Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9d97dca0-2fcf-4033-8e1b-a6043d88a7af.roa
File:                     9d97dca0-2fcf-4033-8e1b-a6043d88a7af.roa (raw, json)
Hash identifier:          qiZt462hlPjnhgqWxyU1JKyQbfyKfUBX52nHOZco0qQ=
Subject key identifier:   AA:03:4D:32:75:E2:69:CC:B5:AA:4A:11:14:61:57:28:FC:89:50:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3224EBC806433E5C94CF4CC7DA2A1AF7F1068BFC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9d97dca0-2fcf-4033-8e1b-a6043d88a7af.roa
Signing time:             Fri 11 Jul 2025 17:30:52 +0000
ROA not before:           Fri 11 Jul 2025 17:30:52 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:24:eb:c8:06:43:3e:5c:94:cf:4c:c7:da:2a:1a:f7:f1:06:8b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 17:30:52 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=489203125ab55e9caa04c76fd583e2d5d45c85209973e55fdfc535045f64f0c7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a3:b9:3c:e1:2e:ef:a0:13:9c:60:32:ed:2a:
                    2b:74:ba:6a:57:48:0a:9c:ee:83:8d:ab:76:20:63:
                    20:07:b1:7f:a9:b7:99:f4:f3:54:06:8d:42:ce:f5:
                    c8:52:89:35:45:29:94:7e:cf:97:f4:7c:d8:e0:7b:
                    7c:00:64:a8:4d:26:52:4d:32:7e:b5:61:76:31:8f:
                    52:9b:09:76:94:6f:ec:c7:d6:2e:e5:ce:80:c0:38:
                    3d:bd:db:f0:54:0b:df:33:6d:bc:12:54:c6:7c:7f:
                    20:86:a9:09:9c:94:0b:b8:87:3c:2f:96:a9:b6:71:
                    3d:7f:7a:aa:fc:98:bb:e2:65:bb:5d:69:d5:4f:bc:
                    ed:40:3e:00:40:9b:23:ec:d6:37:af:07:58:08:8c:
                    42:d5:cd:c9:d1:a6:63:ed:d5:ab:ec:0c:cb:3c:66:
                    bb:88:73:c7:a5:de:1d:98:4b:43:91:52:47:10:05:
                    1b:e6:22:ff:27:91:e3:9f:6f:ef:ef:da:0c:19:28:
                    05:dc:ca:5f:a8:2b:36:d0:db:d8:d1:aa:06:3c:25:
                    6b:15:a6:e0:4c:ee:06:82:c7:fd:3a:38:0a:bb:02:
                    9d:35:9b:19:80:11:2b:8c:53:e4:93:e5:57:d7:a0:
                    29:bf:98:f2:f8:e7:9b:35:a2:30:d1:a3:67:2c:07:
                    fa:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:03:4D:32:75:E2:69:CC:B5:AA:4A:11:14:61:57:28:FC:89:50:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9d97dca0-2fcf-4033-8e1b-a6043d88a7af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:12:49:51:cb:21:79:42:4f:a1:32:59:c0:ab:38:5d:da:85:
         84:ad:01:ae:a1:a5:8b:c5:32:7a:5f:11:d9:74:99:e2:44:7a:
         eb:73:3c:1f:ea:a5:fd:e0:65:01:f9:49:3f:bf:d2:87:4d:ae:
         c9:72:e0:dc:3a:79:14:41:07:9f:7a:df:b2:45:d0:7b:a7:62:
         e9:a8:49:62:04:63:d3:7f:04:95:e0:c5:49:9e:a9:8b:e8:29:
         a6:d2:04:93:e9:92:e7:6d:90:fe:02:df:83:e1:db:2d:04:08:
         58:d1:3f:1f:43:a8:f3:fa:95:06:48:a8:a3:62:67:7a:66:12:
         da:4c:4b:1d:5d:31:c5:bf:f2:48:60:14:a4:c6:e9:e3:86:37:
         05:9d:d5:3d:56:31:5f:eb:b3:29:c9:f8:3e:32:f1:e0:20:21:
         19:76:37:a7:93:01:ba:bf:ed:bb:2b:a6:7b:c4:8b:8e:a2:36:
         f2:b0:89:80:1c:e0:12:41:80:6e:3d:a2:8f:76:f0:99:98:c4:
         26:44:cf:79:27:e4:e1:dd:03:68:17:c9:e7:eb:0c:1a:1b:7c:
         0c:37:3b:2a:f0:52:90:f6:09:ae:71:f1:68:72:68:80:bb:0f:
         f3:05:c1:ca:8f:71:aa:74:74:05:35:81:7a:85:f2:35:2b:98:
         66:e8:a7:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMiTryAZDPlyUz0zH2ioa9/EGi/wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTczMDUyWhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODkyMDMxMjVhYjU1ZTljYWEwNGM3NmZkNTgzZTJkNWQ0
NWM4NTIwOTk3M2U1NWZkZmM1MzUwNDVmNjRmMGM3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdo7k84S7voBOcYDLtKit0umpXSAqc7oONq3YgYyAHsX+p
t5n081QGjULO9chSiTVFKZR+z5f0fNjge3wAZKhNJlJNMn61YXYxj1KbCXaUb+zH
1i7lzoDAOD292/BUC98zbbwSVMZ8fyCGqQmclAu4hzwvlqm2cT1/eqr8mLviZbtd
adVPvO1APgBAmyPs1jevB1gIjELVzcnRpmPt1avsDMs8ZruIc8el3h2YS0ORUkcQ
BRvmIv8nkeOfb+/v2gwZKAXcyl+oKzbQ29jRqgY8JWsVpuBM7gaCx/06OAq7Ap01
mxmAESuMU+ST5VfXoCm/mPL455s1ojDRo2csB/qNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqgNNMnXiacy1qkoRFGFXKPyJUL4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlkOTdkY2EwLTJmY2YtNDAzMy04ZTFiLWE2MDQzZDg4YTdhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA28DgwDQYJKoZIhvcNAQELBQADggEBACUSSVHLIXlCT6EyWcCrOF3ahYSt
Aa6hpYvFMnpfEdl0meJEeutzPB/qpf3gZQH5ST+/0odNrsly4Nw6eRRBB59637JF
0HunYumoSWIEY9N/BJXgxUmeqYvoKabSBJPpkudtkP4C34Ph2y0ECFjRPx9DqPP6
lQZIqKNiZ3pmEtpMSx1dMcW/8khgFKTG6eOGNwWd1T1WMV/rsynJ+D4y8eAgIRl2
N6eTAbq/7bsrpnvEi46iNvKwiYAc4BJBgG49oo928JmYxCZEz3kn5OHdA2gXyefr
DBobfAw3OyrwUpD2Ca5x8WhyaIC7D/MFwcqPcap0dAU1gXqF8jUrmGbop3g=
-----END CERTIFICATE-----