Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa
File:                     5509b865-3941-4094-bf73-1b07caf81ab7.roa (raw, json)
Hash identifier:          D9atkHNX3v89HgvCn+Sl/IAes6EUaDTk4t7WqCTI7Ls=
Subject key identifier:   45:46:6A:7F:DE:37:B7:94:BB:A2:F3:57:77:C1:DA:5B:20:79:47:65
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E3F71BBF3021ACE1162E25A5D3EADD50E5EE11E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa
Signing time:             Tue 20 May 2025 17:21:42 +0000
ROA not before:           Tue 20 May 2025 17:21:42 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.66.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:3f:71:bb:f3:02:1a:ce:11:62:e2:5a:5d:3e:ad:d5:0e:5e:e1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:21:42 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=dc657d66a69e7ad4e0710900f2e8c8d31216c44af9ae77914cf6c617abad457c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:10:a0:97:fd:b7:28:ce:86:a3:f1:df:66:ed:
                    99:35:f4:a4:27:34:3e:1e:c1:6b:9b:7b:6a:8f:b3:
                    e2:86:ed:5f:a0:61:f9:4d:40:70:65:42:e2:21:29:
                    d0:69:99:b2:a5:d2:61:5d:db:f4:37:2a:de:e9:23:
                    ab:e5:c8:08:e5:b3:06:a9:0f:dd:f1:e7:ad:26:09:
                    4d:05:8a:0a:09:67:53:cb:93:a3:a6:ed:b5:27:d0:
                    ad:29:c0:9a:64:9c:16:4c:01:71:7e:93:a5:8e:2b:
                    83:8f:81:d7:a0:c4:c3:08:05:cb:fc:7d:bc:c8:71:
                    0b:01:bf:e4:ff:5b:3b:cb:b0:73:ad:f1:cf:b4:4b:
                    4d:7f:5b:8e:4d:b8:11:2c:30:ae:4f:5b:d4:df:e8:
                    4d:17:76:b5:f4:59:c5:36:a3:cb:c0:a4:5a:76:b4:
                    eb:aa:af:c0:d1:b7:fd:e2:c4:da:06:32:a0:4c:51:
                    a2:23:a5:57:ed:51:98:df:85:7a:af:84:f9:c5:ab:
                    ef:f5:c3:a7:bf:ae:1d:6c:e9:ee:33:6a:b6:db:35:
                    2b:24:ed:c4:1b:ea:df:80:39:96:6f:8d:b8:80:74:
                    db:67:56:81:d7:57:82:34:ef:34:be:a3:ff:93:a3:
                    63:f5:88:3c:7c:d5:45:68:e1:cc:89:a6:00:be:d7:
                    b8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:46:6A:7F:DE:37:B7:94:BB:A2:F3:57:77:C1:DA:5B:20:79:47:65
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.66.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         4a:64:3f:1b:7e:bb:64:db:25:9c:25:3d:04:de:bd:50:18:d4:
         0c:f6:4d:fe:c3:e0:26:e1:ee:07:b5:ed:74:f6:23:3f:48:65:
         fe:bb:95:0a:62:16:0d:fa:65:fc:34:6f:33:fc:98:c9:54:ef:
         de:08:e5:4a:1c:4c:7e:26:c1:29:96:3d:93:d6:49:0e:43:fb:
         bf:83:3f:0d:6d:8d:7a:e2:bd:e5:e9:ff:85:8a:89:48:64:8b:
         a1:b9:ef:d6:7b:d4:68:e2:77:c2:8a:f3:96:a3:2c:24:05:f4:
         2b:f5:64:4a:68:f4:15:24:56:53:93:9a:e1:55:9a:f9:2f:44:
         64:32:81:3c:85:17:82:6b:d5:6f:80:b3:ee:e8:4c:d3:38:a4:
         13:82:cd:b5:43:0f:dd:be:a9:b0:a4:58:34:93:c2:a3:c2:b9:
         65:a8:5b:30:bc:21:3a:7e:ac:60:85:a1:8b:44:76:d6:85:ff:
         5a:c6:5f:df:a8:81:9c:82:46:bd:a1:9d:ec:82:0f:c7:ee:12:
         fd:c3:07:aa:43:9d:38:d9:b7:2a:61:82:66:fc:e5:18:7d:6f:
         7b:ff:80:69:2a:f9:ca:f5:e7:d6:9a:a5:b4:e6:cf:5a:25:95:
         43:cb:00:38:4b:b7:2c:dd:39:97:89:30:e5:82:24:a8:f1:f6:
         42:11:e0:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXj9xu/MCGs4RYuJaXT6t1Q5e4R4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTcyMTQyWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzY1N2Q2NmE2OWU3YWQ0ZTA3MTA5MDBmMmU4YzhkMzEy
MTZjNDRhZjlhZTc3OTE0Y2Y2YzYxN2FiYWQ0NTdjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCEKCX/bcozoaj8d9m7Zk19KQnND4ewWube2qPs+KG7V+g
YflNQHBlQuIhKdBpmbKl0mFd2/Q3Kt7pI6vlyAjlswapD93x560mCU0FigoJZ1PL
k6Om7bUn0K0pwJpknBZMAXF+k6WOK4OPgdegxMMIBcv8fbzIcQsBv+T/WzvLsHOt
8c+0S01/W45NuBEsMK5PW9Tf6E0XdrX0WcU2o8vApFp2tOuqr8DRt/3ixNoGMqBM
UaIjpVftUZjfhXqvhPnFq+/1w6e/rh1s6e4zarbbNSsk7cQb6t+AOZZvjbiAdNtn
VoHXV4I07zS+o/+To2P1iDx81UVo4cyJpgC+17hJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURUZqf943t5S7ovNXd8HaWyB5R2UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1MDliODY1LTM5NDEtNDA5NC1iZjczLTFiMDdjYWY4MWFiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2QgAwDQYJKoZIhvcNAQELBQADggEBAEpkPxt+u2TbJZwlPQTevVAY1Az2
Tf7D4Cbh7ge17XT2Iz9IZf67lQpiFg36Zfw0bzP8mMlU794I5UocTH4mwSmWPZPW
SQ5D+7+DPw1tjXriveXp/4WKiUhki6G579Z71Gjid8KK85ajLCQF9Cv1ZEpo9BUk
VlOTmuFVmvkvRGQygTyFF4Jr1W+As+7oTNM4pBOCzbVDD92+qbCkWDSTwqPCuWWo
WzC8ITp+rGCFoYtEdtaF/1rGX9+ogZyCRr2hneyCD8fuEv3DB6pDnTjZtyphgmb8
5Rh9b3v/gGkq+cr159aapbTmz1ollUPLADhLtyzdOZeJMOWCJKjx9kIR4Cg=
-----END CERTIFICATE-----