Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa
File:                     ceeae408-2342-4712-b02b-4bd25196b1fa.roa (raw, json)
Hash identifier:          E/xC2xou8lsYVbw5pNoaedFkahFZAnmJg917mc5xk18=
Subject key identifier:   7E:DB:0E:44:FA:A0:03:3E:55:F4:E2:2F:D4:9F:C8:E4:B7:C8:1D:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       07F60EEAE3363D68B0F47EEAB5C679BE73F0A624
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa
Signing time:             Fri 06 Jun 2025 15:00:15 +0000
ROA not before:           Fri 06 Jun 2025 15:00:15 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.60.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f6:0e:ea:e3:36:3d:68:b0:f4:7e:ea:b5:c6:79:be:73:f0:a6:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 15:00:15 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=20656f29e844ef993ddcb026b7fb88a1c31ac3f6e0ab0a644528bb0bf48c4b55, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:08:c1:8b:7b:64:3e:c3:29:41:d2:99:2f:59:
                    05:3a:06:3c:70:b5:99:62:1a:e2:11:b7:4d:19:2c:
                    d1:29:79:be:73:2b:21:3e:24:c2:d5:f4:3d:a0:d2:
                    9e:f4:5b:77:1f:51:5f:50:50:53:d5:78:5b:40:2e:
                    1a:b2:4f:d2:7b:2a:cf:46:0b:80:27:2b:0e:9b:99:
                    43:82:7c:01:50:75:0a:4e:d4:40:97:84:16:44:17:
                    23:be:06:83:21:84:21:a7:54:15:21:43:6d:56:80:
                    50:8c:ff:d5:e9:4d:02:e9:ca:0b:4b:bc:51:87:6b:
                    70:7e:28:c8:d0:52:83:83:b6:cf:6f:5a:98:6a:6a:
                    2d:7f:b9:10:08:3a:18:f1:60:fc:d4:cb:89:af:34:
                    fd:99:c5:52:26:34:4f:63:1e:ef:68:19:5e:ac:e5:
                    af:dc:41:b1:c9:63:bd:19:cc:8b:f5:ae:c7:5d:53:
                    bc:51:5d:04:76:9d:ee:42:bd:a8:d7:08:9e:2d:ee:
                    3c:95:b3:1e:39:56:e6:c4:b9:cf:7f:35:36:96:c9:
                    3b:03:ae:ca:bc:0a:4d:2f:82:88:be:cb:14:6a:b9:
                    8a:11:cd:5d:e3:5f:f4:bc:d2:9e:07:f3:60:08:0c:
                    c1:e4:34:57:64:36:d6:79:df:d6:58:68:b4:3b:4e:
                    9d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:DB:0E:44:FA:A0:03:3E:55:F4:E2:2F:D4:9F:C8:E4:B7:C8:1D:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.60.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         08:6a:32:6e:ce:fa:2a:02:e6:f0:aa:c1:86:f5:77:62:b6:f9:
         91:4d:70:e3:92:01:b0:79:a3:48:cb:02:d6:6d:28:28:17:de:
         63:97:95:84:7a:c1:7a:64:5a:eb:95:af:a0:1e:11:9f:30:ae:
         83:c7:f9:ea:36:d6:e3:bc:3e:11:9b:3b:2e:f8:e3:1b:dc:1c:
         93:8e:dc:fd:b7:59:44:c2:05:79:1c:d7:57:88:36:e4:e1:7f:
         b5:40:74:5b:8b:ee:38:ee:e1:a3:8d:05:e7:06:72:06:49:13:
         34:01:4e:7b:02:d5:74:19:fa:7e:24:ab:95:70:c9:4d:5c:e1:
         0f:3f:13:ee:70:20:cc:48:32:bd:74:97:d1:2f:b5:e9:03:01:
         e3:a8:59:b4:57:8c:31:27:47:80:53:c3:75:0a:35:df:94:a5:
         a4:0d:1d:e5:10:3b:3a:e6:53:f8:39:c0:b6:7d:a9:38:65:2e:
         df:fd:85:01:0d:d9:e6:32:cf:12:e8:cb:ca:e3:a5:91:d5:3c:
         27:84:6d:5b:0e:c7:79:ff:65:81:89:43:21:3f:68:b7:ff:ee:
         7f:a5:52:79:b6:6e:96:0d:60:b7:b9:0a:e2:13:ba:70:b1:18:
         43:06:be:81:9a:1f:ef:f2:c3:a5:95:c2:14:1e:4f:a0:43:c5:
         88:01:d0:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB/YO6uM2PWiw9H7qtcZ5vnPwpiQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MTUwMDE1WhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMDY1NmYyOWU4NDRlZjk5M2RkY2IwMjZiN2ZiODhhMWMz
MWFjM2Y2ZTBhYjBhNjQ0NTI4YmIwYmY0OGM0YjU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNCMGLe2Q+wylB0pkvWQU6BjxwtZliGuIRt00ZLNEpeb5z
KyE+JMLV9D2g0p70W3cfUV9QUFPVeFtALhqyT9J7Ks9GC4AnKw6bmUOCfAFQdQpO
1ECXhBZEFyO+BoMhhCGnVBUhQ21WgFCM/9XpTQLpygtLvFGHa3B+KMjQUoODts9v
Wphqai1/uRAIOhjxYPzUy4mvNP2ZxVImNE9jHu9oGV6s5a/cQbHJY70ZzIv1rsdd
U7xRXQR2ne5CvajXCJ4t7jyVsx45VubEuc9/NTaWyTsDrsq8Ck0vgoi+yxRquYoR
zV3jX/S80p4H82AIDMHkNFdkNtZ539ZYaLQ7Tp2nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUftsORPqgAz5V9OIv1J/I5LfIHb4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NlZWFlNDA4LTIzNDItNDcxMi1iMDJiLTRiZDI1MTk2YjFmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY0PEAwDQYJKoZIhvcNAQELBQADggEBAAhqMm7O+ioC5vCqwYb1d2K2+ZFN
cOOSAbB5o0jLAtZtKCgX3mOXlYR6wXpkWuuVr6AeEZ8wroPH+eo21uO8PhGbOy74
4xvcHJOO3P23WUTCBXkc11eINuThf7VAdFuL7jju4aONBecGcgZJEzQBTnsC1XQZ
+n4kq5VwyU1c4Q8/E+5wIMxIMr10l9EvtekDAeOoWbRXjDEnR4BTw3UKNd+UpaQN
HeUQOzrmU/g5wLZ9qThlLt/9hQEN2eYyzxLoy8rjpZHVPCeEbVsOx3n/ZYGJQyE/
aLf/7n+lUnm2bpYNYLe5CuITunCxGEMGvoGaH+/yw6WVwhQeT6BDxYgB0PQ=
-----END CERTIFICATE-----