Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41b455b0-d4ec-45f7-87bb-597fb62d7277.roa
File:                     41b455b0-d4ec-45f7-87bb-597fb62d7277.roa (raw, json)
Hash identifier:          kwPOjdCtjHYXq1t2vjLHJJcYzgwOqhdxdE/+4nYOFHo=
Subject key identifier:   1D:2E:E4:F6:85:8C:3F:AE:CB:23:66:BD:97:8F:63:F6:8D:D1:0B:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2AFF620EB88266BEFE9EC6DBA5C39747B7C0E482
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41b455b0-d4ec-45f7-87bb-597fb62d7277.roa
Signing time:             Tue 03 Jun 2025 16:20:56 +0000
ROA not before:           Tue 03 Jun 2025 16:20:56 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.219.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ff:62:0e:b8:82:66:be:fe:9e:c6:db:a5:c3:97:47:b7:c0:e4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 16:20:56 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=782d05a259f3ac961bcb1f41db43917503eac7b4179591c4cf4da5dd78ee1c5d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7d:cd:41:31:6a:bd:e9:dc:33:57:23:14:db:
                    1e:7e:4c:89:5b:a3:dd:e6:92:27:71:9c:49:f3:30:
                    d3:02:b9:6a:47:99:64:fa:9c:da:63:50:49:71:32:
                    60:14:52:b0:1a:16:4d:79:64:63:d7:02:53:48:99:
                    0a:77:41:c4:74:ee:96:89:58:b8:58:03:65:1c:ab:
                    ff:8e:96:3b:c4:da:7d:82:3e:cb:5f:fe:80:70:63:
                    c0:56:4e:1e:80:a2:b5:e4:a4:f4:22:de:2f:e6:8f:
                    6f:07:f4:4c:c1:e5:c1:73:35:56:54:10:0b:e1:19:
                    db:17:a5:75:c1:f7:6a:d2:84:79:b3:73:3e:47:28:
                    06:87:8f:b6:d6:5c:7e:91:0d:34:dc:bf:cc:0d:81:
                    2b:f5:1a:31:75:f3:1d:d4:14:00:95:f2:fd:9c:8d:
                    b3:e8:ee:7a:02:4b:32:68:fc:95:54:c0:da:fe:be:
                    92:ef:ce:3a:59:54:3b:66:0b:93:27:ee:fb:e3:92:
                    57:db:d8:f3:ca:23:49:b1:37:11:d8:fd:9c:49:36:
                    4b:54:93:0d:8f:cb:d9:ce:a4:53:e3:a4:58:3f:21:
                    e0:a0:9e:93:1c:17:c4:0a:9e:49:75:06:dc:18:cb:
                    88:67:17:f6:d1:b8:ed:94:2c:ac:86:1b:77:a2:8a:
                    16:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:2E:E4:F6:85:8C:3F:AE:CB:23:66:BD:97:8F:63:F6:8D:D1:0B:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41b455b0-d4ec-45f7-87bb-597fb62d7277.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.219.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:e6:fc:5a:f7:67:4b:af:ed:37:82:54:d1:f3:ed:7a:c1:a5:
         fb:ee:69:c8:3f:7a:e9:06:94:72:26:88:0b:64:44:89:13:48:
         5a:65:2f:37:26:cb:44:17:8d:f8:8d:c0:42:7e:d1:8c:3a:19:
         4d:18:6f:23:60:1b:2d:cd:93:eb:97:26:cb:98:fd:ea:6a:32:
         9f:25:0f:a5:78:be:1c:b2:df:12:ab:94:f7:91:a2:fb:5b:3d:
         21:6a:40:d0:45:a1:cd:37:1a:53:78:52:06:fd:3f:d5:59:9d:
         9d:26:8f:a0:18:1f:61:ea:9d:5e:14:77:8d:e9:19:21:c7:87:
         dc:c7:cf:71:66:30:ef:3d:71:f9:95:61:43:68:fc:5e:5f:bc:
         a6:13:c0:57:23:4a:96:49:a4:19:bb:d9:b5:fe:7a:c8:72:75:
         e7:2d:41:eb:40:38:3a:68:52:56:1a:0e:85:38:77:c8:4e:0d:
         23:04:cf:77:20:51:b7:cf:36:c2:18:b6:84:ea:fb:13:71:7f:
         39:ed:54:f5:d0:c8:23:3f:17:fb:d2:16:dc:17:46:02:d8:71:
         73:e9:6c:7d:6e:de:73:82:96:6d:df:86:20:9a:97:1d:b1:0c:
         c8:a7:74:b9:4c:a8:e6:3c:a9:d6:5a:aa:70:ae:e5:f5:3a:c9:
         c5:72:84:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKv9iDriCZr7+nsbbpcOXR7fA5IIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTYyMDU2WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODJkMDVhMjU5ZjNhYzk2MWJjYjFmNDFkYjQzOTE3NTAz
ZWFjN2I0MTc5NTkxYzRjZjRkYTVkZDc4ZWUxYzVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDefc1BMWq96dwzVyMU2x5+TIlbo93mkidxnEnzMNMCuWpH
mWT6nNpjUElxMmAUUrAaFk15ZGPXAlNImQp3QcR07paJWLhYA2Ucq/+OljvE2n2C
Pstf/oBwY8BWTh6AorXkpPQi3i/mj28H9EzB5cFzNVZUEAvhGdsXpXXB92rShHmz
cz5HKAaHj7bWXH6RDTTcv8wNgSv1GjF18x3UFACV8v2cjbPo7noCSzJo/JVUwNr+
vpLvzjpZVDtmC5Mn7vvjklfb2PPKI0mxNxHY/ZxJNktUkw2Py9nOpFPjpFg/IeCg
npMcF8QKnkl1BtwYy4hnF/bRuO2ULKyGG3eiihZnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHS7k9oWMP67LI2a9l49j9o3RC6IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxYjQ1NWIwLWQ0ZWMtNDVmNy04N2JiLTU5N2ZiNjJkNzI3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI22/gwDQYJKoZIhvcNAQELBQADggEBAJPm/Fr3Z0uv7TeCVNHz7XrBpfvu
acg/eukGlHImiAtkRIkTSFplLzcmy0QXjfiNwEJ+0Yw6GU0YbyNgGy3Nk+uXJsuY
/epqMp8lD6V4vhyy3xKrlPeRovtbPSFqQNBFoc03GlN4Ugb9P9VZnZ0mj6AYH2Hq
nV4Ud43pGSHHh9zHz3FmMO89cfmVYUNo/F5fvKYTwFcjSpZJpBm72bX+eshydect
QetAODpoUlYaDoU4d8hODSMEz3cgUbfPNsIYtoTq+xNxfzntVPXQyCM/F/vSFtwX
RgLYcXPpbH1u3nOClm3fhiCalx2xDMindLlMqOY8qdZaqnCu5fU6ycVyhIs=
-----END CERTIFICATE-----