Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b1cedc8-8c30-4e76-9b1d-ac7b2e541a7e.roa
File:                     3b1cedc8-8c30-4e76-9b1d-ac7b2e541a7e.roa (raw, json)
Hash identifier:          8v60nbnI4AtkPcG/kQ8kd4+gCbvFYnPGWyA26+hmfEo=
Subject key identifier:   C5:D2:9A:6D:6E:BB:4D:0D:6A:07:03:99:68:0B:12:87:36:B1:2F:47
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2504ABECCD14FAD256FCBAFD1900E2847DF2F0DD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b1cedc8-8c30-4e76-9b1d-ac7b2e541a7e.roa
Signing time:             Fri 18 Apr 2025 17:30:29 +0000
ROA not before:           Fri 18 Apr 2025 17:30:29 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.243.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:04:ab:ec:cd:14:fa:d2:56:fc:ba:fd:19:00:e2:84:7d:f2:f0:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 17:30:29 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=7ed30665cf35c87e37a901cb203d5d9601bc99d8562d79e360c5c6a9f17fc896, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:73:4a:97:72:36:32:12:07:b8:b2:1a:71:48:
                    86:07:be:65:6f:82:74:5e:cd:9b:5f:ff:3c:f7:8b:
                    3e:f3:c0:e1:eb:44:96:67:84:d2:ab:62:6d:f4:95:
                    6b:8f:28:ba:40:b5:b7:ca:f8:fc:27:c2:08:59:2f:
                    ba:fb:e5:60:7e:a8:c7:94:de:44:6a:6b:80:60:52:
                    67:10:40:be:e4:ee:85:35:0f:d1:29:2a:ba:2d:8d:
                    de:ff:ef:4d:fd:e8:df:63:37:90:24:d7:d5:93:d7:
                    2b:2d:08:dc:2a:20:5a:20:7a:e6:d1:43:57:61:43:
                    be:e5:ff:88:94:22:ef:d0:75:e6:59:a6:ef:1d:3c:
                    b0:c5:66:02:fc:d2:cc:fe:0c:79:c1:ab:5a:9f:32:
                    78:00:44:7c:65:23:c4:92:8d:e9:f1:a9:c3:77:82:
                    f8:56:8b:1a:7a:e0:3c:ed:d0:95:b8:81:e9:a8:ad:
                    cd:ca:1e:de:09:76:94:fe:14:e5:38:41:d5:38:5e:
                    06:4b:c1:06:3b:df:96:96:46:8e:24:d4:58:18:cf:
                    12:e3:7b:70:fc:48:2b:2f:cb:ed:99:65:49:15:f1:
                    a0:9a:ea:36:9c:b0:0b:4f:03:6a:e5:e8:20:e0:66:
                    b1:8a:db:8b:dc:cb:c6:23:45:45:3f:c5:b1:5b:4e:
                    e8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D2:9A:6D:6E:BB:4D:0D:6A:07:03:99:68:0B:12:87:36:B1:2F:47
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b1cedc8-8c30-4e76-9b1d-ac7b2e541a7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.243.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:79:89:a8:af:ec:d9:da:0b:4c:a8:42:e9:c1:37:6c:7c:d6:
         36:00:47:92:14:cd:f7:fc:1a:42:27:0f:e3:e7:13:94:b1:2c:
         13:4c:c2:26:34:35:4a:58:a3:e1:06:a2:dc:d3:40:2c:fe:9a:
         4b:d0:d8:be:18:c2:3c:a8:a1:bd:f0:5a:19:d1:59:b5:0f:af:
         7a:50:d4:f9:e8:67:3d:8b:77:8b:d7:b1:f5:54:77:e7:4c:1f:
         2e:67:c8:f3:54:88:38:ef:17:b7:b4:6a:85:8f:de:f6:ef:3b:
         5d:86:0c:8a:bd:2f:1c:b9:cf:11:fb:b6:aa:62:ca:f0:f7:07:
         bd:7b:59:41:75:d2:f0:ff:96:32:d5:6a:66:5f:b5:a2:39:86:
         bd:03:14:1d:0c:9a:9f:f2:56:0f:2f:e5:eb:f7:f8:cf:55:98:
         79:79:20:ff:cb:32:a7:7e:45:bc:02:12:c6:90:52:32:b7:c0:
         02:4a:5c:6e:40:d4:83:04:10:59:a3:5a:0e:1c:32:c8:11:84:
         3b:02:ed:30:0d:62:ee:49:09:7d:c6:ba:47:08:8e:74:d7:2c:
         54:c7:63:6d:90:3a:f9:15:a9:a3:4d:f5:3d:d7:7d:6f:74:5d:
         70:0e:c0:29:ca:c9:87:2a:7c:03:7f:e0:56:eb:6b:cc:65:74:
         57:50:23:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJQSr7M0U+tJW/Lr9GQDihH3y8N0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTczMDI5WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZWQzMDY2NWNmMzVjODdlMzdhOTAxY2IyMDNkNWQ5NjAx
YmM5OWQ4NTYyZDc5ZTM2MGM1YzZhOWYxN2ZjODk2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAc0qXcjYyEge4shpxSIYHvmVvgnRezZtf/zz3iz7zwOHr
RJZnhNKrYm30lWuPKLpAtbfK+PwnwghZL7r75WB+qMeU3kRqa4BgUmcQQL7k7oU1
D9EpKrotjd7/70396N9jN5Ak19WT1ystCNwqIFogeubRQ1dhQ77l/4iUIu/QdeZZ
pu8dPLDFZgL80sz+DHnBq1qfMngARHxlI8SSjenxqcN3gvhWixp64Dzt0JW4gemo
rc3KHt4JdpT+FOU4QdU4XgZLwQY735aWRo4k1FgYzxLje3D8SCsvy+2ZZUkV8aCa
6jacsAtPA2rl6CDgZrGK24vcy8YjRUU/xbFbTui5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxdKabW67TQ1qBwOZaAsShzaxL0cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiMWNlZGM4LThjMzAtNGU3Ni05YjFkLWFjN2IyZTU0MWE3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI28xgwDQYJKoZIhvcNAQELBQADggEBAEt5iaiv7NnaC0yoQunBN2x81jYA
R5IUzff8GkInD+PnE5SxLBNMwiY0NUpYo+EGotzTQCz+mkvQ2L4Ywjyoob3wWhnR
WbUPr3pQ1PnoZz2Ld4vXsfVUd+dMHy5nyPNUiDjvF7e0aoWP3vbvO12GDIq9Lxy5
zxH7tqpiyvD3B717WUF10vD/ljLVamZftaI5hr0DFB0Mmp/yVg8v5ev3+M9VmHl5
IP/LMqd+RbwCEsaQUjK3wAJKXG5A1IMEEFmjWg4cMsgRhDsC7TANYu5JCX3GukcI
jnTXLFTHY22QOvkVqaNN9T3XfW90XXAOwCnKyYcqfAN/4Fbra8xldFdQI3Q=
-----END CERTIFICATE-----