Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbacf636-ea8a-4d61-a985-109683cc4a86.roa
File:                     bbacf636-ea8a-4d61-a985-109683cc4a86.roa (raw, json)
Hash identifier:          y+XkgL77REJYpbtFbI81cbKrmIvfQxu0FshcLNKfMW8=
Subject key identifier:   B1:D8:E3:ED:E2:84:51:B7:2D:B4:A6:CB:3C:71:CD:FF:15:F6:3D:78
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6422C6E069E0109BB912FF66377D061595BA0123
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbacf636-ea8a-4d61-a985-109683cc4a86.roa
Signing time:             Tue 03 Jun 2025 16:20:16 +0000
ROA not before:           Tue 03 Jun 2025 16:20:16 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.218.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:22:c6:e0:69:e0:10:9b:b9:12:ff:66:37:7d:06:15:95:ba:01:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 16:20:16 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=619381877c37c502a8ebc45a783c27dcee481853d1d07826f1396fcddca8b7a8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1f:f1:5e:8a:ce:58:7d:a0:e3:46:00:f7:88:
                    ea:a3:c5:19:b1:b4:59:81:47:9b:06:c2:22:a8:d5:
                    32:e0:d7:ba:20:52:d5:60:72:f3:3b:2f:1d:4f:63:
                    6f:bb:60:4d:5b:36:b2:a9:8d:b4:b8:19:10:08:bf:
                    46:c0:d8:7c:dc:66:6f:fb:c0:64:ac:5a:59:25:04:
                    e9:92:ef:87:f0:82:12:cf:b5:24:1f:e3:bb:d9:46:
                    21:9b:a2:74:db:c7:d9:6a:fc:f3:f8:eb:f4:ae:97:
                    ab:47:c7:03:e5:46:5d:56:fe:e9:ac:b4:cb:58:44:
                    98:4f:43:d8:44:a5:d3:08:25:f4:13:f4:f4:fe:4d:
                    61:31:bc:2b:4f:02:b9:19:7a:4c:9f:92:f9:21:19:
                    4d:b4:ec:d3:26:5f:b2:93:a9:9b:9f:95:36:17:58:
                    78:b1:2c:7a:06:b9:f4:48:d1:17:d9:6d:e6:0c:45:
                    48:c4:65:a8:58:43:44:64:78:79:ce:51:10:aa:bf:
                    d4:4f:3d:78:71:47:92:97:ab:17:a6:a1:fd:92:26:
                    66:f2:37:07:cc:d1:ae:13:5c:a5:88:db:c8:8d:58:
                    ae:85:76:74:81:7f:fe:2b:32:1b:ca:48:88:a9:d9:
                    f6:ca:c8:4a:2a:12:63:a1:c1:04:e3:f2:5e:b7:26:
                    c2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D8:E3:ED:E2:84:51:B7:2D:B4:A6:CB:3C:71:CD:FF:15:F6:3D:78
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbacf636-ea8a-4d61-a985-109683cc4a86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.218.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         04:9d:73:08:6c:cd:6d:b4:51:5b:60:89:75:8f:bd:e6:1d:97:
         00:29:9d:40:ea:f0:8a:b0:cb:b5:12:16:84:fa:49:31:9f:ac:
         37:98:9f:8f:f0:20:6d:58:2b:8f:f1:49:74:71:b8:f2:63:c9:
         6b:b6:d4:61:04:38:78:7d:1d:8a:73:95:d3:bc:a3:10:f9:57:
         f4:be:19:02:19:05:ec:c2:e9:9b:1e:a2:39:ff:87:87:dd:83:
         aa:1f:b0:d3:bc:84:40:e5:43:3a:22:8a:20:08:ae:42:eb:6d:
         1a:43:9b:64:e9:5d:8a:89:6b:c4:26:48:82:34:17:6f:0c:dd:
         fa:b5:8c:a3:d2:9a:78:78:1f:c3:0a:95:33:e3:fd:fd:36:d9:
         21:49:d7:40:64:b9:54:4a:47:23:a2:57:57:b2:3e:57:0e:0e:
         17:1f:ba:8a:de:5b:3f:3b:1c:44:52:ca:a4:e7:27:f1:26:6a:
         cc:69:a2:7a:0f:6f:48:a9:b1:ac:82:00:63:e2:25:b6:18:ee:
         13:48:68:9b:3d:51:9d:10:78:e8:54:f4:c5:8e:e9:5f:48:62:
         2a:dc:b0:93:ee:b9:1d:08:44:cd:7b:5f:ac:72:fe:f0:5b:d9:
         e7:36:47:fb:c6:76:e1:d1:aa:19:44:4a:ae:02:fd:48:85:4a:
         89:83:03:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZCLG4GngEJu5Ev9mN30GFZW6ASMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTYyMDE2WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTkzODE4NzdjMzdjNTAyYThlYmM0NWE3ODNjMjdkY2Vl
NDgxODUzZDFkMDc4MjZmMTM5NmZjZGRjYThiN2E4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjH/Feis5YfaDjRgD3iOqjxRmxtFmBR5sGwiKo1TLg17og
UtVgcvM7Lx1PY2+7YE1bNrKpjbS4GRAIv0bA2HzcZm/7wGSsWlklBOmS74fwghLP
tSQf47vZRiGbonTbx9lq/PP46/Sul6tHxwPlRl1W/umstMtYRJhPQ9hEpdMIJfQT
9PT+TWExvCtPArkZekyfkvkhGU207NMmX7KTqZuflTYXWHixLHoGufRI0RfZbeYM
RUjEZahYQ0RkeHnOURCqv9RPPXhxR5KXqxemof2SJmbyNwfM0a4TXKWI28iNWK6F
dnSBf/4rMhvKSIip2fbKyEoqEmOhwQTj8l63JsLFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsdjj7eKEUbcttKbLPHHN/xX2PXgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JiYWNmNjM2LWVhOGEtNGQ2MS1hOTg1LTEwOTY4M2NjNGE4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc22oAwDQYJKoZIhvcNAQELBQADggEBAASdcwhszW20UVtgiXWPveYdlwAp
nUDq8Iqwy7USFoT6STGfrDeYn4/wIG1YK4/xSXRxuPJjyWu21GEEOHh9HYpzldO8
oxD5V/S+GQIZBezC6Zseojn/h4fdg6ofsNO8hEDlQzoiiiAIrkLrbRpDm2TpXYqJ
a8QmSII0F28M3fq1jKPSmnh4H8MKlTPj/f022SFJ10BkuVRKRyOiV1eyPlcODhcf
uoreWz87HERSyqTnJ/EmasxponoPb0ipsayCAGPiJbYY7hNIaJs9UZ0QeOhU9MWO
6V9IYircsJPuuR0IRM17X6xy/vBb2ec2R/vGduHRqhlESq4C/UiFSomDA10=
-----END CERTIFICATE-----