Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa
File:                     d725f87f-a86a-4fc5-843b-fa61c0834c10.roa (raw, json)
Hash identifier:          ESNfhquOVzgnhXqTPPAbAF+NB6kAIqX9t4xUl1dXwaU=
Subject key identifier:   D1:AF:61:86:B7:21:76:EC:DF:C5:43:E1:5F:34:C3:E6:37:40:EA:87
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       130B2B981EE964AB23863E319B3A7628FE670EB8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa
Signing time:             Fri 18 Apr 2025 15:22:01 +0000
ROA not before:           Fri 18 Apr 2025 15:22:01 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.159.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:0b:2b:98:1e:e9:64:ab:23:86:3e:31:9b:3a:76:28:fe:67:0e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 15:22:01 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=d24b2061ae390d8d65e5ed28cd3ec27a7c79d61ab3d1ca0ffe545ec9d910a96d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:78:1d:ce:63:51:4b:82:d5:ae:b2:1d:ab:ed:
                    16:51:2f:bf:6d:30:9a:ba:71:a5:ab:ab:ea:1d:74:
                    c6:9f:90:f9:05:06:54:ef:1f:ad:48:d4:5e:e4:a5:
                    2b:1c:5d:04:a5:6d:e9:ca:9d:53:b3:af:14:3c:74:
                    7a:de:f0:d5:18:82:4c:b2:18:17:47:31:1e:19:1f:
                    bf:81:f2:5d:34:19:a4:57:40:b1:83:7f:b6:56:1d:
                    31:74:23:1b:d8:14:91:04:25:1c:f0:7f:f5:6c:c7:
                    ae:60:98:74:a7:72:05:96:e9:15:ef:11:df:9e:fc:
                    f0:d1:df:2a:c3:fd:99:05:78:8d:d9:bb:d1:f6:d9:
                    e5:e7:5b:e2:1a:2c:b5:af:52:b2:ea:08:25:54:04:
                    15:84:5d:2b:44:45:e0:6c:29:1a:ec:49:67:c1:ca:
                    ff:de:fa:58:6e:dc:54:f7:fd:37:3b:05:01:28:e6:
                    a6:87:0e:8f:18:ea:cf:ef:74:3d:9f:dd:37:6a:17:
                    d8:f3:e0:da:e6:f6:c4:24:07:8b:59:d5:f7:91:93:
                    03:ce:eb:9e:8f:6d:7f:36:11:c5:cd:fb:f7:57:5d:
                    07:a4:08:39:b8:b8:55:a8:77:78:16:12:5a:9c:ff:
                    51:25:40:1a:a6:bc:7d:9b:58:b7:ef:a1:35:fe:3c:
                    da:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AF:61:86:B7:21:76:EC:DF:C5:43:E1:5F:34:C3:E6:37:40:EA:87
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.159.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         93:11:ba:e6:16:7a:5b:9e:c0:9b:e0:86:f2:b4:75:57:19:52:
         2e:eb:77:80:b7:15:a6:a8:34:f0:6c:4a:fd:12:a6:cb:07:6b:
         77:3d:58:6c:cf:fe:e4:04:a3:0e:22:23:01:46:71:ac:77:11:
         35:e1:f9:38:da:1e:04:67:7b:4f:58:24:3f:40:7d:3d:0e:b6:
         77:6a:dd:b9:44:38:6d:a2:07:12:59:83:f5:f8:0a:4d:86:49:
         a1:cd:91:c1:41:57:07:0a:e3:86:41:45:20:43:f2:43:ab:bd:
         b8:f8:7b:7a:d5:0a:c7:1a:c6:1f:4d:c4:2d:70:dc:0e:32:83:
         65:81:bf:33:8a:1a:7a:a2:b6:37:cf:ac:79:60:04:f1:49:99:
         df:04:fa:98:7b:31:bb:4f:24:61:a3:39:bd:46:1d:e2:ce:d4:
         8f:f7:6c:51:84:32:55:78:fb:0f:17:c3:49:ea:98:d6:2a:7e:
         4e:d7:36:ed:f7:84:73:50:e3:ae:af:d6:3f:31:09:80:10:1f:
         d9:f0:93:61:ac:83:b5:22:f2:88:4f:1f:c0:2b:78:56:4f:23:
         c7:30:2d:92:0b:7d:ef:c7:59:06:2c:fe:3e:b8:15:73:95:8f:
         4a:51:74:bc:b2:ec:2b:9c:bf:a4:9c:07:39:05:02:da:38:db:
         61:45:94:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEwsrmB7pZKsjhj4xmzp2KP5nDrgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTUyMjAxWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjRiMjA2MWFlMzkwZDhkNjVlNWVkMjhjZDNlYzI3YTdj
NzlkNjFhYjNkMWNhMGZmZTU0NWVjOWQ5MTBhOTZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDreB3OY1FLgtWush2r7RZRL79tMJq6caWrq+oddMafkPkF
BlTvH61I1F7kpSscXQSlbenKnVOzrxQ8dHre8NUYgkyyGBdHMR4ZH7+B8l00GaRX
QLGDf7ZWHTF0IxvYFJEEJRzwf/Vsx65gmHSncgWW6RXvEd+e/PDR3yrD/ZkFeI3Z
u9H22eXnW+IaLLWvUrLqCCVUBBWEXStEReBsKRrsSWfByv/e+lhu3FT3/Tc7BQEo
5qaHDo8Y6s/vdD2f3TdqF9jz4Nrm9sQkB4tZ1feRkwPO656PbX82EcXN+/dXXQek
CDm4uFWod3gWElqc/1ElQBqmvH2bWLfvoTX+PNpLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0a9hhrchduzfxUPhXzTD5jdA6ocwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q3MjVmODdmLWE4NmEtNGZjNS04NDNiLWZhNjFjMDgzNGMxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2nwAwDQYJKoZIhvcNAQELBQADggEBAJMRuuYWeluewJvghvK0dVcZUi7r
d4C3FaaoNPBsSv0SpssHa3c9WGzP/uQEow4iIwFGcax3ETXh+TjaHgRne09YJD9A
fT0Otndq3blEOG2iBxJZg/X4Ck2GSaHNkcFBVwcK44ZBRSBD8kOrvbj4e3rVCsca
xh9NxC1w3A4yg2WBvzOKGnqitjfPrHlgBPFJmd8E+ph7MbtPJGGjOb1GHeLO1I/3
bFGEMlV4+w8Xw0nqmNYqfk7XNu33hHNQ466v1j8xCYAQH9nwk2Gsg7Ui8ohPH8Ar
eFZPI8cwLZILfe/HWQYs/j64FXOVj0pRdLyy7Cucv6ScBzkFAto422FFlGE=
-----END CERTIFICATE-----