Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa
File:                     b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa (raw, json)
Hash identifier:          vcGc3n+MhUhX33DcAqSMBk0SfBQ4PjSkZu0Qbh8bu3g=
Subject key identifier:   00:55:3D:CB:76:F5:46:03:5E:29:AA:36:A7:BF:39:E3:1B:A0:C3:F5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42930769D74A74B081CF51775990036269C3C424
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa
Signing time:             Fri 18 Apr 2025 18:21:17 +0000
ROA not before:           Fri 18 Apr 2025 18:21:17 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.241.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:93:07:69:d7:4a:74:b0:81:cf:51:77:59:90:03:62:69:c3:c4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:21:17 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=5024a58878aa9bfb2461bd2af1afdfd309533b94551694b6be6e88443d2f9e42, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4d:99:04:f1:ab:bb:53:16:60:95:92:31:13:
                    ec:51:0f:0a:50:ee:e7:ce:e0:46:b2:35:0f:b0:e0:
                    5b:6f:50:a9:9e:06:ea:37:0d:69:db:14:34:d9:18:
                    b3:7b:31:99:b3:ec:c0:02:06:8c:0b:45:16:4b:30:
                    e2:67:53:56:c1:e6:f4:25:23:6b:56:ec:5e:6b:08:
                    39:31:9e:de:4a:30:e5:97:e8:ab:6c:21:cc:8b:f8:
                    43:6e:94:7a:b3:fa:df:e7:80:f9:6d:70:b0:eb:98:
                    3d:ca:91:78:ed:70:8e:ca:55:68:d6:59:ac:f7:19:
                    10:a8:55:f1:94:48:06:81:e5:2c:86:54:e2:98:22:
                    08:64:3e:0f:62:e6:a7:43:3c:11:81:c8:6b:77:ca:
                    28:3c:e4:00:69:29:1c:d1:28:dd:98:44:49:eb:05:
                    51:ba:00:a9:b1:0a:d9:37:d1:d2:23:57:de:65:4d:
                    c6:35:3d:3a:ae:86:99:33:57:db:ec:96:75:c0:63:
                    19:bf:bd:7e:4e:09:13:e1:fd:0d:78:c3:33:9b:62:
                    44:19:af:92:51:c6:f7:1b:94:ff:e6:5e:30:46:2a:
                    f4:18:9c:8e:04:3a:70:53:25:dc:f7:0b:d8:37:8d:
                    cc:6e:ff:cc:0b:43:7c:7b:8a:6a:05:29:c6:93:68:
                    99:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:55:3D:CB:76:F5:46:03:5E:29:AA:36:A7:BF:39:E3:1B:A0:C3:F5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.241.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         49:d8:cf:83:f7:82:1a:72:43:d7:e6:57:52:ea:13:4c:5d:84:
         32:53:57:19:78:b5:05:76:91:0c:e4:63:9c:6d:0c:94:c2:1c:
         97:3e:a3:6b:90:26:60:cf:8d:67:e1:88:05:38:6d:bf:55:93:
         bc:11:63:e1:9e:5e:87:b0:f8:77:08:7b:88:d3:03:23:f3:f7:
         8e:c0:72:a5:30:d4:14:07:29:c8:73:b8:88:12:33:d5:1c:96:
         59:bc:69:91:dd:4d:26:13:aa:a9:dc:ee:cf:77:3e:46:74:58:
         9b:76:31:59:66:1f:49:c0:94:68:8f:c5:88:ee:b7:a5:1a:20:
         50:4d:65:29:ec:78:cf:80:f4:3f:70:3b:51:12:87:4b:f6:e2:
         5f:26:1a:10:50:a4:94:31:eb:8f:2d:72:1a:b7:3b:11:6b:9e:
         a8:c9:7a:6d:ba:0f:95:e0:89:a2:9f:21:10:11:57:88:58:0f:
         e3:46:2f:25:b7:29:94:5a:e8:e3:b9:ed:fe:a7:5b:be:6e:a4:
         0b:2a:9e:55:15:b1:35:53:42:4b:09:ed:20:a6:ad:06:ea:ab:
         a3:b6:46:06:02:2e:40:f4:38:21:0c:19:a5:18:7f:06:7b:aa:
         b1:13:a5:3e:77:9a:80:b0:2d:76:b2:26:8c:e1:8c:91:aa:23:
         e0:e2:40:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQpMHaddKdLCBz1F3WZADYmnDxCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgyMTE3WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDI0YTU4ODc4YWE5YmZiMjQ2MWJkMmFmMWFmZGZkMzA5
NTMzYjk0NTUxNjk0YjZiZTZlODg0NDNkMmY5ZTQyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDETZkE8au7UxZglZIxE+xRDwpQ7ufO4EayNQ+w4FtvUKme
Buo3DWnbFDTZGLN7MZmz7MACBowLRRZLMOJnU1bB5vQlI2tW7F5rCDkxnt5KMOWX
6KtsIcyL+ENulHqz+t/ngPltcLDrmD3KkXjtcI7KVWjWWaz3GRCoVfGUSAaB5SyG
VOKYIghkPg9i5qdDPBGByGt3yig85ABpKRzRKN2YREnrBVG6AKmxCtk30dIjV95l
TcY1PTquhpkzV9vslnXAYxm/vX5OCRPh/Q14wzObYkQZr5JRxvcblP/mXjBGKvQY
nI4EOnBTJdz3C9g3jcxu/8wLQ3x7imoFKcaTaJkbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAFU9y3b1RgNeKao2p7854xugw/UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzYjAxMGQ1LWJhOTItNDAyNi05YWU4LTBkY2NkMmY1NjE5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY28UAwDQYJKoZIhvcNAQELBQADggEBAEnYz4P3ghpyQ9fmV1LqE0xdhDJT
Vxl4tQV2kQzkY5xtDJTCHJc+o2uQJmDPjWfhiAU4bb9Vk7wRY+GeXoew+HcIe4jT
AyPz947AcqUw1BQHKchzuIgSM9Ucllm8aZHdTSYTqqnc7s93PkZ0WJt2MVlmH0nA
lGiPxYjut6UaIFBNZSnseM+A9D9wO1ESh0v24l8mGhBQpJQx648tchq3OxFrnqjJ
em26D5XgiaKfIRARV4hYD+NGLyW3KZRa6OO57f6nW75upAsqnlUVsTVTQksJ7SCm
rQbqq6O2RgYCLkD0OCEMGaUYfwZ7qrETpT53moCwLXayJozhjJGqI+DiQNg=
-----END CERTIFICATE-----