Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa
File:                     ceeae408-2342-4712-b02b-4bd25196b1fa.roa (raw, json)
Hash identifier:          qgn/BFcYIBKY2ud2hr4AUxg4w1FQza29Xi/J1UifYcA=
Subject key identifier:   17:F0:13:97:E1:A5:1C:F6:9C:11:6F:33:CA:D6:C8:3A:75:B6:D1:12
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       58F3A63275CBB2EDD3E59EAB15B89B2C6562F65D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa
Signing time:             Wed 16 Apr 2025 00:50:50 +0000
ROA not before:           Wed 16 Apr 2025 00:50:50 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.60.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:f3:a6:32:75:cb:b2:ed:d3:e5:9e:ab:15:b8:9b:2c:65:62:f6:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 16 00:50:50 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=8eb340828d1eed02bd5093bb8ce3f11c92299e611c71ec80df47c85e74362d1b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0a:65:28:46:31:93:cc:35:f7:f0:88:34:b4:
                    e8:6e:e8:e7:f6:c1:e3:61:e9:96:74:a6:fa:9c:03:
                    cf:3c:18:87:cf:97:10:73:73:ba:2a:25:5a:f0:93:
                    39:9c:48:14:e1:d4:ca:48:0c:4f:63:c5:f3:2e:24:
                    f0:07:17:37:87:16:a7:85:27:c2:e7:f9:f2:fc:41:
                    1e:e0:c5:b1:ca:01:26:52:d2:38:59:91:e6:77:da:
                    93:fd:ca:a9:38:af:91:a8:ce:59:b7:fb:93:40:bd:
                    bf:6f:f5:92:bf:32:cd:84:0a:1e:e7:34:f9:b7:28:
                    4a:98:ea:be:73:70:c9:36:91:c7:d4:c7:4b:b9:c6:
                    45:da:5f:f0:d5:7a:28:92:9c:8f:cb:1f:86:e2:2d:
                    cb:df:bf:f7:db:f7:7b:19:d6:f2:8f:fe:6f:77:e3:
                    84:f2:cd:56:80:1a:2b:1b:27:93:e1:d4:28:e9:b9:
                    d2:8b:42:40:dd:4e:19:1b:44:a3:56:5d:9b:15:b9:
                    c5:20:30:6a:4e:62:2d:cd:c1:18:06:f4:e5:ee:57:
                    a5:c4:36:44:4f:8a:7e:a8:e5:97:ad:3d:72:84:bd:
                    6b:91:26:c6:c8:72:df:5c:73:b6:7d:6a:95:1f:68:
                    5e:e9:84:a3:74:98:0c:fa:1e:0a:13:49:e1:b0:dc:
                    a4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F0:13:97:E1:A5:1C:F6:9C:11:6F:33:CA:D6:C8:3A:75:B6:D1:12
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.60.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         74:52:a6:e5:73:bf:74:1e:ca:fd:0e:76:02:0d:e1:d9:e8:eb:
         35:e5:be:cf:22:dd:ee:c4:e2:5e:5d:78:ee:d9:56:28:d1:49:
         19:39:9a:54:cd:c0:a1:9f:f6:ed:95:6a:5e:4e:23:ff:ba:ba:
         67:90:3c:b3:8c:1f:a6:7b:57:da:68:a0:ad:23:1f:44:9c:13:
         ff:ef:fd:82:dc:75:64:03:e4:46:e4:01:1b:a2:bf:99:cb:39:
         38:95:15:41:56:2e:89:a4:18:47:b0:31:53:55:8f:d1:10:e5:
         bc:e3:09:21:86:a5:38:c3:24:f7:7e:1b:1f:23:47:a0:56:84:
         42:e0:25:96:fe:c7:79:35:5b:e5:c5:c6:9a:7b:03:a9:79:0a:
         b1:c7:4d:d8:e2:94:3f:e1:aa:d7:e9:48:b5:19:62:3b:84:99:
         52:92:54:00:3b:dd:8d:3f:21:62:79:b9:64:0d:82:82:9a:97:
         92:8d:d4:ec:f6:ba:d5:c5:3a:8b:70:22:56:db:0c:4d:e3:a2:
         e0:d0:31:4d:c0:fd:7d:59:e2:ff:17:02:0c:1a:ce:43:68:54:
         b9:ba:4a:94:13:7c:bb:a4:1a:be:28:33:25:0d:db:11:9f:a6:
         d1:b4:9b:2f:5d:e2:63:af:c1:96:61:a8:de:82:68:4d:7c:17:
         e2:a2:3c:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWPOmMnXLsu3T5Z6rFbibLGVi9l0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE2MDA1MDUwWhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWIzNDA4MjhkMWVlZDAyYmQ1MDkzYmI4Y2UzZjExYzky
Mjk5ZTYxMWM3MWVjODBkZjQ3Yzg1ZTc0MzYyZDFiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQCmUoRjGTzDX38Ig0tOhu6Of2weNh6ZZ0pvqcA888GIfP
lxBzc7oqJVrwkzmcSBTh1MpIDE9jxfMuJPAHFzeHFqeFJ8Ln+fL8QR7gxbHKASZS
0jhZkeZ32pP9yqk4r5Gozlm3+5NAvb9v9ZK/Ms2ECh7nNPm3KEqY6r5zcMk2kcfU
x0u5xkXaX/DVeiiSnI/LH4biLcvfv/fb93sZ1vKP/m9344TyzVaAGisbJ5Ph1Cjp
udKLQkDdThkbRKNWXZsVucUgMGpOYi3NwRgG9OXuV6XENkRPin6o5ZetPXKEvWuR
JsbIct9cc7Z9apUfaF7phKN0mAz6HgoTSeGw3KT5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF/ATl+GlHPacEW8zytbIOnW20RIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NlZWFlNDA4LTIzNDItNDcxMi1iMDJiLTRiZDI1MTk2YjFmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY0PEAwDQYJKoZIhvcNAQELBQADggEBAHRSpuVzv3Qeyv0OdgIN4dno6zXl
vs8i3e7E4l5deO7ZVijRSRk5mlTNwKGf9u2Val5OI/+6umeQPLOMH6Z7V9pooK0j
H0ScE//v/YLcdWQD5EbkARuiv5nLOTiVFUFWLomkGEewMVNVj9EQ5bzjCSGGpTjD
JPd+Gx8jR6BWhELgJZb+x3k1W+XFxpp7A6l5CrHHTdjilD/hqtfpSLUZYjuEmVKS
VAA73Y0/IWJ5uWQNgoKal5KN1Oz2utXFOotwIlbbDE3jouDQMU3A/X1Z4v8XAgwa
zkNoVLm6SpQTfLukGr4oMyUN2xGfptG0my9d4mOvwZZhqN6CaE18F+KiPJs=
-----END CERTIFICATE-----