Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a78423a-9c56-47a1-9157-947db4eabda9.roa
File:                     9a78423a-9c56-47a1-9157-947db4eabda9.roa (raw, json)
Hash identifier:          yZmUej1h0zBfKAReejFTtEMAJ/cqHxusHB0/Zcg2olY=
Subject key identifier:   86:C9:BC:33:29:2D:D1:F2:E2:2E:CC:CE:CF:2F:54:C3:75:50:E3:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7B6065FCD07D8827E77BF68F4CAB7434CC1BADAA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a78423a-9c56-47a1-9157-947db4eabda9.roa
Signing time:             Mon 09 Jun 2025 16:10:17 +0000
ROA not before:           Mon 09 Jun 2025 16:10:17 +0000
ROA not after:            Mon 14 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.157.72.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:60:65:fc:d0:7d:88:27:e7:7b:f6:8f:4c:ab:74:34:cc:1b:ad:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  9 16:10:17 2025 GMT
            Not After : Jul 14 23:59:59 2025 GMT
        Subject: serialNumber=e050689afe45d1fe02c9d7ebeea6bd04a19a3c4da833254edb8e47d7d0ea0107, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:88:31:14:60:92:0b:24:4d:f5:b5:94:31:51:
                    92:d8:34:c7:da:e5:ca:bd:10:13:4b:33:7f:ea:2d:
                    04:0e:ec:b1:a3:8f:c9:e2:5f:ca:d7:6a:35:28:cd:
                    ee:15:7f:cb:65:e8:12:f6:83:84:16:8e:20:4d:57:
                    f6:73:da:cb:19:ee:79:84:19:a5:2a:18:fc:a9:4e:
                    b4:03:cd:c4:52:ab:96:8d:59:dd:bb:84:f4:80:ce:
                    3f:df:2b:d0:5d:69:8f:28:f9:ac:a7:60:06:63:46:
                    94:a0:21:a2:45:b8:b7:a4:ab:2c:99:25:ba:41:36:
                    c1:75:24:fc:82:2e:fe:98:e8:a5:d8:7e:b6:4a:08:
                    74:66:45:41:b5:d5:d7:7a:ff:ca:92:00:aa:99:91:
                    83:21:01:31:c4:51:79:db:db:39:a2:af:42:d5:51:
                    0b:f2:7b:60:fa:11:ea:e5:01:88:6d:4b:76:6b:c6:
                    03:70:9d:2a:83:17:a6:5d:18:62:e9:fb:2d:ea:59:
                    a7:67:d5:a8:18:0c:cb:67:f3:d0:cd:c4:6d:7a:dc:
                    83:34:70:17:82:19:78:70:4f:b4:c1:cc:ac:9c:8b:
                    d7:32:57:5d:a4:d2:76:56:e7:27:ba:29:2d:bd:47:
                    fc:72:86:d5:76:23:65:47:69:91:df:68:a1:a5:56:
                    c1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C9:BC:33:29:2D:D1:F2:E2:2E:CC:CE:CF:2F:54:C3:75:50:E3:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a78423a-9c56-47a1-9157-947db4eabda9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.157.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b1:15:29:e0:aa:05:a5:b8:c8:db:1d:3e:33:a7:66:de:47:86:
         8a:e0:2b:7b:d1:33:5a:4f:6e:a8:12:45:0f:b8:3e:3b:4b:91:
         06:64:36:c9:79:1b:d1:7b:87:e7:df:bd:dc:87:8b:4b:72:79:
         78:43:a4:49:d9:76:16:e8:c4:6e:66:e4:d3:bd:a4:cf:f5:da:
         31:be:89:ff:fd:0c:69:4d:ae:c4:c2:2d:cd:f2:27:db:ab:75:
         4f:06:b3:84:f3:b9:b9:b5:7c:8c:97:97:33:ba:4a:26:e7:df:
         21:da:48:dc:db:15:cd:3f:84:83:a1:a4:f3:28:a9:ef:e0:29:
         fc:20:b1:c7:72:0d:e4:b9:a9:eb:b6:ce:57:2e:dc:02:57:94:
         89:b4:b2:6f:04:40:54:2b:55:37:22:11:73:e2:ce:c0:bb:62:
         9f:fb:e3:3c:4e:5a:c0:a6:82:9e:0d:24:96:cd:3d:dd:51:9f:
         dd:bc:c3:ad:41:33:52:32:ad:e8:54:ce:89:0a:61:f8:04:4a:
         f8:7d:d7:bd:f9:9a:9c:cc:1f:b9:47:4f:7e:d0:41:57:ce:56:
         b7:83:f9:e1:bc:d9:48:72:fc:ba:d7:7a:6b:ff:45:f1:a5:54:
         de:ff:cb:3e:45:ca:2c:83:9e:c7:a3:52:dc:0e:d7:cb:68:e2:
         4d:14:72:e1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe2Bl/NB9iCfne/aPTKt0NMwbraowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA5MTYxMDE3WhcNMjUwNzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDUwNjg5YWZlNDVkMWZlMDJjOWQ3ZWJlZWE2YmQwNGEx
OWEzYzRkYTgzMzI1NGVkYjhlNDdkN2QwZWEwMTA3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKiDEUYJILJE31tZQxUZLYNMfa5cq9EBNLM3/qLQQO7LGj
j8niX8rXajUoze4Vf8tl6BL2g4QWjiBNV/Zz2ssZ7nmEGaUqGPypTrQDzcRSq5aN
Wd27hPSAzj/fK9BdaY8o+aynYAZjRpSgIaJFuLekqyyZJbpBNsF1JPyCLv6Y6KXY
frZKCHRmRUG11dd6/8qSAKqZkYMhATHEUXnb2zmir0LVUQvye2D6EerlAYhtS3Zr
xgNwnSqDF6ZdGGLp+y3qWadn1agYDMtn89DNxG163IM0cBeCGXhwT7TBzKyci9cy
V12k0nZW5ye6KS29R/xyhtV2I2VHaZHfaKGlVsFJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhsm8Mykt0fLiLszOzy9Uw3VQ47EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlhNzg0MjNhLTljNTYtNDdhMS05MTU3LTk0N2RiNGVhYmRhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2nUgwDQYJKoZIhvcNAQELBQADggEBALEVKeCqBaW4yNsdPjOnZt5Hhorg
K3vRM1pPbqgSRQ+4PjtLkQZkNsl5G9F7h+ffvdyHi0tyeXhDpEnZdhboxG5m5NO9
pM/12jG+if/9DGlNrsTCLc3yJ9urdU8Gs4Tzubm1fIyXlzO6Sibn3yHaSNzbFc0/
hIOhpPMoqe/gKfwgscdyDeS5qeu2zlcu3AJXlIm0sm8EQFQrVTciEXPizsC7Yp/7
4zxOWsCmgp4NJJbNPd1Rn928w61BM1IyrehUzokKYfgESvh91735mpzMH7lHT37Q
QVfOVreD+eG82Uhy/LrXemv/RfGlVN7/yz5FyiyDnsejUtwO18to4k0UcuE=
-----END CERTIFICATE-----