Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa
File:                     431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa (raw, json)
Hash identifier:          irM7bA0kopseFUVtjocP6+JFklZ6VHG/fa1EKVmXvwA=
Subject key identifier:   63:CA:EA:09:5D:DE:3B:7E:A3:64:5F:8B:43:0A:4E:D3:F2:91:94:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       58FBFEBDFFC24D9B7E6F14D80430535564ACB283
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa
Signing time:             Mon 09 Jun 2025 16:11:38 +0000
ROA not before:           Mon 09 Jun 2025 16:11:38 +0000
ROA not after:            Mon 14 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.147.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:fb:fe:bd:ff:c2:4d:9b:7e:6f:14:d8:04:30:53:55:64:ac:b2:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  9 16:11:38 2025 GMT
            Not After : Jul 14 23:59:59 2025 GMT
        Subject: serialNumber=04aab5a9b70fdeb2ae8a64147c1d0522fc54773512f6fbd0e62c3fdc6aa0e94b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:23:7e:82:27:0d:57:40:3a:4e:5e:f1:79:a4:
                    72:05:fe:0c:77:f6:44:fe:96:69:8d:6d:27:2f:e4:
                    05:98:fb:05:8b:5a:3b:36:1f:67:f2:15:1b:c8:06:
                    67:47:cf:2f:7b:5f:d9:38:e2:b1:5e:9d:74:38:8b:
                    23:fc:40:fe:5f:39:e2:03:e0:6a:ef:7d:b1:bd:0e:
                    39:05:6b:a6:62:d1:c6:bb:75:a2:d8:b2:07:97:f4:
                    30:04:74:7e:f9:1c:b8:92:b5:02:d0:5f:a4:f0:74:
                    6e:19:a3:2e:6d:d8:27:8f:df:df:2c:fc:85:4b:d9:
                    4e:7d:77:21:63:db:4e:68:08:6c:99:cf:1c:fc:0a:
                    0a:3d:a5:19:5e:17:e4:96:c1:4d:fe:be:9a:2c:2d:
                    7c:a4:81:25:2c:a4:3c:b3:38:bc:d2:76:75:ec:6b:
                    cc:3b:5a:70:05:ba:ee:72:1f:ae:cb:9a:10:34:da:
                    d0:a0:c8:26:8f:38:f2:ed:04:2b:39:50:be:d6:f2:
                    25:27:c8:74:b0:b6:9a:75:e7:8a:c8:26:76:1e:8a:
                    92:e0:31:04:d2:d2:ff:47:43:7d:a8:22:71:a4:f6:
                    17:20:86:f5:9d:45:35:9c:6c:25:23:55:8f:33:d6:
                    50:67:e6:8e:d4:7c:12:cc:5b:66:b8:78:e7:02:05:
                    fe:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:CA:EA:09:5D:DE:3B:7E:A3:64:5F:8B:43:0A:4E:D3:F2:91:94:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.147.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         2a:b8:a4:19:76:f2:fb:1a:4b:6e:19:f1:07:fd:88:bf:55:45:
         7f:5d:3c:4d:74:64:c4:d2:ad:bb:36:da:ba:1b:b2:d0:86:13:
         db:27:a2:91:b8:79:fa:86:32:30:b6:9b:99:49:0e:02:c4:11:
         35:0f:1b:30:7d:fb:40:75:04:5c:8c:b4:99:8c:82:2a:57:24:
         cf:c6:38:e5:58:0e:0e:07:45:a4:f3:3b:92:84:73:25:92:29:
         a1:6e:b6:6e:bf:f7:a9:8e:1c:03:b8:57:e2:fc:b5:45:c2:9f:
         1d:23:70:ff:3f:c3:7a:7c:53:f2:fe:e1:52:d3:23:0f:e2:78:
         6d:7f:d2:b5:66:fd:9a:a1:88:11:98:1d:9f:7e:9b:ff:ff:7e:
         b7:f8:15:00:1c:45:6f:80:3f:f8:cd:ea:e5:b2:09:c0:47:1f:
         a0:2a:e5:33:19:91:96:2b:ff:f1:e9:23:60:d5:d1:47:fd:9f:
         16:e7:e9:a4:ba:65:ea:e5:62:21:0c:bd:91:53:32:c2:ed:0b:
         0b:db:f7:cf:71:2a:e3:e5:84:5c:ca:44:1d:f9:e9:5f:74:90:
         6f:b6:f0:a0:78:6c:c4:cb:a9:d2:05:6b:10:0e:69:5f:ac:79:
         11:86:d9:d1:28:b3:c3:57:25:6e:87:64:ad:04:20:9b:d5:1c:
         d5:a9:4c:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWPv+vf/CTZt+bxTYBDBTVWSssoMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA5MTYxMTM4WhcNMjUwNzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGFhYjVhOWI3MGZkZWIyYWU4YTY0MTQ3YzFkMDUyMmZj
NTQ3NzM1MTJmNmZiZDBlNjJjM2ZkYzZhYTBlOTRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXI36CJw1XQDpOXvF5pHIF/gx39kT+lmmNbScv5AWY+wWL
Wjs2H2fyFRvIBmdHzy97X9k44rFenXQ4iyP8QP5fOeID4GrvfbG9DjkFa6Zi0ca7
daLYsgeX9DAEdH75HLiStQLQX6TwdG4Zoy5t2CeP398s/IVL2U59dyFj205oCGyZ
zxz8Cgo9pRleF+SWwU3+vposLXykgSUspDyzOLzSdnXsa8w7WnAFuu5yH67LmhA0
2tCgyCaPOPLtBCs5UL7W8iUnyHSwtpp154rIJnYeipLgMQTS0v9HQ32oInGk9hcg
hvWdRTWcbCUjVY8z1lBn5o7UfBLMW2a4eOcCBf4jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY8rqCV3eO36jZF+LQwpO0/KRlN0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQzMWZhYjQyLThkY2UtNDk5Ni05ODFlLTBlZWI5Y2I4YTVmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2k0AwDQYJKoZIhvcNAQELBQADggEBACq4pBl28vsaS24Z8Qf9iL9VRX9d
PE10ZMTSrbs22robstCGE9snopG4efqGMjC2m5lJDgLEETUPGzB9+0B1BFyMtJmM
gipXJM/GOOVYDg4HRaTzO5KEcyWSKaFutm6/96mOHAO4V+L8tUXCnx0jcP8/w3p8
U/L+4VLTIw/ieG1/0rVm/ZqhiBGYHZ9+m///frf4FQAcRW+AP/jN6uWyCcBHH6Aq
5TMZkZYr//HpI2DV0Uf9nxbn6aS6ZerlYiEMvZFTMsLtCwvb989xKuPlhFzKRB35
6V90kG+28KB4bMTLqdIFaxAOaV+seRGG2dEos8NXJW6HZK0EIJvVHNWpTCc=
-----END CERTIFICATE-----