Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8622532-3f9f-49f5-ad52-fe2a10508dbc.roa
File:                     a8622532-3f9f-49f5-ad52-fe2a10508dbc.roa (raw, json)
Hash identifier:          bpQMq6qUB8nNV3tZTevSYVFmzqbPRIVNPjL2lJsq0go=
Subject key identifier:   6A:58:59:35:B6:E0:1F:12:CB:4F:F9:FD:84:55:6D:2D:83:1B:FD:59
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28F6D033959BFDDF2C976F977CA6CD39CB4C7232
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8622532-3f9f-49f5-ad52-fe2a10508dbc.roa
Signing time:             Fri 18 Apr 2025 18:20:12 +0000
ROA not before:           Fri 18 Apr 2025 18:20:12 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f6:d0:33:95:9b:fd:df:2c:97:6f:97:7c:a6:cd:39:cb:4c:72:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:20:12 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=757d381246114fab3a82315d2ec0681fe6780181e10c2744e863cf2808a55b4f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:c1:1d:6d:bb:0e:c7:6a:17:6d:11:a5:00:
                    8c:87:ee:b7:05:f0:3d:0d:50:9e:5e:49:ff:0e:10:
                    d4:df:7e:cc:6d:2b:94:1b:67:86:2c:51:7a:56:0f:
                    96:bf:b3:38:88:68:50:a3:dc:ac:43:89:ee:81:70:
                    0f:91:65:e0:e1:93:2b:e9:2d:1c:48:2e:b8:09:15:
                    e0:66:7d:4f:09:cb:89:a4:a3:a7:6b:28:2f:29:25:
                    59:e5:97:e6:f7:9b:a6:10:e2:88:47:48:7d:bb:82:
                    e0:61:5a:85:ca:ae:aa:20:e5:73:fe:0d:c3:41:c2:
                    71:38:f7:3e:da:9f:b3:95:37:eb:00:72:98:00:35:
                    70:e4:d5:94:64:f9:d3:ee:7b:3e:63:c4:fb:ae:95:
                    37:c2:c2:22:df:df:db:24:aa:a6:21:3b:6b:9c:4f:
                    1b:d7:8d:0d:87:82:31:36:a9:0d:c6:4e:a0:67:03:
                    0d:3b:b0:99:d2:65:d8:42:ff:0a:1b:02:98:c6:09:
                    35:f8:7d:36:46:d8:74:a7:79:bd:7c:14:56:5b:fc:
                    00:66:c7:95:61:85:a8:68:a8:07:fd:83:44:55:0d:
                    e1:85:97:1c:1b:0e:0f:bb:40:e5:fb:34:40:5b:94:
                    12:ca:c6:3e:4c:d6:e2:c4:27:f8:d6:30:c8:f8:09:
                    04:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:58:59:35:B6:E0:1F:12:CB:4F:F9:FD:84:55:6D:2D:83:1B:FD:59
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8622532-3f9f-49f5-ad52-fe2a10508dbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         8a:97:ae:cc:d9:89:c0:ef:12:05:c0:5f:7b:27:d5:0c:4e:bd:
         2e:39:ba:10:d1:30:8f:13:25:f2:d8:93:b3:50:00:d1:a5:9d:
         87:16:fe:8d:7e:f1:9f:4e:93:f1:61:a0:4c:cf:60:af:f5:5f:
         4f:6d:2c:92:39:0a:74:d1:3e:87:68:58:a3:a9:63:52:fb:fd:
         64:a0:cd:43:f4:18:2b:ce:c3:50:8a:b7:dd:47:0a:d0:ce:52:
         49:e0:bb:41:81:41:c5:74:2c:0f:dd:00:eb:f5:48:94:84:ff:
         8a:10:aa:b5:42:88:57:57:72:fc:ef:09:1b:65:8c:76:3d:7d:
         cf:9c:b6:d9:e5:df:fe:15:80:db:d7:0b:9b:27:b4:d6:57:87:
         3a:f9:d2:cd:ae:1a:ca:6a:05:c3:68:2f:37:88:df:0d:65:1b:
         f6:20:7e:69:c2:4b:77:a8:f7:69:41:f9:49:9a:62:a6:b6:aa:
         20:26:4c:af:97:2f:bc:de:a8:1d:25:84:76:fe:a9:6d:f6:f8:
         8a:3e:1d:ae:25:7e:fd:c2:f8:d8:f9:06:9c:33:8b:8b:be:6a:
         c9:ef:82:b5:bd:7d:c9:00:0c:a4:02:2d:a0:5e:8b:28:4e:d6:
         2b:df:70:f4:4d:fe:57:38:f1:c4:29:8b:ef:87:6a:51:61:bc:
         d5:71:f7:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKPbQM5Wb/d8sl2+XfKbNOctMcjIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgyMDEyWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTdkMzgxMjQ2MTE0ZmFiM2E4MjMxNWQyZWMwNjgxZmU2
NzgwMTgxZTEwYzI3NDRlODYzY2YyODA4YTU1YjRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvkcEdbbsOx2oXbRGlAIyH7rcF8D0NUJ5eSf8OENTffsxt
K5QbZ4YsUXpWD5a/sziIaFCj3KxDie6BcA+RZeDhkyvpLRxILrgJFeBmfU8Jy4mk
o6drKC8pJVnll+b3m6YQ4ohHSH27guBhWoXKrqog5XP+DcNBwnE49z7an7OVN+sA
cpgANXDk1ZRk+dPuez5jxPuulTfCwiLf39skqqYhO2ucTxvXjQ2HgjE2qQ3GTqBn
Aw07sJnSZdhC/wobApjGCTX4fTZG2HSneb18FFZb/ABmx5VhhahoqAf9g0RVDeGF
lxwbDg+7QOX7NEBblBLKxj5M1uLEJ/jWMMj4CQShAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUalhZNbbgHxLLT/n9hFVtLYMb/VkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E4NjIyNTMyLTNmOWYtNDlmNS1hZDUyLWZlMmExMDUwOGRiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc29QAwDQYJKoZIhvcNAQELBQADggEBAIqXrszZicDvEgXAX3sn1QxOvS45
uhDRMI8TJfLYk7NQANGlnYcW/o1+8Z9Ok/FhoEzPYK/1X09tLJI5CnTRPodoWKOp
Y1L7/WSgzUP0GCvOw1CKt91HCtDOUkngu0GBQcV0LA/dAOv1SJSE/4oQqrVCiFdX
cvzvCRtljHY9fc+cttnl3/4VgNvXC5sntNZXhzr50s2uGspqBcNoLzeI3w1lG/Yg
fmnCS3eo92lB+UmaYqa2qiAmTK+XL7zeqB0lhHb+qW32+Io+Ha4lfv3C+Nj5Bpwz
i4u+asnvgrW9fckADKQCLaBeiyhO1ivfcPRN/lc48cQpi++HalFhvNVx9y0=
-----END CERTIFICATE-----