Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd0b7de5-603e-4b95-890f-8f7da1ece5f6.roa
File:                     cd0b7de5-603e-4b95-890f-8f7da1ece5f6.roa (raw, json)
Hash identifier:          0YrZJevda0KXvH59Q6YSbrtbFsehXZ0TErm1pZrRAf0=
Subject key identifier:   1B:22:92:7B:1E:33:68:53:48:78:3B:CF:B9:3C:C0:B8:FF:CE:66:1D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       576542D17C8F4CCF6DE32CB1A514DC5D26F73AA5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd0b7de5-603e-4b95-890f-8f7da1ece5f6.roa
Signing time:             Fri 18 Apr 2025 18:10:56 +0000
ROA not before:           Fri 18 Apr 2025 18:10:56 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.251.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:65:42:d1:7c:8f:4c:cf:6d:e3:2c:b1:a5:14:dc:5d:26:f7:3a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:10:56 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=5c87b9215fc5a4e20a2ac75d692714203e305fc1d8ceae4c9865a710f041430c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7a:24:cc:46:38:3b:0e:3b:c4:1a:6f:b8:2d:
                    52:5e:b0:4c:f4:91:be:51:65:fd:4b:a4:20:cc:80:
                    1b:a8:fe:0a:1f:68:3a:0c:24:10:1a:71:7f:10:15:
                    c2:84:bf:e0:4b:60:70:ba:b5:f6:0c:fd:ce:8b:c2:
                    a5:7d:a0:5b:ed:d6:7f:09:e7:11:aa:b8:6e:9f:7c:
                    90:61:40:7b:7d:86:7d:80:09:2b:3d:66:c6:ea:85:
                    29:25:3c:c6:3c:c7:dc:20:d5:33:79:8f:a0:7c:8c:
                    02:6d:3c:5d:55:34:9f:38:53:13:d9:69:da:ea:52:
                    75:85:a1:72:ec:9c:95:67:d5:a0:ea:f8:d7:4c:85:
                    7f:a5:ef:9a:9b:04:6e:63:1d:e6:c3:1d:7c:ab:09:
                    1e:ad:5a:de:a1:65:be:fc:ce:10:c3:4a:73:1a:88:
                    45:72:84:45:a7:3c:ad:23:3c:e8:08:56:09:2f:dc:
                    15:16:cb:93:44:2c:b3:3d:1e:ec:9f:13:19:ea:77:
                    bd:5a:2a:c5:37:6c:9b:80:f6:9e:89:6f:92:3b:27:
                    34:64:cf:01:66:1d:1a:dd:6d:cd:f3:b0:bc:48:66:
                    42:6d:d6:c2:87:40:4d:01:7d:1f:ec:90:64:aa:96:
                    07:56:c8:d1:7b:13:9a:2a:73:1b:ee:27:e0:b7:e3:
                    17:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:22:92:7B:1E:33:68:53:48:78:3B:CF:B9:3C:C0:B8:FF:CE:66:1D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cd0b7de5-603e-4b95-890f-8f7da1ece5f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.251.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6e:9b:4f:c8:62:95:96:70:64:ad:be:6a:e8:37:56:69:a5:32:
         0a:dd:d4:7f:78:08:8c:aa:fd:51:ab:83:eb:ad:95:a7:c7:1e:
         90:f4:94:16:87:dc:46:ed:43:2e:84:d4:91:83:be:fd:1e:90:
         b5:b1:b3:de:c0:27:61:79:e1:8a:d5:61:63:f6:82:93:7e:e5:
         1c:4b:e5:85:b4:09:5a:26:a7:3d:28:83:40:5d:e4:ac:2b:e7:
         73:9e:eb:80:f9:d7:f9:59:78:a7:96:45:06:fd:42:14:e8:4f:
         6b:88:1b:32:28:4c:fc:7c:96:c2:f6:c6:d4:cd:4b:db:f2:53:
         c6:87:22:6f:51:c7:db:2a:b7:72:71:62:92:3f:eb:65:ca:70:
         d9:e2:3a:40:80:38:0f:4a:3d:31:39:9b:ce:e9:fd:21:36:c9:
         33:d6:cb:86:7e:da:3d:19:94:63:d0:6b:37:4b:de:07:52:b7:
         53:84:6a:82:87:35:66:07:7b:f2:be:0e:2e:b2:32:1c:99:44:
         de:a2:d1:11:08:71:ca:09:87:24:91:5d:49:f0:48:8d:32:10:
         c7:a1:8c:18:65:dd:9a:c6:6d:d9:72:c4:8e:2d:95:89:0f:87:
         8f:e9:11:ae:7f:ec:ef:a8:c4:ff:76:cb:5b:d4:8a:de:8a:1c:
         37:3a:64:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV2VC0XyPTM9t4yyxpRTcXSb3OqUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgxMDU2WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Yzg3YjkyMTVmYzVhNGUyMGEyYWM3NWQ2OTI3MTQyMDNl
MzA1ZmMxZDhjZWFlNGM5ODY1YTcxMGYwNDE0MzBjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgeiTMRjg7DjvEGm+4LVJesEz0kb5RZf1LpCDMgBuo/gof
aDoMJBAacX8QFcKEv+BLYHC6tfYM/c6LwqV9oFvt1n8J5xGquG6ffJBhQHt9hn2A
CSs9ZsbqhSklPMY8x9wg1TN5j6B8jAJtPF1VNJ84UxPZadrqUnWFoXLsnJVn1aDq
+NdMhX+l75qbBG5jHebDHXyrCR6tWt6hZb78zhDDSnMaiEVyhEWnPK0jPOgIVgkv
3BUWy5NELLM9HuyfExnqd71aKsU3bJuA9p6Jb5I7JzRkzwFmHRrdbc3zsLxIZkJt
1sKHQE0BfR/skGSqlgdWyNF7E5oqcxvuJ+C34xfLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGyKSex4zaFNIeDvPuTzAuP/OZh0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NkMGI3ZGU1LTYwM2UtNGI5NS04OTBmLThmN2RhMWVjZTVmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2+6AwDQYJKoZIhvcNAQELBQADggEBAG6bT8hilZZwZK2+aug3VmmlMgrd
1H94CIyq/VGrg+utlafHHpD0lBaH3EbtQy6E1JGDvv0ekLWxs97AJ2F54YrVYWP2
gpN+5RxL5YW0CVompz0og0Bd5Kwr53Oe64D51/lZeKeWRQb9QhToT2uIGzIoTPx8
lsL2xtTNS9vyU8aHIm9Rx9sqt3JxYpI/62XKcNniOkCAOA9KPTE5m87p/SE2yTPW
y4Z+2j0ZlGPQazdL3gdSt1OEaoKHNWYHe/K+Di6yMhyZRN6i0REIccoJhySRXUnw
SI0yEMehjBhl3ZrGbdlyxI4tlYkPh4/pEa5/7O+oxP92y1vUit6KHDc6ZHw=
-----END CERTIFICATE-----