Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/717d8d60-b812-4321-a774-df7920ae17ef.roa
File:                     717d8d60-b812-4321-a774-df7920ae17ef.roa (raw, json)
Hash identifier:          gu5Ue+mn7IWY2kH7wfz3s8mSr/wG42nQosFvJwTF0Yc=
Subject key identifier:   D2:83:67:0A:5A:35:C9:94:6C:1B:2A:CA:76:31:77:17:2A:0F:3B:AC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3F58CCFA6AF395E1058A87F6FF22027CE8A07A2D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/717d8d60-b812-4321-a774-df7920ae17ef.roa
Signing time:             Fri 25 Jul 2025 16:00:07 +0000
ROA not before:           Fri 25 Jul 2025 16:00:07 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.160.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:58:cc:fa:6a:f3:95:e1:05:8a:87:f6:ff:22:02:7c:e8:a0:7a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 16:00:07 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=0ca1251c5d2953e9e74d85182ad7cf1cf5a4536a5f7b8f98bdb2d769184c9558, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8d:2f:cc:6d:b2:3a:37:dc:3f:ba:01:da:a2:
                    07:af:c3:03:28:38:07:62:c3:d8:bb:6f:2f:52:00:
                    32:bf:5b:74:09:53:bc:aa:cf:bc:88:bb:ad:ec:e3:
                    82:7e:c0:f5:ac:bf:f9:4e:ed:71:41:88:4f:2b:f2:
                    5f:fb:2d:1a:75:3f:60:bf:d7:04:c3:88:f5:38:96:
                    29:a9:8e:68:a7:51:be:af:79:84:14:41:89:dd:1d:
                    0a:21:92:33:46:3a:5b:94:a0:c5:9e:25:93:43:bc:
                    1b:2e:07:ff:92:ef:e7:6b:ee:00:83:1f:e6:d7:a6:
                    68:9e:0e:7a:4d:83:1c:fe:fe:11:fd:53:7b:1c:cf:
                    ff:0d:b9:66:03:fd:e2:8b:52:59:c1:d9:5a:d6:33:
                    f9:3e:81:9c:d3:db:b2:6a:51:e1:99:29:f5:a0:1e:
                    37:43:f0:0a:22:6d:05:8d:ea:e4:7e:45:fa:63:8e:
                    ad:c3:4a:21:d8:6d:88:28:da:0c:13:f4:82:97:14:
                    b4:e2:ee:87:86:98:27:da:30:19:bd:b0:3e:67:92:
                    5a:dc:09:e2:1d:d4:8f:d1:c7:70:89:e0:44:fb:88:
                    c0:bd:9b:3a:bd:43:8c:5b:61:0a:2d:27:9b:8c:10:
                    1d:9d:d0:7f:0d:c0:e4:86:00:5f:47:4d:88:97:dd:
                    99:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:83:67:0A:5A:35:C9:94:6C:1B:2A:CA:76:31:77:17:2A:0F:3B:AC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/717d8d60-b812-4321-a774-df7920ae17ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.160.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         21:7a:d5:7c:fd:7e:e4:47:50:56:11:99:09:32:2f:74:39:07:
         4a:64:4c:bb:f3:7f:3f:eb:e1:34:23:7e:e4:e8:52:44:4e:dc:
         7b:2b:a8:96:cc:3a:df:d6:9a:00:12:1c:a6:d7:6f:57:bd:8d:
         f5:da:d1:56:f0:2d:fb:72:3d:a0:b4:f5:7d:5c:e5:a8:5d:96:
         88:42:b7:21:5d:0f:12:8c:67:46:a0:f4:b0:e3:8e:d8:0e:f5:
         a8:d6:4b:64:de:55:b2:1e:7e:28:76:45:d3:3e:31:3b:88:f8:
         6f:67:b0:9a:a7:7f:a4:a7:65:9a:f0:15:95:f3:03:27:90:f1:
         77:d9:01:f0:3d:17:08:ea:aa:79:b1:93:8a:80:7a:13:a1:99:
         30:de:73:84:cd:f9:bc:64:35:ca:15:96:85:80:26:d1:60:54:
         f8:ad:5b:2b:e4:d7:6f:74:87:5a:04:6b:2a:fa:d2:e9:2e:e9:
         85:6c:80:07:64:ee:44:b7:11:5f:95:9a:45:65:56:52:ea:c4:
         1b:d0:98:a3:f0:35:00:78:af:9d:9e:44:c3:63:45:50:32:de:
         bd:da:f3:88:bb:d5:f1:c5:40:ff:72:5a:ac:5e:a9:ed:1a:8a:
         6b:22:12:33:01:d8:8c:64:eb:70:e5:e4:52:6e:d1:b6:3b:72:
         db:ec:58:cf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP1jM+mrzleEFiof2/yICfOigei0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTYwMDA3WhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwY2ExMjUxYzVkMjk1M2U5ZTc0ZDg1MTgyYWQ3Y2YxY2Y1
YTQ1MzZhNWY3YjhmOThiZGIyZDc2OTE4NGM5NTU4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzjS/MbbI6N9w/ugHaogevwwMoOAdiw9i7by9SADK/W3QJ
U7yqz7yIu63s44J+wPWsv/lO7XFBiE8r8l/7LRp1P2C/1wTDiPU4limpjminUb6v
eYQUQYndHQohkjNGOluUoMWeJZNDvBsuB/+S7+dr7gCDH+bXpmieDnpNgxz+/hH9
U3scz/8NuWYD/eKLUlnB2VrWM/k+gZzT27JqUeGZKfWgHjdD8AoibQWN6uR+Rfpj
jq3DSiHYbYgo2gwT9IKXFLTi7oeGmCfaMBm9sD5nklrcCeId1I/Rx3CJ4ET7iMC9
mzq9Q4xbYQotJ5uMEB2d0H8NwOSGAF9HTYiX3ZkdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0oNnClo1yZRsGyrKdjF3FyoPO6wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxN2Q4ZDYwLWI4MTItNDMyMS1hNzc0LWRmNzkyMGFlMTdlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2oEAwDQYJKoZIhvcNAQELBQADggEBACF61Xz9fuRHUFYRmQkyL3Q5B0pk
TLvzfz/r4TQjfuToUkRO3HsrqJbMOt/WmgASHKbXb1e9jfXa0VbwLftyPaC09X1c
5ahdlohCtyFdDxKMZ0ag9LDjjtgO9ajWS2TeVbIefih2RdM+MTuI+G9nsJqnf6Sn
ZZrwFZXzAyeQ8XfZAfA9Fwjqqnmxk4qAehOhmTDec4TN+bxkNcoVloWAJtFgVPit
Wyvk1290h1oEayr60uku6YVsgAdk7kS3EV+VmkVlVlLqxBvQmKPwNQB4r52eRMNj
RVAy3r3a84i71fHFQP9yWqxeqe0aimsiEjMB2Ixk63Dl5FJu0bY7ctvsWM8=
-----END CERTIFICATE-----