Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d977da5b-fb78-4494-bb71-22f73b146561.roa
File:                     d977da5b-fb78-4494-bb71-22f73b146561.roa (raw, json)
Hash identifier:          GPtTd3AKNGxvRKxQJn3IqfLmS4tdx146TzwuNrMnK+8=
Subject key identifier:   4C:1A:4C:C9:C4:DE:5E:2F:15:98:BB:E1:76:B7:86:05:1B:A8:21:7F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       30C0E62FC504362C433115C8639BCBDA804CACBD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d977da5b-fb78-4494-bb71-22f73b146561.roa
Signing time:             Tue 03 Jun 2025 16:00:55 +0000
ROA not before:           Tue 03 Jun 2025 16:00:55 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.178.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:c0:e6:2f:c5:04:36:2c:43:31:15:c8:63:9b:cb:da:80:4c:ac:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 16:00:55 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=5cbfbd4032b591807c709709f0777ba6f4af1b6be2a58656f06ac1374afe9032, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:08:49:e9:f4:5f:44:a4:c3:1c:78:b5:0b:3f:
                    12:8b:1c:6b:79:55:90:72:16:39:2d:97:68:4e:32:
                    26:83:2b:53:34:08:a1:c2:a5:5b:4a:00:98:ac:51:
                    1b:d1:eb:8a:3b:5a:d1:a9:08:98:fc:af:f6:e4:a6:
                    b3:1a:09:2c:6f:b0:c0:ca:63:ea:af:6e:62:96:6f:
                    ab:20:70:99:64:28:6e:96:ea:e8:58:5e:0f:87:58:
                    fa:02:79:09:e7:d7:43:79:0e:c8:c6:02:8d:7f:00:
                    16:04:b9:cf:eb:d0:5c:82:a5:e2:52:a6:61:0e:cf:
                    63:29:cc:74:a7:bf:2c:0d:ef:f4:60:f2:c3:e9:1b:
                    3e:70:1d:31:ab:7d:b8:fc:41:58:4f:9d:00:2b:f8:
                    9d:81:bf:d5:20:a3:eb:28:79:16:29:a5:66:76:3f:
                    4e:56:36:d6:04:7a:69:79:3c:1b:e7:6d:5b:d3:32:
                    a3:1e:02:7d:9c:f7:a7:e9:11:cf:be:8d:cc:a6:2f:
                    7c:32:b2:f0:53:28:75:1b:50:35:8c:a3:5b:99:b1:
                    ca:c6:cd:cc:ba:08:19:17:b5:e9:4b:b8:34:77:f8:
                    30:5e:d8:7b:f9:bd:32:33:50:1a:1d:08:7c:99:57:
                    80:01:4b:3c:0d:77:7d:80:f3:bf:d4:f6:ea:e1:79:
                    83:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1A:4C:C9:C4:DE:5E:2F:15:98:BB:E1:76:B7:86:05:1B:A8:21:7F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d977da5b-fb78-4494-bb71-22f73b146561.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.178.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8f:6c:84:3b:da:48:f4:b4:38:89:8b:72:0e:ec:ca:c6:b2:6e:
         b5:e5:64:f3:d2:0b:cd:d5:40:27:b2:38:03:7b:ff:00:62:65:
         34:b8:1c:ba:ca:f3:98:55:51:39:c3:ed:05:93:10:55:ff:a4:
         6d:a0:ed:a6:bd:40:3f:40:39:22:39:2c:ac:6d:d4:c6:7a:88:
         c9:ae:87:6a:c6:20:5b:01:18:ec:88:af:04:37:89:0b:1c:37:
         ae:6b:0e:ce:a2:bc:32:02:9e:f1:8a:71:5b:17:d3:35:ec:b6:
         88:c9:ab:d4:0c:83:f0:ef:b6:0c:93:2d:43:22:9d:80:54:77:
         ee:87:ab:e3:97:a8:6d:20:a8:a0:af:2a:ca:cf:a6:a4:e4:8a:
         45:45:6d:55:5f:51:79:7f:1d:6d:00:4f:4d:7f:fc:14:c7:e0:
         1d:bd:f4:50:b1:10:a1:6f:49:04:28:06:7d:87:aa:0b:08:33:
         fb:0a:33:11:7b:e3:e0:7a:ac:7c:d2:0b:e0:6b:4e:a5:8d:de:
         b0:89:ca:13:c3:34:78:81:bb:8e:7e:8e:58:c6:b1:9d:7e:18:
         f9:08:d6:c6:61:4d:d6:08:76:48:59:31:88:fd:e0:9f:aa:de:
         fc:dd:90:5f:4a:5c:3a:e9:eb:2f:a6:a8:88:0d:77:6a:d7:7d:
         6e:cd:07:72
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMMDmL8UENixDMRXIY5vL2oBMrL0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTYwMDU1WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2JmYmQ0MDMyYjU5MTgwN2M3MDk3MDlmMDc3N2JhNmY0
YWYxYjZiZTJhNTg2NTZmMDZhYzEzNzRhZmU5MDMyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCCEnp9F9EpMMceLULPxKLHGt5VZByFjktl2hOMiaDK1M0
CKHCpVtKAJisURvR64o7WtGpCJj8r/bkprMaCSxvsMDKY+qvbmKWb6sgcJlkKG6W
6uhYXg+HWPoCeQnn10N5DsjGAo1/ABYEuc/r0FyCpeJSpmEOz2MpzHSnvywN7/Rg
8sPpGz5wHTGrfbj8QVhPnQAr+J2Bv9Ugo+soeRYppWZ2P05WNtYEeml5PBvnbVvT
MqMeAn2c96fpEc++jcymL3wysvBTKHUbUDWMo1uZscrGzcy6CBkXtelLuDR3+DBe
2Hv5vTIzUBodCHyZV4ABSzwNd32A87/U9urheYORAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTBpMycTeXi8VmLvhdreGBRuoIX8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q5NzdkYTViLWZiNzgtNDQ5NC1iYjcxLTIyZjczYjE0NjU2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2sjANBgkqhkiG9w0BAQsFAAOCAQEAj2yEO9pI9LQ4iYtyDuzKxrJuteVk
89ILzdVAJ7I4A3v/AGJlNLgcusrzmFVROcPtBZMQVf+kbaDtpr1AP0A5IjksrG3U
xnqIya6HasYgWwEY7IivBDeJCxw3rmsOzqK8MgKe8YpxWxfTNey2iMmr1AyD8O+2
DJMtQyKdgFR37oer45eobSCooK8qys+mpOSKRUVtVV9ReX8dbQBPTX/8FMfgHb30
ULEQoW9JBCgGfYeqCwgz+wozEXvj4HqsfNIL4GtOpY3esInKE8M0eIG7jn6OWMax
nX4Y+QjWxmFN1gh2SFkxiP3gn6re/N2QX0pcOunrL6aoiA13atd9bs0Hcg==
-----END CERTIFICATE-----