Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/868750b4-8c5d-4422-8cce-ebfbf71e5945.roa
File:                     868750b4-8c5d-4422-8cce-ebfbf71e5945.roa (raw, json)
Hash identifier:          PQ1X4EabGpYVV6vKNAYVpLNta7RmAgoq9cOQpq/39Q8=
Subject key identifier:   15:59:E8:3E:B1:0D:EA:66:F4:63:7A:70:D1:DE:94:38:C0:37:8A:4C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2270E567ABDF155396731AF20DEEF3AD6B2F0EE6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/868750b4-8c5d-4422-8cce-ebfbf71e5945.roa
Signing time:             Tue 03 Jun 2025 16:21:32 +0000
ROA not before:           Tue 03 Jun 2025 16:21:32 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.210.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:70:e5:67:ab:df:15:53:96:73:1a:f2:0d:ee:f3:ad:6b:2f:0e:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 16:21:32 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=cae5c6474e75f6eee85c72473db65979698d68a92da653778c5aab130de16a5f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:41:71:fc:03:39:a7:d1:bb:18:5c:9d:72:4e:
                    18:c2:bd:72:4f:33:b4:fe:b7:ba:3e:01:67:d2:c9:
                    64:39:4e:73:d9:37:77:c0:b8:95:57:85:9d:51:a2:
                    62:88:74:5d:b2:6c:8d:2f:c3:18:82:43:09:98:45:
                    6c:4c:b2:11:6e:63:00:0f:82:c3:6c:84:2c:93:7e:
                    9b:28:6e:e3:a9:05:aa:ce:ca:b7:a1:f7:d3:f8:4b:
                    8f:ec:e4:5a:ba:4e:c1:91:af:52:f3:03:54:3a:69:
                    a7:ee:37:93:7c:b6:22:9a:32:b3:c5:a0:ab:ac:29:
                    7b:3f:80:65:bb:f8:d3:47:7a:d9:df:04:26:8f:85:
                    00:51:79:75:9e:47:6c:f2:04:14:6d:17:7d:b4:70:
                    62:a5:ad:81:a8:55:98:60:70:7c:0b:a4:73:68:da:
                    88:9d:8f:0a:d3:81:e2:07:47:3f:95:f8:41:0e:9a:
                    2a:95:21:49:f8:2c:d8:3e:2b:c1:8d:1e:8c:ba:89:
                    6f:a4:c1:f1:b6:a8:4b:58:3e:23:e3:20:da:43:9f:
                    a7:61:50:b7:ca:09:3c:da:b0:61:65:ba:2e:35:01:
                    0d:5c:81:ed:19:99:95:4c:a1:d7:4b:b2:5e:6a:5c:
                    fc:47:3d:7c:33:e1:45:70:c8:d8:b9:fb:e4:be:a3:
                    f5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:59:E8:3E:B1:0D:EA:66:F4:63:7A:70:D1:DE:94:38:C0:37:8A:4C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/868750b4-8c5d-4422-8cce-ebfbf71e5945.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         56:78:96:07:dc:54:24:f4:e8:5e:94:eb:5a:53:30:40:6b:5a:
         b1:ce:2d:d7:9e:ac:16:ed:84:13:9c:40:47:49:e4:2e:79:74:
         3e:f4:c9:94:91:a5:fe:f5:14:97:b9:c2:f5:ea:72:8a:dc:90:
         c9:f5:36:c1:de:e5:a3:41:5f:84:5a:df:a4:53:d8:71:6c:d0:
         3e:13:bc:62:1d:e4:d0:4a:31:34:c0:74:43:06:aa:83:10:98:
         d8:f7:b2:4f:7b:9d:7e:cf:8c:f2:84:1f:7d:fa:45:73:1e:57:
         1a:09:64:5f:06:25:70:7d:8d:ae:38:27:65:fe:fa:a4:e3:af:
         cc:4f:61:a2:ca:44:93:40:67:ce:68:a7:b4:a0:60:46:f7:32:
         86:01:25:78:fe:30:ef:6f:4b:f0:d8:37:75:18:0f:9e:a2:9c:
         b2:7a:ed:1e:18:6c:06:80:f9:b6:23:f4:dd:0d:76:fa:3b:0b:
         8a:0e:74:f3:34:52:06:e5:ff:67:4b:3a:71:30:8d:a2:7a:2f:
         b3:61:e0:bb:32:a8:35:45:ea:07:d2:b7:ef:4a:34:81:4f:c4:
         5a:0e:87:92:e6:23:6a:1e:91:d2:d4:8d:13:12:b5:c3:70:9a:
         eb:7d:f5:3e:0f:f2:8c:5e:ba:36:3f:3b:7a:65:01:86:c9:86:
         af:1a:c2:5c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUInDlZ6vfFVOWcxryDe7zrWsvDuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTYyMTMyWhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWU1YzY0NzRlNzVmNmVlZTg1YzcyNDczZGI2NTk3OTY5
OGQ2OGE5MmRhNjUzNzc4YzVhYWIxMzBkZTE2YTVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQQXH8Azmn0bsYXJ1yThjCvXJPM7T+t7o+AWfSyWQ5TnPZ
N3fAuJVXhZ1RomKIdF2ybI0vwxiCQwmYRWxMshFuYwAPgsNshCyTfpsobuOpBarO
yreh99P4S4/s5Fq6TsGRr1LzA1Q6aafuN5N8tiKaMrPFoKusKXs/gGW7+NNHetnf
BCaPhQBReXWeR2zyBBRtF320cGKlrYGoVZhgcHwLpHNo2oidjwrTgeIHRz+V+EEO
miqVIUn4LNg+K8GNHoy6iW+kwfG2qEtYPiPjINpDn6dhULfKCTzasGFlui41AQ1c
ge0ZmZVModdLsl5qXPxHPXwz4UVwyNi5++S+o/WlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFVnoPrEN6mb0Y3pw0d6UOMA3ikwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg2ODc1MGI0LThjNWQtNDQyMi04Y2NlLWViZmJmNzFlNTk0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA20jANBgkqhkiG9w0BAQsFAAOCAQEAVniWB9xUJPToXpTrWlMwQGtasc4t
156sFu2EE5xAR0nkLnl0PvTJlJGl/vUUl7nC9epyityQyfU2wd7lo0FfhFrfpFPY
cWzQPhO8Yh3k0EoxNMB0QwaqgxCY2PeyT3udfs+M8oQfffpFcx5XGglkXwYlcH2N
rjgnZf76pOOvzE9hospEk0BnzmintKBgRvcyhgEleP4w729L8Ng3dRgPnqKcsnrt
HhhsBoD5tiP03Q12+jsLig508zRSBuX/Z0s6cTCNonovs2HguzKoNUXqB9K370o0
gU/EWg6HkuYjah6R0tSNExK1w3Ca6331Pg/yjF66Nj87emUBhsmGrxrCXA==
-----END CERTIFICATE-----