Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94342818-992c-4f42-87b9-1174a55dacce.roa
File:                     94342818-992c-4f42-87b9-1174a55dacce.roa (raw, json)
Hash identifier:          2YKvV5soj9IR4XjzmXHcw0Ga7O/m+OsFdvgOjaxvAcw=
Subject key identifier:   1E:AF:15:00:5B:B3:5E:42:29:7C:C5:24:08:EE:85:89:90:BA:CA:F5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       13DD8FEEA42352E34FF40AD74080D5063052DAE9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94342818-992c-4f42-87b9-1174a55dacce.roa
Signing time:             Tue 20 May 2025 17:20:56 +0000
ROA not before:           Tue 20 May 2025 17:20:56 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.67.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:dd:8f:ee:a4:23:52:e3:4f:f4:0a:d7:40:80:d5:06:30:52:da:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:20:56 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=c8b2b4cdfdea17ddeb2c722ad070972e0584dae66879652f872ffd2c198d10b3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:de:04:e8:9f:66:67:56:fd:c8:c6:f8:ce:f4:
                    8b:8b:ff:4b:c9:b0:79:10:27:19:3a:a7:05:5f:74:
                    af:b4:fe:b8:e9:bc:13:54:b1:f9:b0:bb:eb:f9:cf:
                    5f:ab:ff:de:27:9d:d0:0f:50:e0:c7:dc:9d:99:44:
                    df:b9:42:29:55:23:a4:1f:1b:f6:c4:d3:99:ec:a1:
                    56:a9:83:a1:84:9e:2d:7a:e0:ab:10:d7:b1:b0:02:
                    bd:e8:40:4c:99:11:5b:cd:eb:b7:9a:8f:51:16:6d:
                    db:b0:5c:a4:44:60:c3:3e:61:9f:c7:3b:30:75:10:
                    7a:16:f7:e2:87:ac:17:2d:a5:c6:fd:b0:03:c1:d5:
                    e9:24:cc:d1:db:4c:1f:00:6a:ca:13:92:1d:49:60:
                    4d:b8:a9:7b:76:fd:a7:06:60:af:8d:50:15:b4:d0:
                    71:2f:a7:73:cb:89:23:53:19:bb:ce:19:13:88:2f:
                    f2:f0:08:a1:97:a9:b6:d3:56:c9:36:fd:98:36:28:
                    05:81:af:3d:57:3c:61:7f:a6:4d:90:e2:d1:4e:20:
                    3a:3d:eb:63:62:df:45:85:27:92:d5:60:79:f3:bf:
                    b5:aa:5d:65:ef:2b:64:4b:00:50:43:2e:89:83:6f:
                    20:16:31:45:16:ee:51:60:6f:45:f6:30:33:ab:49:
                    a0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AF:15:00:5B:B3:5E:42:29:7C:C5:24:08:EE:85:89:90:BA:CA:F5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94342818-992c-4f42-87b9-1174a55dacce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.67.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         b4:ed:e5:49:4b:be:fc:24:77:51:a4:01:59:d7:b1:ae:fb:71:
         18:51:13:eb:b1:f7:cb:e2:d0:58:97:d9:85:89:8f:c8:50:ab:
         52:20:5b:49:a3:75:38:d4:5c:af:e7:5a:18:8b:82:ac:24:1d:
         97:44:f3:57:fd:6e:00:23:96:2e:bf:a9:4e:0b:ca:11:af:8e:
         2d:9e:09:6a:69:21:f7:4d:ff:48:9e:78:40:56:5b:04:b5:8b:
         0a:5c:46:ab:34:a3:81:3e:f5:ff:ae:9e:33:fb:4b:f4:c2:d7:
         33:ff:83:cd:77:66:3d:88:17:df:68:10:9a:d3:09:ba:c7:e9:
         76:3d:7e:01:3e:d3:76:2c:74:34:ad:92:58:e8:92:c3:71:89:
         1a:a7:08:bc:fe:3b:a4:63:e8:74:fd:b6:bf:77:29:b9:dd:da:
         ef:17:bd:71:a8:ea:cb:fa:34:15:2b:db:89:ef:c9:7d:aa:7a:
         f4:92:9a:15:9e:1f:ad:d5:38:6b:f3:b4:57:4c:7f:7a:74:77:
         2c:9c:91:9e:49:af:dd:4e:97:3f:49:d1:6d:a5:a6:9a:fa:28:
         95:4f:63:ba:14:a8:e2:2a:8f:a6:30:4c:6c:bf:c9:c9:b9:d4:
         45:d8:aa:f4:4d:e7:82:36:65:ab:71:28:6f:10:69:cb:8f:3a:
         e0:08:d4:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE92P7qQjUuNP9ArXQIDVBjBS2ukwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTcyMDU2WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOGIyYjRjZGZkZWExN2RkZWIyYzcyMmFkMDcwOTcyZTA1
ODRkYWU2Njg3OTY1MmY4NzJmZmQyYzE5OGQxMGIzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj3gTon2ZnVv3IxvjO9IuL/0vJsHkQJxk6pwVfdK+0/rjp
vBNUsfmwu+v5z1+r/94nndAPUODH3J2ZRN+5QilVI6QfG/bE05nsoVapg6GEni16
4KsQ17GwAr3oQEyZEVvN67eaj1EWbduwXKREYMM+YZ/HOzB1EHoW9+KHrBctpcb9
sAPB1ekkzNHbTB8AasoTkh1JYE24qXt2/acGYK+NUBW00HEvp3PLiSNTGbvOGROI
L/LwCKGXqbbTVsk2/Zg2KAWBrz1XPGF/pk2Q4tFOIDo962Ni30WFJ5LVYHnzv7Wq
XWXvK2RLAFBDLomDbyAWMUUW7lFgb0X2MDOrSaDPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHq8VAFuzXkIpfMUkCO6FiZC6yvUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk0MzQyODE4LTk5MmMtNGY0Mi04N2I5LTExNzRhNTVkYWNjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2QwAwDQYJKoZIhvcNAQELBQADggEBALTt5UlLvvwkd1GkAVnXsa77cRhR
E+ux98vi0FiX2YWJj8hQq1IgW0mjdTjUXK/nWhiLgqwkHZdE81f9bgAjli6/qU4L
yhGvji2eCWppIfdN/0ieeEBWWwS1iwpcRqs0o4E+9f+unjP7S/TC1zP/g813Zj2I
F99oEJrTCbrH6XY9fgE+03YsdDStkljoksNxiRqnCLz+O6Rj6HT9tr93Kbnd2u8X
vXGo6sv6NBUr24nvyX2qevSSmhWeH63VOGvztFdMf3p0dyyckZ5Jr91Olz9J0W2l
ppr6KJVPY7oUqOIqj6YwTGy/ycm51EXYqvRN54I2ZatxKG8QacuPOuAI1Fc=
-----END CERTIFICATE-----