljM2IyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdVDtYon7bgQaHNjFWBj27INnTvzdG84tFlle4Gqu6O5sW
Cz3qHVqC8Hv8cy1AtK2BdkRTvVExFgDCmtvBgVZAhVxSKBE18sF3JuB3s14qj/O7
ITwM3NHdgU50Y9b0GAcGz3ZIz7QLAHOZydDnuqQC8IuG/LHy0464wpn1XptDnXS0
2BY36s5PX4BT6gnrGHHwYVsfymkfKtdDuyEvEpfU5prejHiOTQAcgNmd3FTi+29K
sZZ+ofQ4aSOPBAxN/4p3HvlxAzLGOdue6ySu5zm4aH+52cpw/duTBQpzyRe8X5TN
Whx0bodNVNF5O9IFPwu0v8SE0c5FBy39tEhtrv1pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURZCcD3gSo/fDSVNLinW+ohbs4fswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM1MDFhNzgyLWExZTAtNDk2My1hMzY2LWM5MzRiZjc3MzExMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ0d6AwDQYJKoZIhvcNAQELBQADggEBAGjYFrmbqCOZYv9i2VDZHN4hVpft
2tvx1yXeVWbgzHSg6BtaWfu8CB34HNRpKDDNog1aVdLh1FLbb0kuCFj45BhN1PPm
h6KMbizAZsnPWgAZDeLWe+CfR2fAwGXft4gbUT/e1AsK+YXzCwFsdayWqJwdPckp
AjiSeGl31IXD+H8PLp12d84xfSu1cwMZHI7gha1BbMwgOwnLHVh+jlDc5K6U2Urj
hzvAUwlvjfcwlg2HTXx3EypOqMTJFzH9LFyaJ7CEn9anJSG05+74rq7MolKiVrET
yEcAXHZWQzweD8iWL+VKKSEVngsiGT98jrPAcUxAbFxNvMnl4SWxH/02Lc4=
-----END CERTIFICATE-----