Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c7594e6b-c18d-4db1-8831-18a3e46b4118.roa
File:                     c7594e6b-c18d-4db1-8831-18a3e46b4118.roa (raw, json)
Hash identifier:          7jP+JsYAPEobVYR1lXnNwYlI/Zl4k2SzxddFj3DIKzE=
Subject key identifier:   33:1D:5D:52:3C:80:B6:E7:06:05:90:25:B7:B4:3D:FE:52:17:A1:83
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       14652823E4F297B35A5EFF7847744176B1E387FF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c7594e6b-c18d-4db1-8831-18a3e46b4118.roa
Signing time:             Fri 25 Apr 2025 17:30:39 +0000
ROA not before:           Fri 25 Apr 2025 17:30:39 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.91.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:65:28:23:e4:f2:97:b3:5a:5e:ff:78:47:74:41:76:b1:e3:87:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 17:30:39 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=2698f961a9ab4415f407aec85b5c1ccccc4e7ac49bf908e714a1d6ae7a8baaf1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:12:09:22:c0:aa:d7:67:2e:63:8c:5a:7b:57:
                    49:49:49:4c:94:3d:76:15:32:63:2c:35:58:4a:cc:
                    4c:0b:05:93:33:4c:ca:7f:45:b3:f6:3a:ea:83:c5:
                    c5:b5:77:c3:45:ff:25:e9:9c:6a:e8:6c:56:c0:f5:
                    79:28:a9:e5:75:38:9f:08:3f:e5:91:38:a0:47:ae:
                    26:87:8b:55:08:de:0d:82:03:25:e7:63:f4:ed:5c:
                    4e:ed:c2:57:a3:9e:e8:ee:04:0c:59:e2:3f:b2:ac:
                    f7:d7:4d:20:ab:43:02:bc:5c:60:ce:65:82:47:af:
                    b2:be:22:19:c1:f2:03:12:b2:55:71:94:5c:54:bb:
                    f9:30:51:03:2a:f9:8d:42:61:f4:dd:8a:ae:97:4f:
                    55:6c:0f:a7:71:80:82:63:1b:e8:bc:bf:ed:cb:68:
                    00:c6:b6:ad:28:bb:bd:d4:77:91:0c:8f:d6:e4:70:
                    47:9a:10:14:03:97:4f:fb:ce:8d:75:29:53:17:6f:
                    f3:5a:f4:d4:01:cf:d5:66:67:a8:92:4d:7f:e3:34:
                    1f:bc:a2:d1:aa:c9:58:e8:12:2a:c0:d2:2e:df:ce:
                    0b:0d:60:42:47:20:d7:cc:28:81:3e:a0:ec:f4:88:
                    41:fc:6f:18:76:9a:9b:d6:fa:31:b5:8a:ff:73:b9:
                    06:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1D:5D:52:3C:80:B6:E7:06:05:90:25:B7:B4:3D:FE:52:17:A1:83
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c7594e6b-c18d-4db1-8831-18a3e46b4118.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.91.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         05:55:ec:57:73:a0:01:68:03:ea:4f:57:e6:91:d9:69:d7:21:
         8f:2e:98:f4:93:92:d7:97:df:35:df:ff:e5:67:34:a3:87:20:
         23:26:ad:7e:68:39:3e:d7:16:ce:9e:cc:b8:84:58:e3:ac:2a:
         f2:22:3c:3b:61:cd:38:9b:4f:16:34:c3:20:d5:c1:f9:5d:47:
         d7:d0:8e:3e:74:8f:a9:21:0b:a9:62:b1:24:11:db:5b:e9:92:
         9d:d6:6a:d9:76:d4:42:3f:c4:7b:bf:f7:06:bf:33:80:84:56:
         4d:17:59:ab:19:1d:79:aa:e9:bd:84:b0:b9:23:ed:db:27:63:
         7c:0b:8f:8a:25:8d:3e:2f:14:70:67:ed:5f:f6:90:da:c4:64:
         7c:24:cb:70:98:34:69:87:19:b2:cc:f9:d1:b7:64:e9:1c:37:
         83:72:55:87:2f:fc:a0:9e:f6:6b:0f:6d:3c:19:71:bc:5a:3a:
         d8:57:4f:53:23:a5:42:10:44:5d:60:25:cc:62:45:07:7f:db:
         8d:38:51:9b:41:72:d9:0c:ee:d8:e5:85:95:b7:fe:4d:b4:a4:
         2a:94:ae:ae:7f:a2:46:e2:b0:0f:25:b5:1f:7b:6d:56:61:f5:
         a6:86:12:40:c8:f2:06:88:30:fe:1d:9a:b8:e9:08:c8:ed:7c:
         17:c9:51:5d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFGUoI+Tyl7NaXv94R3RBdrHjh/8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTczMDM5WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjk4Zjk2MWE5YWI0NDE1ZjQwN2FlYzg1YjVjMWNjY2Nj
NGU3YWM0OWJmOTA4ZTcxNGExZDZhZTdhOGJhYWYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtEgkiwKrXZy5jjFp7V0lJSUyUPXYVMmMsNVhKzEwLBZMz
TMp/RbP2OuqDxcW1d8NF/yXpnGrobFbA9XkoqeV1OJ8IP+WROKBHriaHi1UI3g2C
AyXnY/TtXE7twlejnujuBAxZ4j+yrPfXTSCrQwK8XGDOZYJHr7K+IhnB8gMSslVx
lFxUu/kwUQMq+Y1CYfTdiq6XT1VsD6dxgIJjG+i8v+3LaADGtq0ou73Ud5EMj9bk
cEeaEBQDl0/7zo11KVMXb/Na9NQBz9VmZ6iSTX/jNB+8otGqyVjoEirA0i7fzgsN
YEJHINfMKIE+oOz0iEH8bxh2mpvW+jG1iv9zuQZRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMx1dUjyAtucGBZAlt7Q9/lIXoYMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M3NTk0ZTZiLWMxOGQtNGRiMS04ODMxLTE4YTNlNDZiNDExOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2WzANBgkqhkiG9w0BAQsFAAOCAQEABVXsV3OgAWgD6k9X5pHZadchjy6Y
9JOS15ffNd//5Wc0o4cgIyatfmg5PtcWzp7MuIRY46wq8iI8O2HNOJtPFjTDINXB
+V1H19COPnSPqSELqWKxJBHbW+mSndZq2XbUQj/Ee7/3Br8zgIRWTRdZqxkdearp
vYSwuSPt2ydjfAuPiiWNPi8UcGftX/aQ2sRkfCTLcJg0aYcZssz50bdk6Rw3g3JV
hy/8oJ72aw9tPBlxvFo62FdPUyOlQhBEXWAlzGJFB3/bjThRm0Fy2Qzu2OWFlbf+
TbSkKpSurn+iRuKwDyW1H3ttVmH1poYSQMjyBogw/h2auOkIyO18F8lRXQ==
-----END CERTIFICATE-----