Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3dbed47a-10ca-4c3f-ac7f-2c2f1c02ddc4.roa
File:                     3dbed47a-10ca-4c3f-ac7f-2c2f1c02ddc4.roa (raw, json)
Hash identifier:          l7iejjTO56lsUI8YvYVXnGKzbIEvA0WNP9pkqyNurX0=
Subject key identifier:   41:9E:9D:60:0A:49:BC:7B:48:7F:E4:6B:26:61:3B:2D:E6:5B:E7:24
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7664A281C395C9561DBA58C0149A0255233C2043
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3dbed47a-10ca-4c3f-ac7f-2c2f1c02ddc4.roa
Signing time:             Fri 18 Apr 2025 18:11:02 +0000
ROA not before:           Fri 18 Apr 2025 18:11:02 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.253.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:64:a2:81:c3:95:c9:56:1d:ba:58:c0:14:9a:02:55:23:3c:20:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:11:02 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=027903f01753a2994c735acf03218789f725cd3d426df3d61d0f77f8751c19e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3d:67:9d:82:33:82:8b:22:3a:37:45:39:b0:
                    28:09:d7:6b:6e:32:c7:79:fc:9e:ed:0b:b5:6c:04:
                    02:36:01:a1:8d:36:42:f9:9c:d6:45:d1:43:de:ed:
                    ee:30:5b:0d:db:de:33:f1:31:a8:7d:df:41:ca:6f:
                    7d:13:3b:f1:91:ff:c5:3b:fd:b2:76:af:88:40:75:
                    3c:ea:8c:16:6a:0b:5e:87:ed:58:07:a7:16:86:b1:
                    33:1f:4c:23:9b:5f:19:05:32:e4:82:f7:09:62:10:
                    36:be:f4:bd:76:8e:5e:6d:ea:6a:02:2f:0b:61:bb:
                    86:13:bb:95:a8:d4:a2:82:a5:92:37:ce:ff:0f:ba:
                    72:a5:6d:63:aa:d2:cf:f5:16:61:2f:5c:f0:17:79:
                    fe:cc:51:ea:2b:f9:a0:be:67:46:3b:77:95:c1:c2:
                    59:e4:9b:4d:02:2a:83:b3:2d:cd:a6:ee:ac:4a:53:
                    6f:a5:e9:a1:0f:4e:51:5d:58:23:cc:28:44:e7:e2:
                    17:e4:55:ce:61:3c:5b:a5:99:d5:ad:65:05:9f:8d:
                    c4:ad:2f:94:8c:fe:f3:f9:32:37:6e:7a:70:cb:32:
                    e7:a9:0f:f7:3d:6f:40:90:ef:35:cc:4e:87:ba:c5:
                    e9:88:f6:d8:c1:fe:88:73:9b:58:4a:85:8a:05:89:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:9E:9D:60:0A:49:BC:7B:48:7F:E4:6B:26:61:3B:2D:E6:5B:E7:24
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3dbed47a-10ca-4c3f-ac7f-2c2f1c02ddc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.253.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a6:41:68:07:99:80:6d:c2:f7:8a:7e:97:12:64:8c:d0:2d:e8:
         dd:18:7e:75:f4:fc:3d:5b:15:b5:76:d2:ee:7d:c5:53:37:ba:
         cf:65:6e:92:60:65:ae:d3:1d:7c:fe:dd:79:d7:65:72:6f:7a:
         5f:ee:08:01:d5:6c:48:05:4c:20:18:16:cd:d6:3c:9e:51:95:
         58:5b:7c:ff:9b:59:4f:4d:c7:c4:06:7e:d7:a2:65:da:d8:09:
         9a:18:67:fe:18:dc:e4:17:57:72:44:bb:83:1f:0b:1e:bd:fc:
         51:bb:dd:25:6c:a7:c1:5c:11:ec:49:fb:9d:9d:bf:d7:d1:c2:
         ba:61:d9:65:1b:48:41:49:58:8a:1e:9f:93:e1:2f:cd:35:c6:
         34:7d:7e:79:5b:84:82:a4:a1:b9:27:41:d0:ad:bb:4e:5c:3b:
         35:b4:3f:9c:1d:ff:cb:12:55:e6:3a:e5:aa:40:dd:bf:08:09:
         1b:be:a9:c3:a0:45:26:7b:12:5c:b6:d4:32:f3:7d:f2:98:8f:
         96:24:d2:29:d5:39:94:0f:97:14:f4:7c:18:a5:8d:5e:64:a2:
         8a:9e:6c:22:55:00:6d:70:a7:98:92:81:21:4e:85:3c:52:aa:
         a5:94:89:fe:8f:fb:7e:92:b9:a3:cf:48:e1:4b:80:e0:e1:b9:
         12:02:53:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdmSigcOVyVYduljAFJoCVSM8IEMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgxMTAyWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjc5MDNmMDE3NTNhMjk5NGM3MzVhY2YwMzIxODc4OWY3
MjVjZDNkNDI2ZGYzZDYxZDBmNzdmODc1MWMxOWU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMPWedgjOCiyI6N0U5sCgJ12tuMsd5/J7tC7VsBAI2AaGN
NkL5nNZF0UPe7e4wWw3b3jPxMah930HKb30TO/GR/8U7/bJ2r4hAdTzqjBZqC16H
7VgHpxaGsTMfTCObXxkFMuSC9wliEDa+9L12jl5t6moCLwthu4YTu5Wo1KKCpZI3
zv8PunKlbWOq0s/1FmEvXPAXef7MUeor+aC+Z0Y7d5XBwlnkm00CKoOzLc2m7qxK
U2+l6aEPTlFdWCPMKETn4hfkVc5hPFulmdWtZQWfjcStL5SM/vP5MjduenDLMuep
D/c9b0CQ7zXMToe6xemI9tjB/ohzm1hKhYoFiadPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQZ6dYApJvHtIf+RrJmE7LeZb5yQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNkYmVkNDdhLTEwY2EtNGMzZi1hYzdmLTJjMmYxYzAyZGRjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2/UAwDQYJKoZIhvcNAQELBQADggEBAKZBaAeZgG3C94p+lxJkjNAt6N0Y
fnX0/D1bFbV20u59xVM3us9lbpJgZa7THXz+3XnXZXJvel/uCAHVbEgFTCAYFs3W
PJ5RlVhbfP+bWU9Nx8QGfteiZdrYCZoYZ/4Y3OQXV3JEu4MfCx69/FG73SVsp8Fc
EexJ+52dv9fRwrph2WUbSEFJWIoen5PhL801xjR9fnlbhIKkobknQdCtu05cOzW0
P5wd/8sSVeY65apA3b8ICRu+qcOgRSZ7Ely21DLzffKYj5Yk0inVOZQPlxT0fBil
jV5kooqebCJVAG1wp5iSgSFOhTxSqqWUif6P+36SuaPPSOFLgODhuRICUzI=
-----END CERTIFICATE-----