Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b45d39f-1f02-4091-a271-281a1b311fe3.roa
File:                     3b45d39f-1f02-4091-a271-281a1b311fe3.roa (raw, json)
Hash identifier:          /PnRo3QC2/ARFotaBZZgIZU83zCdmF36dPR5Q2dkNpI=
Subject key identifier:   12:DC:04:E1:2D:3C:1D:7E:B7:86:C1:40:6F:10:76:2F:99:6B:35:75
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       15A042A8508EAE20F4815935E07BA307CC245A0B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b45d39f-1f02-4091-a271-281a1b311fe3.roa
Signing time:             Fri 18 Apr 2025 16:00:13 +0000
ROA not before:           Fri 18 Apr 2025 16:00:13 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.46.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:a0:42:a8:50:8e:ae:20:f4:81:59:35:e0:7b:a3:07:cc:24:5a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 16:00:13 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=c780349113f3874fa9dc38d514fd6dbc70412829104cb973b1c2ec27630bccc9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b2:a3:0f:ff:1f:6a:52:0b:b8:da:9c:b3:65:
                    76:26:c0:94:bd:00:26:c8:f0:e6:51:4c:7c:5d:b9:
                    ee:23:f8:e1:e1:fe:36:c5:20:c6:2f:93:f7:f8:42:
                    e7:6f:d1:ad:83:fb:a9:bb:c1:ae:5e:a6:b6:ff:d0:
                    1f:38:ab:e3:38:1f:73:bb:0f:17:d3:b9:db:44:d1:
                    92:7f:cb:7c:49:a0:d3:09:65:5a:b3:fa:24:75:57:
                    5c:0c:7f:2d:a8:98:d5:80:ee:ec:35:c1:5e:ce:f1:
                    c6:11:8e:46:4b:7e:9b:ae:4a:93:a4:6b:77:b4:61:
                    1d:12:be:6f:75:60:9e:da:27:8b:2e:a1:53:8e:f0:
                    45:15:08:5a:3f:1e:c4:a3:8b:ef:c0:13:1e:2e:e2:
                    a0:13:95:c6:3d:f4:65:53:2c:9e:4b:51:c9:53:17:
                    66:aa:75:92:39:43:aa:87:aa:7e:02:db:b9:8b:0f:
                    ea:3f:9b:a7:1c:aa:12:50:f0:51:ff:b6:01:1f:20:
                    35:5d:5a:6c:c8:e9:99:f1:cd:b0:47:05:da:3b:58:
                    fc:58:45:4b:e0:54:c4:99:8a:df:f9:3d:be:0e:8f:
                    6a:6a:6b:06:59:fd:ec:6e:0a:e7:4a:7e:e2:80:8e:
                    0c:62:5e:18:3e:51:d4:a1:12:33:e0:8c:d4:69:c4:
                    a8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DC:04:E1:2D:3C:1D:7E:B7:86:C1:40:6F:10:76:2F:99:6B:35:75
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b45d39f-1f02-4091-a271-281a1b311fe3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:b1:25:51:76:19:58:5f:ba:8c:bc:83:33:d8:30:18:59:65:
         98:ea:f4:a5:f2:aa:3a:05:41:a3:cd:e8:65:74:53:0b:b1:31:
         73:5e:6a:5f:ed:58:45:55:da:58:5a:5b:f5:d9:9d:b7:11:37:
         f1:ca:09:b5:fa:95:f7:1f:7e:c8:54:11:57:e4:00:14:cb:05:
         30:e2:4e:68:f6:a8:e8:f5:bc:8e:3e:0a:27:c5:57:84:f9:4a:
         9f:38:e2:67:34:b3:0d:e3:80:18:50:c7:51:e9:b2:d7:7c:48:
         7f:41:b1:99:3e:40:55:6a:ef:60:f6:cb:0a:c6:a5:da:e4:9c:
         a0:8c:17:60:77:2c:93:a6:8d:87:e5:d5:f9:56:d0:12:f3:ab:
         91:21:87:ac:57:c8:20:f4:f5:c7:00:32:1b:d7:bf:3e:c5:22:
         d5:c3:cc:26:f8:2f:7c:d7:a4:69:2d:1a:66:95:61:d6:38:a7:
         65:4d:b7:66:f2:aa:c5:fc:d6:99:85:0c:41:b3:ae:ae:b6:83:
         e6:5d:50:1b:87:57:9c:d0:86:2e:6a:07:b9:76:2a:45:cb:e5:
         01:63:4a:4f:d0:92:02:b4:ff:cd:3a:69:cb:74:35:04:5b:72:
         8f:b5:7f:26:fa:c0:23:17:90:73:a7:65:ba:c8:19:e8:7d:f8:
         c6:65:67:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFaBCqFCOriD0gVk14HujB8wkWgswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTYwMDEzWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzgwMzQ5MTEzZjM4NzRmYTlkYzM4ZDUxNGZkNmRiYzcw
NDEyODI5MTA0Y2I5NzNiMWMyZWMyNzYzMGJjY2M5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpsqMP/x9qUgu42pyzZXYmwJS9ACbI8OZRTHxdue4j+OHh
/jbFIMYvk/f4Qudv0a2D+6m7wa5eprb/0B84q+M4H3O7DxfTudtE0ZJ/y3xJoNMJ
ZVqz+iR1V1wMfy2omNWA7uw1wV7O8cYRjkZLfpuuSpOka3e0YR0Svm91YJ7aJ4su
oVOO8EUVCFo/HsSji+/AEx4u4qATlcY99GVTLJ5LUclTF2aqdZI5Q6qHqn4C27mL
D+o/m6ccqhJQ8FH/tgEfIDVdWmzI6ZnxzbBHBdo7WPxYRUvgVMSZit/5Pb4Oj2pq
awZZ/exuCudKfuKAjgxiXhg+UdShEjPgjNRpxKh5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEtwE4S08HX63hsFAbxB2L5lrNXUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiNDVkMzlmLTFmMDItNDA5MS1hMjcxLTI4MWExYjMxMWZlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0LvQwDQYJKoZIhvcNAQELBQADggEBABexJVF2GVhfuoy8gzPYMBhZZZjq
9KXyqjoFQaPN6GV0UwuxMXNeal/tWEVV2lhaW/XZnbcRN/HKCbX6lfcffshUEVfk
ABTLBTDiTmj2qOj1vI4+CifFV4T5Sp844mc0sw3jgBhQx1Hpstd8SH9BsZk+QFVq
72D2ywrGpdrknKCMF2B3LJOmjYfl1flW0BLzq5Ehh6xXyCD09ccAMhvXvz7FItXD
zCb4L3zXpGktGmaVYdY4p2VNt2byqsX81pmFDEGzrq62g+ZdUBuHV5zQhi5qB7l2
KkXL5QFjSk/QkgK0/806act0NQRbco+1fyb6wCMXkHOnZbrIGeh9+MZlZ8g=
-----END CERTIFICATE-----