Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8439859-0354-4fe5-8ab0-f74d9806db74.roa
File:                     a8439859-0354-4fe5-8ab0-f74d9806db74.roa (raw, json)
Hash identifier:          12kCapHivGfT4BtEoc/Cb5Rs/3lcjdf3KpGdvndlA/w=
Subject key identifier:   31:FF:6E:84:1B:9F:13:F9:C6:AE:96:E3:07:AA:29:E6:FC:F4:66:8C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6EA1B180826445DC9CE9FEAC6BE474D3E0E29C96
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8439859-0354-4fe5-8ab0-f74d9806db74.roa
Signing time:             Fri 25 Apr 2025 17:10:18 +0000
ROA not before:           Fri 25 Apr 2025 17:10:18 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.73.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:a1:b1:80:82:64:45:dc:9c:e9:fe:ac:6b:e4:74:d3:e0:e2:9c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 17:10:18 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=b686e70f32d92a1594a522a3500fd7ab826f56816660a7afefd80f9f279668bd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:3f:af:7f:e9:38:9e:ef:54:0b:d7:b9:bb:37:
                    db:54:b1:9f:86:98:1d:c4:8b:f6:ae:cf:38:cd:cd:
                    9f:d2:af:14:c6:27:3d:e3:8f:94:57:e8:b9:75:1a:
                    8f:3d:92:83:7e:8a:f9:02:4a:7b:02:e2:a7:02:1c:
                    d0:07:94:22:b9:85:cd:d5:5e:d2:33:13:45:ec:2e:
                    9d:a1:56:c8:68:db:32:00:4a:6d:07:57:f0:9e:44:
                    eb:d9:14:38:3d:25:19:8f:8f:46:01:d0:b3:d7:ea:
                    72:2e:0d:0d:2d:f6:64:25:e7:ca:49:bf:f0:74:36:
                    4e:7f:27:f4:4c:3e:04:97:dc:18:6c:85:be:92:a4:
                    8c:72:c5:30:03:f8:9c:47:b2:91:89:a6:6d:27:65:
                    97:b1:4f:92:2d:d1:87:44:fd:73:09:b6:b6:ee:d8:
                    ff:f3:e1:03:34:86:76:b7:24:38:f0:76:47:81:e1:
                    1c:4b:26:3f:f6:ec:e6:76:e2:50:27:44:4b:c8:01:
                    56:5e:ca:b4:0d:18:67:3a:17:82:a8:fa:63:59:95:
                    c0:44:4e:32:6c:16:56:b1:b3:68:07:2f:ba:e4:81:
                    ab:06:f5:b8:08:d3:59:e0:f0:64:14:4f:de:16:45:
                    fa:f7:51:7d:60:06:77:6e:b3:d3:dd:ca:69:8a:b0:
                    af:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:FF:6E:84:1B:9F:13:F9:C6:AE:96:E3:07:AA:29:E6:FC:F4:66:8C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8439859-0354-4fe5-8ab0-f74d9806db74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         69:8d:9d:c0:56:80:91:1d:9c:98:50:35:c4:d8:ea:44:24:ac:
         79:26:91:42:b1:b5:fa:c9:f9:45:56:70:4c:39:0f:4e:c6:fe:
         e5:21:7e:db:2f:94:3a:47:ea:11:ab:41:ce:80:50:60:17:55:
         10:21:8a:d2:4e:a6:99:93:71:78:f3:2e:05:9a:68:95:81:88:
         4f:d8:fa:02:b0:4a:b3:27:9c:a4:e5:c9:a7:da:6a:28:5f:60:
         9e:53:79:3c:03:ee:92:ff:51:32:cf:ce:bc:35:f7:7a:a6:47:
         5b:be:11:54:76:2d:b9:f2:02:79:79:30:f6:90:c1:bc:22:e5:
         fe:13:23:78:04:5d:9e:69:4e:0f:ce:51:6c:34:c2:1f:3c:5b:
         81:60:c0:28:83:68:55:97:b3:d4:df:53:68:74:0b:35:89:24:
         62:67:08:67:f0:b7:43:dd:3a:7a:b7:cb:cc:a7:7a:2f:01:0a:
         98:de:4d:ee:64:bf:e9:89:f2:2a:3d:9e:43:f6:08:e2:e0:a4:
         46:94:4b:52:d1:4b:12:3a:89:82:52:02:f8:d8:f8:85:2d:c4:
         16:de:c9:99:75:6c:72:0f:3a:a2:9d:80:38:da:1a:ce:bf:5d:
         72:86:0d:16:e1:fc:dc:54:77:1a:68:4c:34:19:98:b1:aa:4c:
         27:ca:c4:dc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbqGxgIJkRdyc6f6sa+R00+DinJYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTcxMDE4WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjg2ZTcwZjMyZDkyYTE1OTRhNTIyYTM1MDBmZDdhYjgy
NmY1NjgxNjY2MGE3YWZlZmQ4MGY5ZjI3OTY2OGJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4P69/6Tie71QL17m7N9tUsZ+GmB3Ei/auzzjNzZ/SrxTG
Jz3jj5RX6Ll1Go89koN+ivkCSnsC4qcCHNAHlCK5hc3VXtIzE0XsLp2hVsho2zIA
Sm0HV/CeROvZFDg9JRmPj0YB0LPX6nIuDQ0t9mQl58pJv/B0Nk5/J/RMPgSX3Bhs
hb6SpIxyxTAD+JxHspGJpm0nZZexT5It0YdE/XMJtrbu2P/z4QM0hna3JDjwdkeB
4RxLJj/27OZ24lAnREvIAVZeyrQNGGc6F4Ko+mNZlcBETjJsFlaxs2gHL7rkgasG
9bgI01ng8GQUT94WRfr3UX1gBndus9PdymmKsK+9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMf9uhBufE/nGrpbjB6op5vz0ZowwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E4NDM5ODU5LTAzNTQtNGZlNS04YWIwLWY3NGQ5ODA2ZGI3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2STANBgkqhkiG9w0BAQsFAAOCAQEAaY2dwFaAkR2cmFA1xNjqRCSseSaR
QrG1+sn5RVZwTDkPTsb+5SF+2y+UOkfqEatBzoBQYBdVECGK0k6mmZNxePMuBZpo
lYGIT9j6ArBKsyecpOXJp9pqKF9gnlN5PAPukv9RMs/OvDX3eqZHW74RVHYtufIC
eXkw9pDBvCLl/hMjeARdnmlOD85RbDTCHzxbgWDAKINoVZez1N9TaHQLNYkkYmcI
Z/C3Q906erfLzKd6LwEKmN5N7mS/6YnyKj2eQ/YI4uCkRpRLUtFLEjqJglIC+Nj4
hS3EFt7JmXVscg86op2AONoazr9dcoYNFuH83FR3GmhMNBmYsapMJ8rE3A==
-----END CERTIFICATE-----