Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/529b9429-a63e-4015-896f-d45cfa5e90b2.roa
File:                     529b9429-a63e-4015-896f-d45cfa5e90b2.roa (raw, json)
Hash identifier:          xPfe2nHa+WDJ3rLgmDCIMqR8pqHlireeLzEITZpd4AI=
Subject key identifier:   8D:E7:F9:44:11:F4:31:1D:41:63:CF:85:42:20:C8:82:40:45:06:75
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2ADCC1CCAB7663CAF991B7AACD00CD4E337610A5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/529b9429-a63e-4015-896f-d45cfa5e90b2.roa
Signing time:             Fri 18 Apr 2025 15:00:25 +0000
ROA not before:           Fri 18 Apr 2025 15:00:25 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.116.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:dc:c1:cc:ab:76:63:ca:f9:91:b7:aa:cd:00:cd:4e:33:76:10:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 15:00:25 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=b92d30eb28f2b5f995ed1c93a1570960c4d71912c47cf2bb3b71ba94ea8f7212, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:11:af:94:e0:b5:1f:b3:2d:d3:69:f3:d9:aa:
                    68:e1:31:79:9c:ae:5e:58:e6:59:14:a2:64:94:1d:
                    f0:62:03:c6:88:a9:fe:ff:8b:e5:0e:39:84:20:18:
                    47:44:2d:36:73:21:e3:31:70:a5:cc:58:5d:16:40:
                    1f:ca:87:66:51:0f:e0:b1:75:44:6c:94:83:f5:16:
                    7c:39:97:fa:26:bd:3b:75:b0:11:ec:03:8a:bb:69:
                    ec:96:df:07:20:ae:08:a4:41:2f:af:4e:cf:91:00:
                    35:6f:63:6c:70:d7:2c:bb:e4:17:91:2e:03:50:7d:
                    dc:44:c6:9e:14:b3:69:85:9e:a3:14:c2:ce:5f:d0:
                    3c:f1:5c:bf:a5:87:c9:e2:f8:c7:ad:55:06:31:f8:
                    fc:d1:1a:b9:10:d1:cf:f2:15:6d:99:29:b1:b8:b7:
                    51:93:92:2c:20:7c:8f:01:00:85:d7:f9:0f:f1:68:
                    09:66:4e:85:17:af:7b:c4:2b:57:bd:1b:7f:9e:70:
                    7d:74:d3:0d:bc:01:34:ce:79:d8:c1:57:64:2f:05:
                    e9:b8:57:4b:09:8e:f0:7d:c2:3a:fb:ae:7b:54:99:
                    f5:4d:e3:03:61:e6:21:75:1b:d7:09:65:e4:f7:f4:
                    19:5e:cf:00:5c:51:b4:e7:de:86:aa:4f:a7:a1:3e:
                    83:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E7:F9:44:11:F4:31:1D:41:63:CF:85:42:20:C8:82:40:45:06:75
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/529b9429-a63e-4015-896f-d45cfa5e90b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:f0:60:17:b7:41:e6:79:36:b8:e6:c1:68:70:23:a3:48:dc:
         63:09:b4:02:76:1f:07:8e:2a:7a:01:ad:e2:97:5d:06:3e:00:
         55:59:79:ba:a2:19:8d:39:c7:c3:e6:b0:3c:d2:ed:13:39:97:
         41:67:d6:98:40:cd:01:33:a7:cd:79:b4:a8:42:98:df:28:ff:
         bf:23:3e:4a:60:21:60:eb:9c:1a:6a:c1:21:54:f0:71:88:9d:
         89:3c:32:f6:3e:32:0f:0f:50:76:0c:b0:b6:f0:e4:ed:6d:8d:
         78:b6:6b:f1:ce:34:f3:9c:4f:ea:60:b3:50:4e:b2:d5:41:57:
         6e:0c:da:01:9a:48:42:42:fb:20:77:91:43:e6:57:18:df:40:
         f1:f6:03:30:dd:ed:dd:88:3d:ce:9f:d9:2c:53:9a:49:c5:77:
         7c:50:2f:bf:98:3d:7e:05:ff:54:b8:93:c3:72:03:91:d5:e3:
         73:bc:31:66:8f:a8:67:66:95:81:fc:86:35:e7:26:6c:c4:ea:
         bc:2c:8e:3d:4b:22:1b:f8:4d:aa:75:51:31:71:73:3e:2d:b9:
         1d:51:f7:e6:f3:25:2c:fd:ba:5b:cc:9b:20:24:c7:e4:4a:32:
         43:8f:c1:07:82:2d:5d:46:50:c7:60:c0:bd:a4:cf:43:e3:f3:
         8c:d5:fd:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKtzBzKt2Y8r5kbeqzQDNTjN2EKUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTUwMDI1WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTJkMzBlYjI4ZjJiNWY5OTVlZDFjOTNhMTU3MDk2MGM0
ZDcxOTEyYzQ3Y2YyYmIzYjcxYmE5NGVhOGY3MjEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbEa+U4LUfsy3TafPZqmjhMXmcrl5Y5lkUomSUHfBiA8aI
qf7/i+UOOYQgGEdELTZzIeMxcKXMWF0WQB/Kh2ZRD+CxdURslIP1Fnw5l/omvTt1
sBHsA4q7aeyW3wcgrgikQS+vTs+RADVvY2xw1yy75BeRLgNQfdxExp4Us2mFnqMU
ws5f0DzxXL+lh8ni+MetVQYx+PzRGrkQ0c/yFW2ZKbG4t1GTkiwgfI8BAIXX+Q/x
aAlmToUXr3vEK1e9G3+ecH100w28ATTOedjBV2QvBem4V0sJjvB9wjr7rntUmfVN
4wNh5iF1G9cJZeT39BlezwBcUbTn3oaqT6ehPoOJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjef5RBH0MR1BY8+FQiDIgkBFBnUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyOWI5NDI5LWE2M2UtNDAxNS04OTZmLWQ0NWNmYTVlOTBiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0XnQwDQYJKoZIhvcNAQELBQADggEBAHLwYBe3QeZ5NrjmwWhwI6NI3GMJ
tAJ2HweOKnoBreKXXQY+AFVZebqiGY05x8PmsDzS7RM5l0Fn1phAzQEzp815tKhC
mN8o/78jPkpgIWDrnBpqwSFU8HGInYk8MvY+Mg8PUHYMsLbw5O1tjXi2a/HONPOc
T+pgs1BOstVBV24M2gGaSEJC+yB3kUPmVxjfQPH2AzDd7d2IPc6f2SxTmknFd3xQ
L7+YPX4F/1S4k8NyA5HV43O8MWaPqGdmlYH8hjXnJmzE6rwsjj1LIhv4Tap1UTFx
cz4tuR1R9+bzJSz9ulvMmyAkx+RKMkOPwQeCLV1GUMdgwL2kz0Pj84zV/ec=
-----END CERTIFICATE-----