Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/45dc4776-5339-42ce-8fea-1b1d733fd6b6.roa
File:                     45dc4776-5339-42ce-8fea-1b1d733fd6b6.roa (raw, json)
Hash identifier:          B2Me7Q189oXdvpg2ljJaHKvFy+MPX9Db9hFSvJ0uvnM=
Subject key identifier:   3D:06:52:61:96:37:94:90:6A:02:74:C2:BC:D8:8D:1E:4E:AF:E1:01
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       23AD1F8CFE2C026943150131113863DA56A4A208
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/45dc4776-5339-42ce-8fea-1b1d733fd6b6.roa
Signing time:             Fri 18 Apr 2025 00:50:31 +0000
ROA not before:           Fri 18 Apr 2025 00:50:31 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.93.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:ad:1f:8c:fe:2c:02:69:43:15:01:31:11:38:63:da:56:a4:a2:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 00:50:31 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=9a254f5a78932f10bf382e5008d3c5ab458213703ef6bb4179c210449fe25d4a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:93:1b:78:3a:be:4b:22:5c:bc:2a:04:e7:5d:
                    68:fe:0b:f7:0e:7d:67:96:4a:a6:09:03:92:ff:1f:
                    68:e3:97:03:d6:80:d3:8b:11:9d:9e:f0:db:45:b8:
                    30:73:48:9f:b9:67:ef:6a:5b:fc:e5:30:43:0b:ec:
                    ca:c8:6d:69:08:14:d9:64:22:2c:64:b1:c7:4b:63:
                    0a:34:a4:80:7d:fb:03:7d:6d:fa:a3:13:ea:c1:47:
                    54:eb:1a:ec:eb:8a:0d:df:43:a0:59:ca:a2:59:52:
                    17:2e:f1:a3:93:3b:dc:41:c8:9e:35:f4:85:0f:2e:
                    71:b7:26:da:68:6f:6e:cf:b6:19:ec:b4:f4:de:02:
                    0e:53:ee:6e:e4:a0:c7:d0:c9:62:18:bb:23:0d:0c:
                    76:fc:96:77:2f:56:13:ba:1a:05:14:f7:46:c4:7f:
                    7b:cf:ae:06:23:3d:d0:f4:2a:f5:70:36:d8:89:25:
                    f5:04:26:1e:03:5e:cb:e4:75:90:0c:0c:99:44:9e:
                    0e:a2:d5:cd:b8:15:42:c3:c3:67:87:2b:c1:30:67:
                    49:a1:75:49:d8:2f:91:c5:27:0e:df:34:5c:62:b5:
                    4c:fd:85:bb:8e:27:d2:b0:7a:f7:1e:45:1b:dc:07:
                    c6:54:5f:ea:e1:79:65:db:31:76:ef:9b:7b:b2:43:
                    c1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:06:52:61:96:37:94:90:6A:02:74:C2:BC:D8:8D:1E:4E:AF:E1:01
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/45dc4776-5339-42ce-8fea-1b1d733fd6b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:34:5c:2b:73:8e:9d:ac:33:35:de:7d:a3:9a:9c:82:19:c0:
         22:14:56:a9:cd:4d:d7:59:24:a0:f4:26:c2:b2:2a:ec:5c:d5:
         8b:23:49:66:59:f4:ba:de:8f:24:18:67:1d:a0:ed:3d:ef:71:
         ac:51:f2:78:fa:a6:90:39:75:cf:a2:0a:ee:0d:58:0c:a5:02:
         62:69:98:83:44:6e:d1:6a:a2:7e:ff:ac:51:74:88:26:3b:97:
         ab:8a:cd:1a:8d:91:62:c5:b4:00:32:c8:59:9f:fc:7a:ac:56:
         9b:2d:71:10:74:48:83:1d:33:7b:8f:bf:72:4c:40:bb:0a:ca:
         c1:1c:c9:8d:83:d2:e1:41:3b:72:d8:fd:ff:c7:cf:30:4d:e5:
         0a:1c:46:df:d3:34:9d:b2:55:83:73:1f:6f:64:58:76:d2:07:
         17:d5:3b:a8:1b:f9:2f:4d:b0:cc:e0:53:af:a4:57:ed:13:09:
         42:16:2f:d5:b1:13:72:42:a7:78:c0:49:d5:6a:53:77:bb:81:
         f8:94:a2:78:5d:1c:38:fb:00:4d:3e:23:2b:b2:57:df:5b:62:
         1d:1f:31:3f:a9:1e:68:33:2c:76:bd:42:c3:48:ed:9d:e4:43:
         7f:ad:77:a1:78:a4:97:94:c1:ed:83:40:37:ad:df:27:34:06:
         de:db:dc:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI60fjP4sAmlDFQExEThj2lakoggwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MDA1MDMxWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTI1NGY1YTc4OTMyZjEwYmYzODJlNTAwOGQzYzVhYjQ1
ODIxMzcwM2VmNmJiNDE3OWMyMTA0NDlmZTI1ZDRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPkxt4Or5LIly8KgTnXWj+C/cOfWeWSqYJA5L/H2jjlwPW
gNOLEZ2e8NtFuDBzSJ+5Z+9qW/zlMEML7MrIbWkIFNlkIixkscdLYwo0pIB9+wN9
bfqjE+rBR1TrGuzrig3fQ6BZyqJZUhcu8aOTO9xByJ419IUPLnG3Jtpob27Pthns
tPTeAg5T7m7koMfQyWIYuyMNDHb8lncvVhO6GgUU90bEf3vPrgYjPdD0KvVwNtiJ
JfUEJh4DXsvkdZAMDJlEng6i1c24FULDw2eHK8EwZ0mhdUnYL5HFJw7fNFxitUz9
hbuOJ9KwevceRRvcB8ZUX+rheWXbMXbvm3uyQ8ERAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPQZSYZY3lJBqAnTCvNiNHk6v4QEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ1ZGM0Nzc2LTUzMzktNDJjZS04ZmVhLTFiMWQ3MzNmZDZiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XfkwDQYJKoZIhvcNAQELBQADggEBAKs0XCtzjp2sMzXefaOanIIZwCIU
VqnNTddZJKD0JsKyKuxc1YsjSWZZ9LrejyQYZx2g7T3vcaxR8nj6ppA5dc+iCu4N
WAylAmJpmINEbtFqon7/rFF0iCY7l6uKzRqNkWLFtAAyyFmf/HqsVpstcRB0SIMd
M3uPv3JMQLsKysEcyY2D0uFBO3LY/f/HzzBN5QocRt/TNJ2yVYNzH29kWHbSBxfV
O6gb+S9NsMzgU6+kV+0TCUIWL9WxE3JCp3jASdVqU3e7gfiUonhdHDj7AE0+Iyuy
V99bYh0fMT+pHmgzLHa9QsNI7Z3kQ3+td6F4pJeUwe2DQDet3yc0Bt7b3Es=
-----END CERTIFICATE-----