Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c7594e6b-c18d-4db1-8831-18a3e46b4118.roa
File:                     c7594e6b-c18d-4db1-8831-18a3e46b4118.roa (raw, json)
Hash identifier:          ex7qGFFX9NoE08zWx7W1+Fo7OZ5ms9uDRnKpwhZ8ECU=
Subject key identifier:   B6:42:EC:E3:45:D1:AF:73:28:87:24:FD:03:5F:91:DE:82:2D:CA:95
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       205372B7EC21BD357611713BDC81FFF6B6926705
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c7594e6b-c18d-4db1-8831-18a3e46b4118.roa
Signing time:             Tue 20 May 2025 17:40:21 +0000
ROA not before:           Tue 20 May 2025 17:40:21 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.91.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:53:72:b7:ec:21:bd:35:76:11:71:3b:dc:81:ff:f6:b6:92:67:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:40:21 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=b3393f2f89c5d863c2bee4ad48efaf9aafce15d4a8a37d12d50f79d139f4ffec, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:22:32:a5:d5:c7:d3:d4:c8:f1:00:9e:49:c8:
                    d5:c7:58:dc:d2:46:0c:11:ae:61:6b:6b:64:ae:2e:
                    72:32:81:c0:72:25:d1:7f:78:86:8d:9b:6c:8e:00:
                    f8:77:cd:50:26:6d:f9:37:df:77:af:0c:d8:56:bf:
                    72:bb:3c:4d:ab:e4:c3:94:bc:97:1e:3e:33:04:56:
                    1e:59:14:c7:76:2d:c6:13:4b:20:ca:68:f1:da:2b:
                    e8:89:0f:7a:4d:71:07:11:c4:b6:d7:ad:9d:8b:30:
                    e8:7a:ec:3e:82:bc:1a:26:bc:a0:4d:93:e0:17:07:
                    04:13:64:83:db:99:c3:4c:99:09:0e:49:7a:28:4e:
                    9c:6c:9f:9f:fc:44:1c:19:77:63:d2:bd:cb:40:10:
                    1f:70:18:7b:05:6b:cf:05:22:bc:17:f2:ed:fd:7f:
                    30:7b:5a:97:5d:e4:68:a6:e8:89:68:08:03:b9:8d:
                    25:72:75:54:d1:4c:f3:a2:78:c4:2b:65:c7:2e:b1:
                    a3:b5:3a:63:e5:4c:9d:9a:a1:b3:00:e5:76:77:5b:
                    ef:d1:49:d6:9e:a9:7c:a9:d2:a4:f6:92:f0:0b:2d:
                    7c:c1:54:58:91:48:81:6d:13:a8:2c:52:72:ba:45:
                    ff:9e:fc:bb:df:4d:7f:e1:dd:ec:d2:51:af:5f:87:
                    1b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:42:EC:E3:45:D1:AF:73:28:87:24:FD:03:5F:91:DE:82:2D:CA:95
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c7594e6b-c18d-4db1-8831-18a3e46b4118.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.91.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:1e:2b:7f:0c:c4:5a:71:59:96:1e:e6:6a:93:50:34:f8:c4:
         5a:08:eb:87:2a:65:75:95:e1:a3:4b:06:d6:36:4a:3b:6f:99:
         cb:cc:b3:0c:0e:92:31:e2:65:dc:a9:4e:c1:c4:3e:e2:ab:f2:
         fb:f8:29:3b:7f:01:3e:22:88:d2:79:76:2c:7d:68:18:16:cd:
         6c:5b:6a:24:81:b3:c8:61:0f:1a:b5:2b:3d:4c:73:1f:7e:93:
         f2:4c:00:47:e4:0a:c9:4d:1c:55:ff:91:75:6c:cc:7c:b2:b5:
         a1:a6:8c:5d:e1:0a:db:02:45:93:d0:9c:35:c9:ad:7a:87:96:
         6e:97:e7:ed:65:e3:df:a2:88:94:37:4c:8e:a1:2b:44:19:83:
         65:3c:29:3d:b0:96:e3:7d:fe:dc:f4:14:91:38:54:38:10:34:
         c2:83:33:74:f5:9f:82:86:21:cf:53:fd:f0:fc:b7:14:83:74:
         4e:3b:3e:b7:79:b4:5b:9b:d2:d9:8c:5c:6a:9a:85:41:f9:39:
         89:02:96:da:bd:54:f2:f7:f9:cb:cb:f1:39:52:51:cd:cb:fc:
         24:52:bc:44:9c:45:10:ca:8a:6c:9b:39:23:24:8d:21:d7:c7:
         3a:11:38:3e:87:f9:c8:fd:5a:8f:18:e6:44:0f:04:7e:3c:2b:
         72:20:d1:d4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIFNyt+whvTV2EXE73IH/9raSZwUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTc0MDIxWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzM5M2YyZjg5YzVkODYzYzJiZWU0YWQ0OGVmYWY5YWFm
Y2UxNWQ0YThhMzdkMTJkNTBmNzlkMTM5ZjRmZmVjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1IjKl1cfT1MjxAJ5JyNXHWNzSRgwRrmFra2SuLnIygcBy
JdF/eIaNm2yOAPh3zVAmbfk333evDNhWv3K7PE2r5MOUvJcePjMEVh5ZFMd2LcYT
SyDKaPHaK+iJD3pNcQcRxLbXrZ2LMOh67D6CvBomvKBNk+AXBwQTZIPbmcNMmQkO
SXooTpxsn5/8RBwZd2PSvctAEB9wGHsFa88FIrwX8u39fzB7Wpdd5Gim6IloCAO5
jSVydVTRTPOieMQrZccusaO1OmPlTJ2aobMA5XZ3W+/RSdaeqXyp0qT2kvALLXzB
VFiRSIFtE6gsUnK6Rf+e/LvfTX/h3ezSUa9fhxt3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUtkLs40XRr3MohyT9A1+R3oItypUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M3NTk0ZTZiLWMxOGQtNGRiMS04ODMxLTE4YTNlNDZiNDExOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2WzANBgkqhkiG9w0BAQsFAAOCAQEAsh4rfwzEWnFZlh7mapNQNPjEWgjr
hypldZXho0sG1jZKO2+Zy8yzDA6SMeJl3KlOwcQ+4qvy+/gpO38BPiKI0nl2LH1o
GBbNbFtqJIGzyGEPGrUrPUxzH36T8kwAR+QKyU0cVf+RdWzMfLK1oaaMXeEK2wJF
k9CcNcmteoeWbpfn7WXj36KIlDdMjqErRBmDZTwpPbCW433+3PQUkThUOBA0woMz
dPWfgoYhz1P98Py3FIN0Tjs+t3m0W5vS2YxcapqFQfk5iQKW2r1U8vf5y8vxOVJR
zcv8JFK8RJxFEMqKbJs5IySNIdfHOhE4Pof5yP1ajxjmRA8EfjwrciDR1A==
-----END CERTIFICATE-----