Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa
File:                     a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa (raw, json)
Hash identifier:          YLIN41Iue30VTjaFAgSbyUkYoTzE240N0dJIRd4DXCk=
Subject key identifier:   B4:1D:F5:ED:04:D8:D6:90:87:FB:F6:14:97:92:8B:95:85:FE:20:A0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7B49BB4758A9D237B5FCAF84052A639417C9F6E8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa
Signing time:             Mon 14 Apr 2025 17:11:04 +0000
ROA not before:           Mon 14 Apr 2025 17:11:04 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.214.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:49:bb:47:58:a9:d2:37:b5:fc:af:84:05:2a:63:94:17:c9:f6:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 17:11:04 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=d6bf43bb2830967a543d703a9526f04a8e04aa4bc20a8971f4d1afcd2047122e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:78:a6:f1:24:d9:1a:88:40:d7:91:9b:6d:35:
                    a5:d4:30:5a:99:08:bd:e6:b8:53:e0:f9:d6:b5:86:
                    d9:1e:6e:8b:36:63:b1:3c:05:21:e4:88:45:3a:cb:
                    32:af:53:60:19:6d:25:dd:d5:90:d5:1f:94:08:4b:
                    83:a1:df:1f:41:db:3e:b1:d6:35:e1:3a:fc:79:da:
                    f1:2e:eb:00:28:7e:83:45:2a:8d:26:d0:98:41:c5:
                    2b:7a:45:13:61:e2:f6:07:3b:49:fe:0f:92:9b:26:
                    23:6d:cf:1a:19:92:0f:de:44:63:d9:2a:2a:59:3f:
                    e7:91:38:ca:db:a5:f7:c7:cf:ea:25:b2:bc:1d:72:
                    f7:e7:d9:6c:94:19:c9:d9:6c:d6:01:bd:fc:28:82:
                    56:cc:71:15:20:30:3a:a4:e7:36:ab:0b:6f:d8:a3:
                    b3:fd:1d:a7:fd:dc:c7:ce:8c:ec:c2:fb:0a:8b:cf:
                    53:4b:60:7a:d5:3c:18:fc:ea:21:17:50:b5:ec:37:
                    91:34:75:00:4f:14:eb:f2:1d:6f:bd:1e:a0:4d:68:
                    f3:f9:87:77:8a:b9:cf:27:97:e5:8f:58:6d:0d:a1:
                    1b:63:d5:13:ae:79:0e:22:6b:f6:05:52:cb:87:b2:
                    d8:50:ac:a1:62:e4:a5:3a:19:0a:dc:a3:3f:4c:91:
                    ca:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:1D:F5:ED:04:D8:D6:90:87:FB:F6:14:97:92:8B:95:85:FE:20:A0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.214.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         39:66:94:19:84:9d:c4:b7:67:51:07:7a:24:93:cf:7c:30:c3:
         21:8e:eb:bc:5f:fb:bd:54:94:9c:4c:98:3b:61:29:8b:87:f0:
         ee:ab:59:c1:96:bf:92:d0:76:1b:5c:c1:8d:ec:4b:3f:d9:b3:
         f3:e2:a4:ce:5e:9e:44:5f:1f:8e:e9:a9:17:67:f7:49:d8:77:
         22:b0:01:b4:d4:b4:67:45:e4:68:58:f9:a2:e8:00:cf:59:3d:
         24:0e:69:5e:c3:35:7b:33:1f:a0:61:52:76:b1:bc:5c:7a:16:
         7e:1c:27:0e:cb:ec:05:1f:0f:da:34:43:a7:26:82:fa:91:7a:
         5d:c0:57:b8:0c:73:c8:11:96:47:90:f5:b9:10:38:b9:46:75:
         38:66:1b:4a:65:de:94:6c:a2:7e:6e:8e:d3:60:5e:c3:b9:4d:
         09:74:12:bf:ae:54:84:87:46:89:77:6d:96:97:f1:29:9e:6f:
         d2:bb:90:0a:d1:61:1a:5e:5a:4e:53:1d:4d:af:b4:48:4d:80:
         82:14:59:58:51:a1:2b:a4:03:73:7e:ff:b2:66:6b:18:31:9c:
         22:ac:39:7a:76:36:b9:72:2a:d1:8a:fd:e5:9c:f1:bf:09:bb:
         19:57:f1:aa:b3:44:c7:2a:f3:57:ed:00:6e:6b:46:94:52:11:
         04:00:d0:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe0m7R1ip0je1/K+EBSpjlBfJ9ugwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTcxMTA0WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNmJmNDNiYjI4MzA5NjdhNTQzZDcwM2E5NTI2ZjA0YThl
MDRhYTRiYzIwYTg5NzFmNGQxYWZjZDIwNDcxMjJlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7eKbxJNkaiEDXkZttNaXUMFqZCL3muFPg+da1htkebos2
Y7E8BSHkiEU6yzKvU2AZbSXd1ZDVH5QIS4Oh3x9B2z6x1jXhOvx52vEu6wAofoNF
Ko0m0JhBxSt6RRNh4vYHO0n+D5KbJiNtzxoZkg/eRGPZKipZP+eROMrbpffHz+ol
srwdcvfn2WyUGcnZbNYBvfwoglbMcRUgMDqk5zarC2/Yo7P9Haf93MfOjOzC+wqL
z1NLYHrVPBj86iEXULXsN5E0dQBPFOvyHW+9HqBNaPP5h3eKuc8nl+WPWG0NoRtj
1ROueQ4ia/YFUsuHsthQrKFi5KU6GQrcoz9Mkcq9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtB317QTY1pCH+/YUl5KLlYX+IKAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E4ZGE5OWExLTliOTMtNGUzZS05OGQyLWEyZDAwM2VjNDBkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ21iAwDQYJKoZIhvcNAQELBQADggEBADlmlBmEncS3Z1EHeiSTz3wwwyGO
67xf+71UlJxMmDthKYuH8O6rWcGWv5LQdhtcwY3sSz/Zs/PipM5enkRfH47pqRdn
90nYdyKwAbTUtGdF5GhY+aLoAM9ZPSQOaV7DNXszH6BhUnaxvFx6Fn4cJw7L7AUf
D9o0Q6cmgvqRel3AV7gMc8gRlkeQ9bkQOLlGdThmG0pl3pRson5ujtNgXsO5TQl0
Er+uVISHRol3bZaX8Smeb9K7kArRYRpeWk5THU2vtEhNgIIUWVhRoSukA3N+/7Jm
axgxnCKsOXp2NrlyKtGK/eWc8b8JuxlX8aqzRMcq81ftAG5rRpRSEQQA0Ms=
-----END CERTIFICATE-----