Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa
File:                     6c31ce4d-c77c-4f23-93ae-18987700ff43.roa (raw, json)
Hash identifier:          g7UscG6IEPkZrNRQ9P6C/ttnR2/47SU4WfHBFrxq8xE=
Subject key identifier:   AB:E3:A6:1C:48:97:0B:46:56:E5:8E:BB:DB:83:B3:05:FF:95:59:0C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68E31E0CCBCDEA90DB75A03A28EBFBEC0C29FA36
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa
Signing time:             Fri 18 Apr 2025 16:51:55 +0000
ROA not before:           Fri 18 Apr 2025 16:51:55 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.238.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:e3:1e:0c:cb:cd:ea:90:db:75:a0:3a:28:eb:fb:ec:0c:29:fa:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 16:51:55 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=d3703837d6031ffe2be0c0a3203cc049ce3436c98cd247c5bcc4fe31fd3382f1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:80:a9:18:cc:3e:2c:56:97:c5:83:9a:33:
                    da:ce:54:fa:44:5a:ae:a9:4d:24:4f:b3:82:e5:13:
                    fc:96:a8:d1:f3:5d:a6:d1:ae:2d:2f:b7:16:3c:32:
                    92:10:4b:57:86:b6:2a:30:26:c1:2a:0b:98:4a:81:
                    1a:13:23:18:3e:d5:1c:f0:7f:71:8f:e1:01:a2:ce:
                    b0:8a:f5:ee:57:05:ee:28:45:42:3e:7d:72:a2:ca:
                    b1:a1:2e:da:6d:7a:cb:32:96:fa:61:94:c9:8e:db:
                    1e:e6:54:23:57:e1:89:d8:df:88:48:0d:e8:13:9b:
                    a6:3a:ce:f3:db:d4:68:4b:de:27:85:55:aa:35:57:
                    7d:ec:0c:ea:62:08:db:73:a0:8b:dc:fc:a1:f8:75:
                    eb:75:b0:da:4b:ce:06:f4:62:0f:ca:f7:81:d6:4f:
                    4b:24:84:36:1c:42:43:53:97:a4:01:4e:77:8a:53:
                    5f:56:e5:97:56:63:61:31:6f:b1:e8:20:61:d5:70:
                    8a:7e:4b:67:23:7f:ac:aa:d3:e7:ae:be:ce:0d:b7:
                    83:9e:3c:9f:3f:b8:46:9d:a0:8c:37:4c:a0:82:12:
                    47:02:94:f2:91:0d:70:3c:4f:00:70:b8:81:1c:4e:
                    6b:17:27:b0:a2:94:ed:cb:98:35:aa:1f:47:62:48:
                    f0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E3:A6:1C:48:97:0B:46:56:E5:8E:BB:DB:83:B3:05:FF:95:59:0C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.238.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9e:f3:e5:c1:b1:db:43:7c:e2:52:cc:3c:07:1b:0d:7d:f2:58:
         7c:72:5f:b8:af:36:3b:e6:74:b8:0b:40:08:4e:2d:ff:71:b1:
         f1:36:c6:b0:14:51:8f:10:b8:ce:03:a9:cb:94:d9:e5:c1:e8:
         79:ad:4a:37:3b:ff:4f:62:66:68:31:6d:15:59:6f:23:1f:f9:
         39:09:e7:ab:b3:b1:ce:5f:33:2f:d4:54:a4:51:eb:ec:39:e1:
         b4:d8:d9:a3:12:1b:ca:d5:46:7a:c1:c5:f4:21:21:1d:76:a0:
         90:7e:c9:ad:ca:c0:e9:fc:4c:2f:10:36:04:fe:4a:79:d7:4c:
         be:1e:84:29:77:fb:70:a4:b2:f8:09:79:69:4a:78:05:e5:5e:
         c3:46:ae:cd:c0:eb:a4:42:ac:90:6a:96:55:b2:39:fc:72:f3:
         ad:55:c8:96:42:72:56:06:d9:2e:6b:c9:d9:f4:ae:2b:1e:2e:
         03:04:ed:41:b6:32:be:f4:c6:c0:dd:30:6d:f4:58:92:f1:6e:
         f3:f5:a1:ec:06:89:7d:41:7d:34:fd:fc:fe:57:2b:f3:09:e9:
         c0:14:2c:62:06:52:0f:3a:68:c6:01:9c:53:4b:64:d7:94:34:
         06:e1:4b:e3:98:35:2b:b1:e1:ce:95:e7:73:e5:3f:40:f6:e2:
         11:48:1f:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaOMeDMvN6pDbdaA6KOv77Awp+jYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTY1MTU1WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzcwMzgzN2Q2MDMxZmZlMmJlMGMwYTMyMDNjYzA0OWNl
MzQzNmM5OGNkMjQ3YzViY2M0ZmUzMWZkMzM4MmYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjhYCpGMw+LFaXxYOaM9rOVPpEWq6pTSRPs4LlE/yWqNHz
XabRri0vtxY8MpIQS1eGtiowJsEqC5hKgRoTIxg+1Rzwf3GP4QGizrCK9e5XBe4o
RUI+fXKiyrGhLtptessylvphlMmO2x7mVCNX4YnY34hIDegTm6Y6zvPb1GhL3ieF
Vao1V33sDOpiCNtzoIvc/KH4det1sNpLzgb0Yg/K94HWT0skhDYcQkNTl6QBTneK
U19W5ZdWY2Exb7HoIGHVcIp+S2cjf6yq0+euvs4Nt4OePJ8/uEadoIw3TKCCEkcC
lPKRDXA8TwBwuIEcTmsXJ7CilO3LmDWqH0diSPCDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq+OmHEiXC0ZW5Y6724OzBf+VWQwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjMzFjZTRkLWM3N2MtNGYyMy05M2FlLTE4OTg3NzAwZmY0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ27jAwDQYJKoZIhvcNAQELBQADggEBAJ7z5cGx20N84lLMPAcbDX3yWHxy
X7ivNjvmdLgLQAhOLf9xsfE2xrAUUY8QuM4DqcuU2eXB6HmtSjc7/09iZmgxbRVZ
byMf+TkJ56uzsc5fMy/UVKRR6+w54bTY2aMSG8rVRnrBxfQhIR12oJB+ya3KwOn8
TC8QNgT+SnnXTL4ehCl3+3CksvgJeWlKeAXlXsNGrs3A66RCrJBqllWyOfxy861V
yJZCclYG2S5rydn0riseLgME7UG2Mr70xsDdMG30WJLxbvP1oewGiX1BfTT9/P5X
K/MJ6cAULGIGUg86aMYBnFNLZNeUNAbhS+OYNSux4c6V53PlP0D24hFIH3U=
-----END CERTIFICATE-----