Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5bfc8985-f30d-4aee-baa4-fb39c7f7d7b5.roa
File:                     5bfc8985-f30d-4aee-baa4-fb39c7f7d7b5.roa (raw, json)
Hash identifier:          agzTlU3duguBXhNYZ2EfbtW/QIrkkQU06ybSIPIK3ig=
Subject key identifier:   DF:B4:19:5D:2D:72:2F:8D:1C:00:4D:B9:5C:C2:B7:8F:32:64:FA:F5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       07E5D89207E65B3A310BA7667FB494A0A70FBD13
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5bfc8985-f30d-4aee-baa4-fb39c7f7d7b5.roa
Signing time:             Tue 20 May 2025 17:31:47 +0000
ROA not before:           Tue 20 May 2025 17:31:47 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.92.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:e5:d8:92:07:e6:5b:3a:31:0b:a7:66:7f:b4:94:a0:a7:0f:bd:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:31:47 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=fcf4abc89d946df335405f89d29f8596352d72c4842cbe016959bab62f51ef06, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6d:24:f0:08:3e:d5:c4:c2:96:f3:8e:ab:dd:
                    2f:17:0f:af:40:ad:6c:de:fe:97:8a:87:06:fd:5e:
                    c3:b8:2c:36:0d:5e:45:60:b3:1a:d8:65:05:56:03:
                    8a:42:ee:eb:4d:d9:8f:0b:84:1a:4b:87:f6:db:1e:
                    f8:cc:ae:96:f2:c3:80:7a:65:95:09:73:37:8f:cd:
                    17:dd:df:4d:47:7d:71:e1:84:5e:f8:31:28:9a:e8:
                    7e:5a:b1:d3:8c:7f:d4:ee:ba:f5:fa:19:cb:7e:92:
                    99:1c:6c:8e:5d:9d:f2:8a:e4:8a:f7:cb:d2:a0:15:
                    53:e9:93:d6:03:0a:22:d1:45:8d:dc:b5:20:f4:c1:
                    0f:a5:75:7b:bd:0d:01:9f:c7:ad:f7:c9:12:27:91:
                    af:ed:2c:e8:1e:5b:d9:de:cd:aa:23:34:a8:e4:9d:
                    bc:70:34:f0:3e:37:ec:31:b8:b8:5e:c0:a6:ea:d2:
                    18:23:08:35:b1:79:cd:bb:89:03:45:5a:a6:77:ab:
                    46:50:b0:69:a1:82:42:fa:f6:cb:21:3d:bf:d9:30:
                    23:7e:59:60:e1:81:68:2c:f8:05:56:1d:fe:49:33:
                    78:02:a8:28:cb:ca:49:19:00:9c:b1:83:67:02:2c:
                    6d:c9:cc:25:1e:47:51:bf:77:f5:6b:5b:83:8d:68:
                    14:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B4:19:5D:2D:72:2F:8D:1C:00:4D:B9:5C:C2:B7:8F:32:64:FA:F5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5bfc8985-f30d-4aee-baa4-fb39c7f7d7b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.92.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         62:0b:16:32:56:b5:36:50:1c:d8:57:d9:a6:f2:45:bc:d9:c8:
         50:ef:9e:7e:ef:53:16:45:dd:75:01:e6:04:3e:79:11:16:92:
         07:60:e0:bf:e9:9d:68:c0:60:d3:df:d9:21:b2:eb:ad:9c:b5:
         52:41:cf:3e:53:f7:d9:ed:8f:c1:d2:7e:21:44:4c:65:37:3d:
         69:69:ce:f4:26:34:26:46:91:a1:6e:a8:b2:da:fb:d4:ee:4e:
         40:e7:d8:4a:ca:59:ec:0a:1e:b2:e9:0f:ff:26:62:5b:4d:df:
         28:e8:f2:87:fe:86:c7:73:9c:6a:f6:cc:e4:1a:71:69:a4:eb:
         ba:6d:cc:d1:1d:04:69:7e:1a:60:02:58:be:d1:50:01:a4:f9:
         22:ba:60:23:75:db:80:b3:3f:08:95:f4:a9:88:ce:bc:b6:e8:
         ff:74:0d:7c:c9:d2:7c:a0:7c:44:00:da:c4:14:dd:71:42:f3:
         c0:d8:83:17:90:af:5f:3b:01:f2:d3:07:1f:80:e0:ea:3b:25:
         2c:c0:29:36:5b:27:99:f1:96:1a:68:82:02:0a:49:82:bf:5a:
         79:70:18:7e:d6:99:63:01:94:8c:2e:2b:1c:38:4b:00:8a:42:
         85:50:af:cf:12:b4:91:0e:5c:c3:19:51:48:c7:c9:23:c4:ec:
         07:ab:eb:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB+XYkgfmWzoxC6dmf7SUoKcPvRMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTczMTQ3WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmY2Y0YWJjODlkOTQ2ZGYzMzU0MDVmODlkMjlmODU5NjM1
MmQ3MmM0ODQyY2JlMDE2OTU5YmFiNjJmNTFlZjA2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDbSTwCD7VxMKW846r3S8XD69ArWze/peKhwb9XsO4LDYN
XkVgsxrYZQVWA4pC7utN2Y8LhBpLh/bbHvjMrpbyw4B6ZZUJczePzRfd301HfXHh
hF74MSia6H5asdOMf9TuuvX6Gct+kpkcbI5dnfKK5Ir3y9KgFVPpk9YDCiLRRY3c
tSD0wQ+ldXu9DQGfx633yRInka/tLOgeW9nezaojNKjknbxwNPA+N+wxuLhewKbq
0hgjCDWxec27iQNFWqZ3q0ZQsGmhgkL69sshPb/ZMCN+WWDhgWgs+AVWHf5JM3gC
qCjLykkZAJyxg2cCLG3JzCUeR1G/d/VrW4ONaBSJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU37QZXS1yL40cAE25XMK3jzJk+vUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzViZmM4OTg1LWYzMGQtNGFlZS1iYWE0LWZiMzljN2Y3ZDdiNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2XIAwDQYJKoZIhvcNAQELBQADggEBAGILFjJWtTZQHNhX2abyRbzZyFDv
nn7vUxZF3XUB5gQ+eREWkgdg4L/pnWjAYNPf2SGy662ctVJBzz5T99ntj8HSfiFE
TGU3PWlpzvQmNCZGkaFuqLLa+9TuTkDn2ErKWewKHrLpD/8mYltN3yjo8of+hsdz
nGr2zOQacWmk67ptzNEdBGl+GmACWL7RUAGk+SK6YCN124CzPwiV9KmIzry26P90
DXzJ0nygfEQA2sQU3XFC88DYgxeQr187AfLTBx+A4Oo7JSzAKTZbJ5nxlhpoggIK
SYK/WnlwGH7WmWMBlIwuKxw4SwCKQoVQr88StJEOXMMZUUjHySPE7Aer62c=
-----END CERTIFICATE-----