Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa
File:                     dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa (raw, json)
Hash identifier:          6hxLEiPv1yDW7EjY9uUh/GPJ9UlnsllcQxbGBNkksnE=
Subject key identifier:   89:8A:D1:4D:D5:6C:DA:0A:3D:D5:E2:08:69:12:63:6C:5C:24:42:CB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3852EFC36CC841A933BE1AAA94926BDA9EBB4D33
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa
Signing time:             Fri 18 Apr 2025 18:21:14 +0000
ROA not before:           Fri 18 Apr 2025 18:21:14 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.250.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:52:ef:c3:6c:c8:41:a9:33:be:1a:aa:94:92:6b:da:9e:bb:4d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:21:14 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=6553196a12053d7e2533ab016e31c0899097c0a6b21520bc4ea3c051ca897c95, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2d:cb:83:2a:8c:97:4e:73:ea:0e:0a:f2:0d:
                    b9:df:9f:f2:56:db:80:77:bc:bd:43:c1:19:97:c8:
                    1b:00:53:b6:ea:7d:5b:bb:19:c0:3e:16:cf:f6:bc:
                    35:cb:90:a8:ac:25:17:c7:01:6d:51:f4:65:81:8a:
                    50:fc:8a:b9:83:33:e7:bb:69:8a:b2:e7:04:3e:61:
                    8f:9e:f9:dc:58:cf:7f:94:cd:a4:be:ff:0d:0c:60:
                    1c:59:0e:0e:ef:49:51:e8:3a:14:34:0a:f5:84:cc:
                    ed:83:c4:89:24:fb:4a:93:89:80:18:58:4f:25:69:
                    6b:bb:43:49:05:4d:65:36:fa:e9:65:41:eb:09:48:
                    82:df:2e:98:ae:16:64:f3:c5:78:4f:60:90:57:45:
                    e3:02:35:b3:06:2e:5a:55:8d:17:7e:52:52:44:cb:
                    a9:f4:1b:93:d6:1a:83:4e:b8:e1:97:8c:73:88:59:
                    8f:38:21:40:dc:20:da:df:63:12:a6:ac:82:cc:ab:
                    7e:22:cd:b7:aa:5b:75:0b:81:d0:2f:18:b0:17:3f:
                    af:64:d0:22:83:cd:81:9e:27:2b:5a:58:7e:04:f6:
                    10:b2:ee:72:c7:2e:e5:08:77:69:2b:d0:d1:59:03:
                    23:e0:16:34:51:db:f7:ac:20:c5:db:62:27:8b:af:
                    ce:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8A:D1:4D:D5:6C:DA:0A:3D:D5:E2:08:69:12:63:6C:5C:24:42:CB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.250.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5d:53:52:4a:39:4f:46:d2:90:82:90:57:55:1c:2e:32:1e:4c:
         69:5a:0d:aa:cc:b8:17:72:c3:45:3f:92:37:5d:41:e6:19:b4:
         be:5e:f9:c0:57:08:00:bd:2f:77:11:e0:84:a9:c5:ac:d9:1e:
         a3:76:c3:19:c2:d9:a9:f6:e9:82:8f:b9:30:58:e1:01:bd:91:
         97:bb:dd:78:5c:46:58:85:d8:81:18:47:74:53:8e:3d:04:3e:
         9e:b9:1b:de:4a:36:97:2d:f9:1d:75:b9:fe:83:e5:fd:1f:59:
         e8:61:79:0f:67:72:58:e5:94:e4:0e:8d:af:82:9b:b4:f0:8d:
         59:df:f8:76:dd:ab:41:82:38:6d:c8:f3:58:02:64:3d:7d:75:
         01:f0:8d:40:d7:87:ba:d1:5c:71:33:c9:ed:f5:82:ff:20:61:
         03:d5:18:d0:dd:12:88:91:04:5a:ab:3a:a4:eb:a3:be:35:14:
         41:b3:be:fc:a9:7e:bc:3e:79:04:00:4e:06:b1:e9:1e:da:b1:
         3b:0c:2b:c0:e3:7a:70:39:df:46:88:b2:e0:88:09:cf:a9:ec:
         ca:db:eb:22:28:0a:b6:cb:c9:b9:32:91:36:95:b1:93:2e:5f:
         2c:28:79:d9:02:6a:e1:b5:9f:b0:24:4c:3d:7f:d3:20:5b:c9:
         4c:d2:51:bc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOFLvw2zIQakzvhqqlJJr2p67TTMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgyMTE0WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NTUzMTk2YTEyMDUzZDdlMjUzM2FiMDE2ZTMxYzA4OTkw
OTdjMGE2YjIxNTIwYmM0ZWEzYzA1MWNhODk3Yzk1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmLcuDKoyXTnPqDgryDbnfn/JW24B3vL1DwRmXyBsAU7bq
fVu7GcA+Fs/2vDXLkKisJRfHAW1R9GWBilD8irmDM+e7aYqy5wQ+YY+e+dxYz3+U
zaS+/w0MYBxZDg7vSVHoOhQ0CvWEzO2DxIkk+0qTiYAYWE8laWu7Q0kFTWU2+ull
QesJSILfLpiuFmTzxXhPYJBXReMCNbMGLlpVjRd+UlJEy6n0G5PWGoNOuOGXjHOI
WY84IUDcINrfYxKmrILMq34izbeqW3ULgdAvGLAXP69k0CKDzYGeJytaWH4E9hCy
7nLHLuUId2kr0NFZAyPgFjRR2/esIMXbYieLr85pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiYrRTdVs2go91eIIaRJjbFwkQsswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RjZDdlMzg0LWYzMGUtNDVmOC1iOWM0LWZmYzFhMTQ5ZTQ2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2+sAwDQYJKoZIhvcNAQELBQADggEBAF1TUko5T0bSkIKQV1UcLjIeTGla
DarMuBdyw0U/kjddQeYZtL5e+cBXCAC9L3cR4ISpxazZHqN2wxnC2an26YKPuTBY
4QG9kZe73XhcRliF2IEYR3RTjj0EPp65G95KNpct+R11uf6D5f0fWehheQ9ncljl
lOQOja+Cm7TwjVnf+Hbdq0GCOG3I81gCZD19dQHwjUDXh7rRXHEzye31gv8gYQPV
GNDdEoiRBFqrOqTro741FEGzvvypfrw+eQQATgax6R7asTsMK8DjenA530aIsuCI
Cc+p7Mrb6yIoCrbLybkykTaVsZMuXywoedkCauG1n7AkTD1/0yBbyUzSUbw=
-----END CERTIFICATE-----