Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d3446807-54fa-46e2-b8d5-9d8328bad7de.roa
File:                     d3446807-54fa-46e2-b8d5-9d8328bad7de.roa (raw, json)
Hash identifier:          IVWU3Qbbpf0av3CC+nhBp9/GMHFJViB56mzXl78Ey/4=
Subject key identifier:   44:09:42:A8:B2:22:95:37:3C:66:C7:DB:F7:4A:C1:73:06:46:88:C2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0B885D17059BB1BA8B5F06FA0AB59A32176DC029
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d3446807-54fa-46e2-b8d5-9d8328bad7de.roa
Signing time:             Fri 18 Apr 2025 18:01:30 +0000
ROA not before:           Fri 18 Apr 2025 18:01:30 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.247.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:88:5d:17:05:9b:b1:ba:8b:5f:06:fa:0a:b5:9a:32:17:6d:c0:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:01:30 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=e262c86db2bede6ca0b48b4c1a9d0ed1a00658d77483ae580224ea6cbd813340, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:87:b4:87:07:ab:4a:e8:4f:48:64:bd:d8:d5:
                    7c:f4:1c:f7:82:1b:ee:b7:b4:d0:89:1b:02:38:b7:
                    9d:2c:54:4c:91:dc:5f:a2:e4:11:84:52:f4:05:8c:
                    92:e3:e0:f1:24:31:27:3d:e9:0a:4d:11:79:a1:ce:
                    a7:49:8a:56:cf:f0:31:4a:8d:82:bd:af:dd:2b:96:
                    de:06:f0:92:1a:2c:48:06:5e:69:f6:39:aa:8a:4e:
                    5e:e0:7b:c7:29:43:ac:19:97:5c:e2:cc:6a:f6:31:
                    08:8d:e5:ec:85:cb:78:42:a2:4c:09:72:87:b8:9a:
                    9a:ff:e7:33:23:6b:b1:e9:25:9a:b0:47:27:ee:83:
                    c7:28:60:5b:72:53:a3:72:dc:93:30:f0:22:c8:3f:
                    44:88:de:7c:25:41:f7:03:ee:3b:4a:cb:39:af:3c:
                    04:80:84:2e:8b:17:f1:52:39:38:cd:52:c2:7f:05:
                    53:f3:a1:6e:a6:39:ae:02:4a:bc:6b:6d:c0:f1:e6:
                    b0:cc:84:95:64:89:0b:52:10:bd:f5:25:00:75:f7:
                    d8:1a:9d:da:82:38:94:d3:38:fa:46:8a:ef:1f:fd:
                    d4:00:ae:27:b1:5d:71:e4:a9:01:2e:08:3c:78:ca:
                    8d:72:f3:aa:81:0e:db:0f:0a:01:41:19:a6:8b:13:
                    6e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:09:42:A8:B2:22:95:37:3C:66:C7:DB:F7:4A:C1:73:06:46:88:C2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d3446807-54fa-46e2-b8d5-9d8328bad7de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.247.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         08:3c:80:c2:dc:a7:7d:c5:79:12:0b:7f:3b:e5:24:f1:45:b2:
         d4:eb:46:49:d2:01:ea:48:60:56:52:f8:f3:8c:6f:a9:63:d2:
         cc:fd:0b:41:56:39:1d:5b:a6:16:e6:67:72:cf:2b:c6:e9:53:
         f4:66:a0:0d:0c:75:91:57:f8:c0:0e:7e:48:20:47:43:c5:66:
         82:25:3e:05:56:c0:b4:8e:79:bc:d0:f6:37:b4:16:0b:e5:91:
         7b:24:20:5c:0b:ae:cc:83:9b:11:22:92:b6:64:21:c2:44:41:
         74:2a:7c:ed:00:49:11:8f:4a:9b:53:49:50:6d:80:bf:1a:7d:
         99:9b:94:b8:09:c7:14:10:b7:f4:bd:fe:03:3f:77:e7:07:d8:
         0f:95:07:dc:99:e7:c4:3b:55:22:c1:17:e0:26:71:98:88:24:
         fc:8e:5e:c4:97:80:85:c2:b3:19:3a:ba:62:53:16:55:a8:7b:
         bf:c2:b5:d1:3b:73:84:5c:7b:5b:2e:17:6c:db:65:35:b6:ac:
         7c:2c:8b:34:22:be:10:ee:fd:73:ca:67:11:55:fa:4b:e9:c4:
         45:38:e7:d7:15:84:d9:40:07:9f:56:c0:88:6c:c0:6d:40:5c:
         d8:05:73:da:92:21:d3:53:c9:0c:d3:83:a4:8e:c0:cf:e6:7d:
         d1:21:b7:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC4hdFwWbsbqLXwb6CrWaMhdtwCkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgwMTMwWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjYyYzg2ZGIyYmVkZTZjYTBiNDhiNGMxYTlkMGVkMWEw
MDY1OGQ3NzQ4M2FlNTgwMjI0ZWE2Y2JkODEzMzQwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRh7SHB6tK6E9IZL3Y1Xz0HPeCG+63tNCJGwI4t50sVEyR
3F+i5BGEUvQFjJLj4PEkMSc96QpNEXmhzqdJilbP8DFKjYK9r90rlt4G8JIaLEgG
Xmn2OaqKTl7ge8cpQ6wZl1zizGr2MQiN5eyFy3hCokwJcoe4mpr/5zMja7HpJZqw
Ryfug8coYFtyU6Ny3JMw8CLIP0SI3nwlQfcD7jtKyzmvPASAhC6LF/FSOTjNUsJ/
BVPzoW6mOa4CSrxrbcDx5rDMhJVkiQtSEL31JQB199gandqCOJTTOPpGiu8f/dQA
riexXXHkqQEuCDx4yo1y86qBDtsPCgFBGaaLE25HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURAlCqLIilTc8Zsfb90rBcwZGiMIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QzNDQ2ODA3LTU0ZmEtNDZlMi1iOGQ1LTlkODMyOGJhZDdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ297AwDQYJKoZIhvcNAQELBQADggEBAAg8gMLcp33FeRILfzvlJPFFstTr
RknSAepIYFZS+POMb6lj0sz9C0FWOR1bphbmZ3LPK8bpU/RmoA0MdZFX+MAOfkgg
R0PFZoIlPgVWwLSOebzQ9je0FgvlkXskIFwLrsyDmxEikrZkIcJEQXQqfO0ASRGP
SptTSVBtgL8afZmblLgJxxQQt/S9/gM/d+cH2A+VB9yZ58Q7VSLBF+AmcZiIJPyO
XsSXgIXCsxk6umJTFlWoe7/CtdE7c4Rce1suF2zbZTW2rHwsizQivhDu/XPKZxFV
+kvpxEU459cVhNlAB59WwIhswG1AXNgFc9qSIdNTyQzTg6SOwM/mfdEht0g=
-----END CERTIFICATE-----