Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df607230-41e6-480a-813d-bbc6101bd307.roa
File:                     df607230-41e6-480a-813d-bbc6101bd307.roa (raw, json)
Hash identifier:          FStFCMkasVMKW0SoFC+bsQFeGEJSFm296o4V59t+THU=
Subject key identifier:   96:65:61:50:6F:37:0D:E6:D4:64:38:0B:B2:B0:AC:9B:71:58:AA:55
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2D6199FC759FD6E077B8C8657DC468390667361B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df607230-41e6-480a-813d-bbc6101bd307.roa
Signing time:             Tue 03 Jun 2025 15:21:38 +0000
ROA not before:           Tue 03 Jun 2025 15:21:38 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.19.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:61:99:fc:75:9f:d6:e0:77:b8:c8:65:7d:c4:68:39:06:67:36:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 15:21:38 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=8a97eb0ab64cfbe625ed67327d5d49303fdfa33f0df82ed5f611b32fb6680ae9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3f:7a:52:77:64:a2:28:22:3b:35:07:ca:7b:
                    70:a1:98:dd:4c:6f:af:8b:c1:aa:1a:aa:6c:de:3d:
                    26:7e:15:ba:7d:00:a7:30:04:f9:9f:22:45:3c:da:
                    c9:77:44:28:40:4d:9f:04:72:0e:cc:8a:b2:41:fe:
                    db:f6:45:ea:80:37:3c:a9:1d:18:c9:50:5e:6f:1b:
                    dd:8c:0b:83:74:c6:ec:30:de:01:af:90:56:f1:e6:
                    dd:64:9f:53:0d:4e:de:56:0a:99:b0:a2:a6:20:92:
                    ea:64:0b:6d:f6:48:03:85:61:8a:38:32:d5:62:de:
                    d8:17:da:c0:40:33:db:00:7f:74:6f:27:e2:c1:20:
                    f5:7a:43:29:61:90:c2:52:0b:5d:bb:d0:e9:7d:c3:
                    eb:0d:fa:3d:08:20:62:31:20:e9:22:eb:01:3c:f2:
                    b9:92:88:e9:e5:47:eb:62:53:9c:66:80:3b:24:4a:
                    a8:59:b2:24:5f:de:23:b8:c7:07:58:33:2c:2f:0d:
                    86:80:79:63:cd:c1:01:fa:bd:c4:d2:56:4f:71:1b:
                    82:66:a0:d4:c9:6c:24:cc:aa:e2:12:40:e8:c6:10:
                    e9:04:a4:96:87:de:11:da:f8:43:9e:69:de:25:0f:
                    0b:cf:32:6b:d4:90:48:d6:a7:ac:4b:74:09:bc:70:
                    1a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:65:61:50:6F:37:0D:E6:D4:64:38:0B:B2:B0:AC:9B:71:58:AA:55
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df607230-41e6-480a-813d-bbc6101bd307.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.19.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a0:fe:b8:93:3c:b9:90:ee:5d:54:0d:6f:f0:f0:19:db:56:5e:
         30:90:de:97:b8:7d:9a:d6:6b:0b:00:96:01:30:b2:54:dd:36:
         94:65:49:2f:a7:77:f6:ec:f9:c8:19:62:cf:7f:72:5a:af:2b:
         46:a3:42:f6:2e:77:7f:90:69:7b:f2:27:d4:d7:31:a8:ff:1a:
         fa:0c:70:cb:9e:a6:b8:46:13:ba:31:2d:a0:19:20:c6:6e:77:
         50:7b:9d:12:c8:e4:d0:6a:5d:d5:cd:2e:a3:59:74:ef:80:d4:
         19:7d:97:b8:15:f7:69:fb:b0:a1:49:d8:f7:a8:23:75:1e:9a:
         2c:5c:75:b5:6e:4f:fb:77:f7:7e:56:bf:92:b6:cf:85:67:c6:
         6d:e4:17:f3:63:a4:6d:32:1b:ee:21:1f:b4:cf:f4:b6:c9:97:
         7a:a1:e0:c2:bd:98:ee:84:95:02:fa:18:d7:b1:5c:f7:65:01:
         2c:85:c2:bd:37:b8:76:7d:8a:dd:67:0f:d3:30:1a:48:e9:86:
         54:0a:e6:7e:e1:45:61:74:c9:65:2a:5c:26:19:ee:1f:ee:46:
         e3:63:0f:ec:ab:e9:dd:f9:fc:19:9b:4b:6c:80:3e:d0:95:76:
         46:61:32:32:32:5f:e0:e5:ab:69:04:0a:51:17:3a:39:3a:4b:
         37:66:13:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULWGZ/HWf1uB3uMhlfcRoOQZnNhswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTUyMTM4WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTk3ZWIwYWI2NGNmYmU2MjVlZDY3MzI3ZDVkNDkzMDNm
ZGZhMzNmMGRmODJlZDVmNjExYjMyZmI2NjgwYWU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtP3pSd2SiKCI7NQfKe3ChmN1Mb6+LwaoaqmzePSZ+Fbp9
AKcwBPmfIkU82sl3RChATZ8Ecg7MirJB/tv2ReqANzypHRjJUF5vG92MC4N0xuww
3gGvkFbx5t1kn1MNTt5WCpmwoqYgkupkC232SAOFYYo4MtVi3tgX2sBAM9sAf3Rv
J+LBIPV6QylhkMJSC1270Ol9w+sN+j0IIGIxIOki6wE88rmSiOnlR+tiU5xmgDsk
SqhZsiRf3iO4xwdYMywvDYaAeWPNwQH6vcTSVk9xG4JmoNTJbCTMquISQOjGEOkE
pJaH3hHa+EOead4lDwvPMmvUkEjWp6xLdAm8cBpdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlmVhUG83DebUZDgLsrCsm3FYqlUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RmNjA3MjMwLTQxZTYtNDgwYS04MTNkLWJiYzYxMDFiZDMwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU0E8AwDQYJKoZIhvcNAQELBQADggEBAKD+uJM8uZDuXVQNb/DwGdtWXjCQ
3pe4fZrWawsAlgEwslTdNpRlSS+nd/bs+cgZYs9/clqvK0ajQvYud3+QaXvyJ9TX
Maj/GvoMcMueprhGE7oxLaAZIMZud1B7nRLI5NBqXdXNLqNZdO+A1Bl9l7gV92n7
sKFJ2PeoI3UemixcdbVuT/t3935Wv5K2z4Vnxm3kF/NjpG0yG+4hH7TP9LbJl3qh
4MK9mO6ElQL6GNexXPdlASyFwr03uHZ9it1nD9MwGkjphlQK5n7hRWF0yWUqXCYZ
7h/uRuNjD+yr6d35/BmbS2yAPtCVdkZhMjIyX+Dlq2kEClEXOjk6SzdmE/s=
-----END CERTIFICATE-----