Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be7bc40-331c-4b3d-bd23-853da36434ef.roa
File:                     3be7bc40-331c-4b3d-bd23-853da36434ef.roa (raw, json)
Hash identifier:          7mWi6FA8Fi5cw4qFjSAui9wazNtm6pQ75ieKxwqUCWs=
Subject key identifier:   10:3E:62:E2:E5:5B:A7:00:75:32:DE:61:3A:D8:61:56:D1:B9:11:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       351A2F4F48E06BF8A95639B21BC68D7312D9B0A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be7bc40-331c-4b3d-bd23-853da36434ef.roa
Signing time:             Fri 13 Jun 2025 18:21:10 +0000
ROA not before:           Fri 13 Jun 2025 18:21:10 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:1a:2f:4f:48:e0:6b:f8:a9:56:39:b2:1b:c6:8d:73:12:d9:b0:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 13 18:21:10 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=0e8c180245e9a52964e66b31912c7ec44d0b161b70426822e7b46811133a47e0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:e8:7b:ec:17:7c:79:ff:f4:3e:92:61:47:a5:
                    be:7f:41:35:7a:9a:fe:da:f8:a3:8e:e9:32:62:aa:
                    50:30:bc:8f:8f:7a:cb:3d:d7:d3:f3:77:87:52:9b:
                    9a:f3:09:9d:1a:00:2d:ff:e6:58:41:57:38:98:21:
                    c6:b7:24:7d:fe:59:a8:8a:87:4b:b0:44:4a:33:2f:
                    b4:0d:4f:81:ea:32:12:92:ef:7e:e1:6b:e6:22:e7:
                    e1:cc:f1:f0:56:27:36:a2:a5:aa:3d:01:80:84:c4:
                    26:15:c5:da:12:3d:f9:45:eb:e9:36:7b:95:bb:91:
                    05:eb:07:0a:60:ab:12:49:d8:ef:92:fb:6b:9c:0d:
                    e8:c6:c2:ba:76:0d:26:37:52:ba:ab:08:ea:90:e1:
                    6f:9f:43:af:21:51:73:3c:a4:a1:5d:12:08:2d:be:
                    bb:2e:61:0f:cf:0b:e5:8f:f4:00:74:78:6f:2c:c9:
                    48:3c:00:d5:d9:89:0e:69:38:1a:a5:e0:f1:47:74:
                    23:ab:4b:61:28:c8:0a:8b:32:c5:13:6b:e9:1b:10:
                    d1:0b:5c:e7:55:a3:f8:a1:57:24:bc:4f:82:8d:97:
                    4b:e4:ae:41:a6:ac:1b:c0:2f:a6:d3:bf:44:af:77:
                    a8:f8:1f:c3:40:2c:f7:c3:f8:75:a0:0a:33:f5:6a:
                    3d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:3E:62:E2:E5:5B:A7:00:75:32:DE:61:3A:D8:61:56:D1:B9:11:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be7bc40-331c-4b3d-bd23-853da36434ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:3d:3e:4d:b1:0a:0c:31:10:1f:f3:cf:ff:0c:23:fc:68:a0:
         4c:98:77:7c:04:93:b2:f2:31:82:18:5f:f3:da:2d:bf:d2:8e:
         a5:92:43:66:12:c6:55:36:49:50:5b:e6:4a:86:8f:66:83:e6:
         5c:2b:41:8e:55:5f:cb:cf:dc:e1:a1:ab:77:00:96:cc:81:03:
         cc:91:0d:41:70:96:b7:d5:2a:51:47:b7:f8:0b:02:1c:4c:e0:
         80:fb:03:1e:66:9f:5b:24:30:90:77:d4:71:d7:1c:3b:11:df:
         64:df:0c:61:39:3f:a2:30:87:f0:0d:fd:ce:ee:ef:37:41:46:
         66:61:9d:61:76:a7:30:3c:cd:88:13:1a:3a:06:9a:ae:8b:4c:
         28:81:9a:1a:57:22:31:a1:f6:fd:df:14:d1:75:15:59:39:e6:
         3d:44:d7:71:bb:f2:56:cb:fe:18:61:38:e3:c6:49:ae:fc:3f:
         21:73:99:e2:bd:fd:e5:03:27:bb:04:55:28:bf:02:70:29:55:
         f7:55:af:79:61:1a:42:55:85:b9:20:33:32:b1:26:24:79:91:
         c8:95:1b:ed:49:9c:ff:d7:8d:56:5c:58:03:ee:41:6f:98:d5:
         67:66:a0:2d:1e:97:92:a1:bf:e9:73:1d:90:14:68:a4:c1:2b:
         fb:54:c8:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNRovT0jga/ipVjmyG8aNcxLZsKAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjEzMTgyMTEwWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZThjMTgwMjQ1ZTlhNTI5NjRlNjZiMzE5MTJjN2VjNDRk
MGIxNjFiNzA0MjY4MjJlN2I0NjgxMTEzM2E0N2UwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDv6HvsF3x5//Q+kmFHpb5/QTV6mv7a+KOO6TJiqlAwvI+P
ess919Pzd4dSm5rzCZ0aAC3/5lhBVziYIca3JH3+WaiKh0uwREozL7QNT4HqMhKS
737ha+Yi5+HM8fBWJzaipao9AYCExCYVxdoSPflF6+k2e5W7kQXrBwpgqxJJ2O+S
+2ucDejGwrp2DSY3UrqrCOqQ4W+fQ68hUXM8pKFdEggtvrsuYQ/PC+WP9AB0eG8s
yUg8ANXZiQ5pOBql4PFHdCOrS2EoyAqLMsUTa+kbENELXOdVo/ihVyS8T4KNl0vk
rkGmrBvAL6bTv0Svd6j4H8NALPfD+HWgCjP1aj0zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUED5i4uVbpwB1Mt5hOthhVtG5ETowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiZTdiYzQwLTMzMWMtNGIzZC1iZDIzLTg1M2RhMzY0MzRlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA28GYwDQYJKoZIhvcNAQELBQADggEBAHo9Pk2xCgwxEB/zz/8MI/xooEyY
d3wEk7LyMYIYX/PaLb/SjqWSQ2YSxlU2SVBb5kqGj2aD5lwrQY5VX8vP3OGhq3cA
lsyBA8yRDUFwlrfVKlFHt/gLAhxM4ID7Ax5mn1skMJB31HHXHDsR32TfDGE5P6Iw
h/AN/c7u7zdBRmZhnWF2pzA8zYgTGjoGmq6LTCiBmhpXIjGh9v3fFNF1FVk55j1E
13G78lbL/hhhOOPGSa78PyFzmeK9/eUDJ7sEVSi/AnApVfdVr3lhGkJVhbkgMzKx
JiR5kciVG+1JnP/XjVZcWAPuQW+Y1WdmoC0el5Khv+lzHZAUaKTBK/tUyJE=
-----END CERTIFICATE-----