Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d1f33e49-9e48-44be-a680-4c1b2218329d.roa
File:                     d1f33e49-9e48-44be-a680-4c1b2218329d.roa (raw, json)
Hash identifier:          bnAStlDc9TNDmJ0LljQ2s3XOlzGj9dfZs2sAEXW3FBM=
Subject key identifier:   5E:75:EE:02:E7:CF:85:FC:67:C8:09:42:0E:C9:CC:39:CB:E2:54:35
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       447829B58470B4BB15BF3B9ABB06E22D0A4380C0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d1f33e49-9e48-44be-a680-4c1b2218329d.roa
Signing time:             Mon 09 Jun 2025 17:41:24 +0000
ROA not before:           Mon 09 Jun 2025 17:41:24 +0000
ROA not after:            Mon 14 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:78:29:b5:84:70:b4:bb:15:bf:3b:9a:bb:06:e2:2d:0a:43:80:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  9 17:41:24 2025 GMT
            Not After : Jul 14 23:59:59 2025 GMT
        Subject: serialNumber=63e8cc7d7449e8b6143d096238e90bec60769f26368053c748a263428e81b2c6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:4d:be:8f:11:32:64:15:91:b5:ee:e4:b5:ba:
                    c9:c7:ee:c8:4e:62:63:7f:5e:f9:e8:00:ba:30:f6:
                    fe:b5:a4:1c:b2:cc:8d:15:4f:1c:cc:9b:e7:10:b6:
                    ae:05:37:2c:7f:3d:71:0c:be:25:b0:68:98:ec:4d:
                    4f:22:f4:fe:6d:d6:17:c0:31:6a:98:9c:db:7c:68:
                    d4:41:8d:25:88:52:94:b5:22:91:60:49:0f:ad:85:
                    23:27:9c:52:09:0f:49:2a:65:3e:aa:c7:09:7a:70:
                    93:46:05:3a:6f:59:ec:14:29:72:8c:cc:1d:25:15:
                    d2:91:24:12:ca:b1:b8:db:13:10:3e:03:cd:78:77:
                    bc:fe:42:67:a3:41:1b:a3:6a:54:bc:16:43:76:9d:
                    16:cf:77:88:45:bd:0d:05:3a:cf:77:8f:71:c6:a2:
                    6d:13:d8:78:93:fa:95:e2:41:d6:7d:66:92:6d:be:
                    a8:a9:43:ac:93:90:e2:84:0d:97:cf:31:b3:0a:2c:
                    14:14:3f:93:c5:bb:cd:8a:c6:19:12:01:4e:fa:2c:
                    f3:d2:ae:be:53:06:7e:d9:fe:43:38:a2:5f:70:10:
                    2c:ed:36:31:56:08:1b:9b:42:58:9c:19:54:b3:91:
                    1e:c6:65:52:a0:4b:fe:a1:22:d1:5d:1f:d1:f9:18:
                    42:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:75:EE:02:E7:CF:85:FC:67:C8:09:42:0E:C9:CC:39:CB:E2:54:35
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d1f33e49-9e48-44be-a680-4c1b2218329d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:78:6d:80:3f:b7:a7:44:c2:ce:3a:9e:be:72:b4:61:be:5f:
         42:d3:dd:eb:a6:e9:fe:ea:c6:f1:e8:6e:55:ee:24:10:c9:19:
         5c:b3:eb:ff:64:dd:3a:50:06:7a:c5:d4:4a:e1:a2:27:ba:bf:
         6a:f9:31:bc:ba:28:82:07:24:ca:44:15:4f:37:27:69:ba:78:
         32:77:01:7d:ae:3c:ed:bb:84:ba:71:6c:97:42:83:31:76:2b:
         34:18:f7:78:b5:e3:c3:d4:02:4d:6a:59:6b:ee:fe:56:6d:21:
         93:eb:c9:9e:2d:88:9b:b2:b5:07:81:92:be:6e:1d:41:d6:74:
         8f:d3:ea:f1:3a:3d:cd:7d:60:b4:57:cf:79:97:b4:0b:42:ae:
         a0:cc:ee:06:50:91:40:50:41:48:57:45:f0:20:42:19:eb:1e:
         32:57:ab:a6:74:c7:a7:34:05:7f:f3:65:34:77:93:bb:3f:7e:
         ed:3e:41:ea:61:1b:79:d1:ca:45:7f:3d:50:3d:b3:36:db:50:
         73:d6:54:27:3f:ed:7d:8d:6a:f9:04:81:84:8c:b2:dd:4d:15:
         f5:09:e5:e0:cd:8d:e7:01:d4:26:fb:34:75:bb:0a:ac:49:c4:
         fb:f7:3a:3e:29:7b:83:b6:68:bf:db:3b:bc:5a:5f:5e:bb:95:
         bc:76:6d:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURHgptYRwtLsVvzuauwbiLQpDgMAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA5MTc0MTI0WhcNMjUwNzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2M2U4Y2M3ZDc0NDllOGI2MTQzZDA5NjIzOGU5MGJlYzYw
NzY5ZjI2MzY4MDUzYzc0OGEyNjM0MjhlODFiMmM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4Tb6PETJkFZG17uS1usnH7shOYmN/XvnoALow9v61pByy
zI0VTxzMm+cQtq4FNyx/PXEMviWwaJjsTU8i9P5t1hfAMWqYnNt8aNRBjSWIUpS1
IpFgSQ+thSMnnFIJD0kqZT6qxwl6cJNGBTpvWewUKXKMzB0lFdKRJBLKsbjbExA+
A814d7z+QmejQRujalS8FkN2nRbPd4hFvQ0FOs93j3HGom0T2HiT+pXiQdZ9ZpJt
vqipQ6yTkOKEDZfPMbMKLBQUP5PFu82KxhkSAU76LPPSrr5TBn7Z/kM4ol9wECzt
NjFWCBubQlicGVSzkR7GZVKgS/6hItFdH9H5GEI3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXnXuAufPhfxnyAlCDsnMOcviVDUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QxZjMzZTQ5LTllNDgtNDRiZS1hNjgwLTRjMWIyMjE4MzI5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM25sgwDQYJKoZIhvcNAQELBQADggEBAC54bYA/t6dEws46nr5ytGG+X0LT
3eum6f7qxvHoblXuJBDJGVyz6/9k3TpQBnrF1Erhoie6v2r5Mby6KIIHJMpEFU83
J2m6eDJ3AX2uPO27hLpxbJdCgzF2KzQY93i148PUAk1qWWvu/lZtIZPryZ4tiJuy
tQeBkr5uHUHWdI/T6vE6Pc19YLRXz3mXtAtCrqDM7gZQkUBQQUhXRfAgQhnrHjJX
q6Z0x6c0BX/zZTR3k7s/fu0+QephG3nRykV/PVA9szbbUHPWVCc/7X2NavkEgYSM
st1NFfUJ5eDNjecB1Cb7NHW7CqxJxPv3Oj4pe4O2aL/bO7xaX167lbx2bbM=
-----END CERTIFICATE-----