Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa
File:                     3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa (raw, json)
Hash identifier:          VOQ0BNFoWCGrQIL9Gc7L67DSiyAkbglD/gFlU7FsO9k=
Subject key identifier:   D3:FA:23:AD:83:8B:86:B2:09:A2:4B:BE:92:A3:E9:8D:51:94:BE:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4FFBE6E3D80051EDC8BEB7DAF178F965B4B3FE10
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa
Signing time:             Fri 25 Apr 2025 17:01:04 +0000
ROA not before:           Fri 25 Apr 2025 17:01:04 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:fb:e6:e3:d8:00:51:ed:c8:be:b7:da:f1:78:f9:65:b4:b3:fe:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 17:01:04 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=693ea6044541d4b46abb20c29db9e4d728b46f6abdd6cad3aad05a1a87e7cc3b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ed:4d:e7:8e:59:75:63:f5:df:2f:f5:90:ad:
                    f3:c2:00:0a:7b:2e:2a:f6:45:24:51:c9:a8:fc:f2:
                    65:11:1d:ed:81:6b:24:2c:5b:5c:dc:34:a9:f8:ca:
                    bb:31:36:2e:ae:07:9d:0a:68:b5:0c:da:85:7e:61:
                    6c:3f:e5:b7:a4:64:c2:8c:a7:1c:96:4d:c1:63:6c:
                    ca:5d:89:03:68:0e:03:a8:c1:d3:bc:ef:f3:47:2d:
                    4f:ff:90:aa:b7:a2:80:96:f1:2b:64:67:80:14:10:
                    99:e3:15:25:04:9b:43:1e:a7:9d:4d:67:1b:cc:15:
                    0d:24:e4:7e:6c:a0:99:50:8a:d6:06:f2:dc:43:0d:
                    a8:b6:97:2f:b7:87:92:da:d0:32:6f:93:10:95:d3:
                    eb:a8:8b:0e:bb:fc:70:73:73:dd:20:ef:cb:c6:dc:
                    86:42:4e:e5:7e:41:6a:62:17:7f:0d:b3:8f:4b:58:
                    71:d1:dd:14:21:34:2a:39:f0:c6:6d:10:90:75:07:
                    40:2c:b1:d9:05:20:67:35:a0:f0:f1:55:49:70:61:
                    6e:72:f0:77:82:04:d9:18:80:19:e5:0a:ff:c9:4d:
                    0e:df:28:6d:cf:21:d4:53:9e:f8:00:d0:06:c3:a7:
                    55:1e:7c:1d:08:72:f7:8e:02:58:73:57:c4:aa:36:
                    64:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FA:23:AD:83:8B:86:B2:09:A2:4B:BE:92:A3:E9:8D:51:94:BE:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:32:9d:59:38:a3:b1:a2:fb:28:da:70:03:dd:2b:2f:ee:3e:
         0f:d1:9c:84:2f:59:b9:ef:14:11:35:f8:97:00:7b:48:59:09:
         a7:22:c8:08:29:dc:03:55:61:c5:16:38:60:56:fb:27:f2:2e:
         5d:78:a5:93:cf:1e:70:e7:70:12:04:db:0f:84:7f:9f:16:e4:
         3c:f7:20:1d:7b:18:2b:83:4a:78:b9:48:40:bb:4e:3e:3a:00:
         7b:5a:ed:38:e7:61:2f:17:c9:cf:57:44:44:0c:6e:61:72:d3:
         b6:c7:a3:45:24:ed:0d:81:60:0b:35:0b:39:b3:14:e3:55:32:
         da:68:e1:b0:ed:5b:d1:d0:86:27:8e:9a:53:8c:2f:8e:36:97:
         5c:0f:27:5f:8d:73:9c:71:7d:9a:b0:98:ff:29:8b:ed:23:ba:
         8e:4e:66:dc:6b:c8:28:fa:8a:86:50:bf:5d:7b:e1:87:4c:b6:
         89:3b:c7:52:da:90:6f:46:e0:28:a9:3e:38:1a:2b:52:87:6a:
         c6:ee:4e:7d:5a:6a:10:68:d0:07:38:65:16:f4:0c:6c:72:f6:
         56:11:d7:59:7c:2c:f6:06:4a:86:5c:e1:29:ad:e8:d7:48:37:
         41:d5:e4:97:a3:ea:97:63:bf:d9:09:72:8e:93:0d:9b:51:e2:
         c7:d0:a1:d6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT/vm49gAUe3Ivrfa8Xj5ZbSz/hAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTcwMTA0WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTNlYTYwNDQ1NDFkNGI0NmFiYjIwYzI5ZGI5ZTRkNzI4
YjQ2ZjZhYmRkNmNhZDNhYWQwNWExYTg3ZTdjYzNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDu7U3njll1Y/XfL/WQrfPCAAp7Lir2RSRRyaj88mURHe2B
ayQsW1zcNKn4yrsxNi6uB50KaLUM2oV+YWw/5bekZMKMpxyWTcFjbMpdiQNoDgOo
wdO87/NHLU//kKq3ooCW8StkZ4AUEJnjFSUEm0Mep51NZxvMFQ0k5H5soJlQitYG
8txDDai2ly+3h5La0DJvkxCV0+uoiw67/HBzc90g78vG3IZCTuV+QWpiF38Ns49L
WHHR3RQhNCo58MZtEJB1B0AssdkFIGc1oPDxVUlwYW5y8HeCBNkYgBnlCv/JTQ7f
KG3PIdRTnvgA0AbDp1UefB0IcveOAlhzV8SqNmTTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0/ojrYOLhrIJoku+kqPpjVGUvj8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM5NThkOGNjLWI0OWQtNDdiZi1hMzlmLTNhYjdhN2Y1ZmViNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0X9AwDQYJKoZIhvcNAQELBQADggEBAGMynVk4o7Gi+yjacAPdKy/uPg/R
nIQvWbnvFBE1+JcAe0hZCaciyAgp3ANVYcUWOGBW+yfyLl14pZPPHnDncBIE2w+E
f58W5Dz3IB17GCuDSni5SEC7Tj46AHta7TjnYS8Xyc9XREQMbmFy07bHo0Uk7Q2B
YAs1CzmzFONVMtpo4bDtW9HQhieOmlOML442l1wPJ1+Nc5xxfZqwmP8pi+0juo5O
ZtxryCj6ioZQv1174YdMtok7x1LakG9G4CipPjgaK1KHasbuTn1aahBo0Ac4ZRb0
DGxy9lYR11l8LPYGSoZc4Smt6NdIN0HV5Jej6pdjv9kJco6TDZtR4sfQodY=
-----END CERTIFICATE-----