Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8f9f352e-597d-48a1-bfcf-ae44fdfa256c.roa
File:                     8f9f352e-597d-48a1-bfcf-ae44fdfa256c.roa (raw, json)
Hash identifier:          q2NOHz6EYlnlaal04roD52tn2FNQgn+NSt/AdMPVY4M=
Subject key identifier:   DF:81:EB:E8:89:CD:D9:ED:FC:F8:9D:B1:C3:9F:7C:51:BF:1E:14:99
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F79E8CE2D45DD17C09D91670A155826ED305BA9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8f9f352e-597d-48a1-bfcf-ae44fdfa256c.roa
Signing time:             Mon 09 Jun 2025 17:41:26 +0000
ROA not before:           Mon 09 Jun 2025 17:41:26 +0000
ROA not after:            Mon 14 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.237.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:79:e8:ce:2d:45:dd:17:c0:9d:91:67:0a:15:58:26:ed:30:5b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  9 17:41:26 2025 GMT
            Not After : Jul 14 23:59:59 2025 GMT
        Subject: serialNumber=ef879fb83277233df02f77255d8c9c4025934294ed5d834acf5dcc450b0a7825, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:21:25:ab:09:16:6f:18:f3:9b:58:b4:7b:90:
                    14:46:bf:b9:74:03:c1:da:47:36:ed:e4:c3:2b:74:
                    f4:bf:21:75:8f:42:63:f0:c4:40:50:d3:9f:f9:d1:
                    bb:1c:9c:e8:87:82:1e:2c:19:b8:11:8c:66:89:1f:
                    dc:3a:e9:49:55:a5:44:0b:46:77:f1:03:07:42:15:
                    03:7a:54:cb:b1:eb:19:55:27:38:7d:a8:de:d0:ba:
                    04:c6:4e:fa:37:65:26:5b:d5:81:32:73:e9:bc:95:
                    df:a7:a9:95:ac:a0:1d:1f:69:76:e5:3f:69:f6:a5:
                    d0:ff:23:55:58:3e:c5:59:b5:89:ec:71:0d:2b:8e:
                    52:c7:9f:f8:8d:63:86:04:b1:0b:25:d3:4f:00:51:
                    77:73:7f:a0:d7:84:e6:af:f8:96:60:3a:ab:c4:32:
                    33:ca:cb:01:06:a6:fd:fe:a6:bd:e6:5a:e1:08:6a:
                    fa:fc:f8:1c:12:13:2f:54:d1:2a:7a:2f:83:79:f1:
                    02:33:76:81:80:90:56:24:35:46:0a:06:dd:5d:73:
                    00:7b:ed:92:5d:28:c3:bb:db:32:50:68:1d:67:69:
                    5f:86:6e:73:fa:9f:d6:e8:7a:87:a2:cc:0d:b8:73:
                    5c:d7:71:02:30:94:26:89:19:d3:7c:74:a0:12:b0:
                    df:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:81:EB:E8:89:CD:D9:ED:FC:F8:9D:B1:C3:9F:7C:51:BF:1E:14:99
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8f9f352e-597d-48a1-bfcf-ae44fdfa256c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.237.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0a:1f:99:16:34:ed:72:de:6b:ea:6d:91:76:5d:d2:9b:8f:2c:
         72:24:e0:59:e4:97:45:94:e9:40:02:85:6f:1b:7d:3d:43:03:
         c1:98:66:36:09:bd:77:84:fb:c3:e5:0f:4a:0d:70:df:7c:b8:
         d0:8e:10:92:ee:e5:3d:1d:03:03:3b:fb:97:76:06:76:66:eb:
         9a:52:7f:94:98:bc:47:34:50:85:4c:b3:0f:88:fd:80:90:df:
         e3:bb:b1:4b:87:75:ac:d1:c2:a1:9a:08:aa:e5:ef:f3:c2:ac:
         9d:8a:5c:79:de:5e:d4:4d:c0:40:38:ea:05:ea:e6:c4:35:52:
         66:74:91:ed:4e:0a:c8:58:10:9f:6f:cb:3a:06:c2:bd:a7:8d:
         a7:a0:80:d1:52:51:26:5c:18:4b:a3:f0:d3:6e:c6:f3:29:da:
         e1:fd:b9:99:e2:3f:5c:e5:18:06:65:dc:1f:b6:93:19:f8:dc:
         fd:b3:bb:ff:3c:4e:f1:64:77:7c:c9:dd:7e:26:4f:af:eb:ba:
         78:0b:36:85:6b:7f:25:03:4b:a6:d7:fd:6b:0c:44:16:95:5d:
         69:e9:c6:40:88:22:d3:ff:55:15:85:0f:16:72:c0:c9:01:53:
         75:09:fc:d4:4a:1a:ca:51:6e:17:40:f2:fb:9d:7a:23:81:04:
         37:2b:56:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD3nozi1F3RfAnZFnChVYJu0wW6kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA5MTc0MTI2WhcNMjUwNzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjg3OWZiODMyNzcyMzNkZjAyZjc3MjU1ZDhjOWM0MDI1
OTM0Mjk0ZWQ1ZDgzNGFjZjVkY2M0NTBiMGE3ODI1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgISWrCRZvGPObWLR7kBRGv7l0A8HaRzbt5MMrdPS/IXWP
QmPwxEBQ05/50bscnOiHgh4sGbgRjGaJH9w66UlVpUQLRnfxAwdCFQN6VMux6xlV
Jzh9qN7QugTGTvo3ZSZb1YEyc+m8ld+nqZWsoB0faXblP2n2pdD/I1VYPsVZtYns
cQ0rjlLHn/iNY4YEsQsl008AUXdzf6DXhOav+JZgOqvEMjPKywEGpv3+pr3mWuEI
avr8+BwSEy9U0Sp6L4N58QIzdoGAkFYkNUYKBt1dcwB77ZJdKMO72zJQaB1naV+G
bnP6n9boeoeizA24c1zXcQIwlCaJGdN8dKASsN8nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU34Hr6InN2e38+J2xw598Ub8eFJkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhmOWYzNTJlLTU5N2QtNDhhMS1iZmNmLWFlNDRmZGZhMjU2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM27fAwDQYJKoZIhvcNAQELBQADggEBAAofmRY07XLea+ptkXZd0puPLHIk
4Fnkl0WU6UAChW8bfT1DA8GYZjYJvXeE+8PlD0oNcN98uNCOEJLu5T0dAwM7+5d2
BnZm65pSf5SYvEc0UIVMsw+I/YCQ3+O7sUuHdazRwqGaCKrl7/PCrJ2KXHneXtRN
wEA46gXq5sQ1UmZ0ke1OCshYEJ9vyzoGwr2njaeggNFSUSZcGEuj8NNuxvMp2uH9
uZniP1zlGAZl3B+2kxn43P2zu/88TvFkd3zJ3X4mT6/rungLNoVrfyUDS6bX/WsM
RBaVXWnpxkCIItP/VRWFDxZywMkBU3UJ/NRKGspRbhdA8vudeiOBBDcrVpU=
-----END CERTIFICATE-----