Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ede7f351-4d0f-4c75-9915-6673e09863e1.roa
File:                     ede7f351-4d0f-4c75-9915-6673e09863e1.roa (raw, json)
Hash identifier:          sxFhAz0zfb54T2sV7lKtJyMYnKmNCq39LLIl5aoKXb8=
Subject key identifier:   F4:B4:52:44:57:C0:6B:7C:3E:FA:B4:98:AF:DD:3D:CE:0F:3F:42:79
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0C85513E0778857629EBC7282EA9A9CD8B2DED75
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ede7f351-4d0f-4c75-9915-6673e09863e1.roa
Signing time:             Mon 14 Apr 2025 16:31:06 +0000
ROA not before:           Mon 14 Apr 2025 16:31:06 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.15.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:85:51:3e:07:78:85:76:29:eb:c7:28:2e:a9:a9:cd:8b:2d:ed:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:31:06 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=de4d40d84875d0943a0abbc54b1719beed2596dd930edf8716242d48903263d1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d1:8a:fd:59:28:8e:f1:4a:0e:de:35:4b:56:
                    80:ee:db:b5:58:80:57:93:00:f0:43:85:cb:db:7e:
                    3a:05:9d:7e:08:11:58:f7:dd:62:33:31:fa:6f:e2:
                    94:84:bb:c4:61:eb:9e:72:fc:55:de:73:c5:14:bb:
                    5a:73:ae:95:2c:81:9f:e7:00:71:5e:f6:e7:07:8e:
                    d0:d0:e1:77:f5:0b:13:c8:28:dc:9b:57:39:34:3d:
                    d8:1b:9e:f3:2e:04:b4:92:72:60:94:cf:cb:bf:5d:
                    8a:e2:08:ef:40:3e:8c:a9:7e:7a:15:14:05:0e:8f:
                    2f:8a:d8:82:be:e6:f8:6d:03:12:c0:24:2e:90:a3:
                    ef:aa:af:63:c6:4f:5f:02:00:5a:0c:75:0d:96:56:
                    0b:f6:63:09:bb:3f:78:a2:8a:ff:48:c1:7e:1a:e8:
                    e8:33:80:b1:75:34:2b:ee:0e:dd:29:8b:91:12:3f:
                    7b:3e:6a:78:6b:a5:49:87:7c:c9:78:e8:80:1a:a3:
                    70:cf:1b:97:12:9a:a6:fe:17:f4:00:14:3a:cf:38:
                    4d:cb:56:70:a3:86:8b:b8:62:50:71:64:9a:18:f0:
                    e2:2a:e2:5f:19:c0:2d:51:6f:45:d9:63:19:3d:9c:
                    f2:69:ed:8d:71:06:c7:23:0b:2f:bc:e5:da:48:ee:
                    bc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:B4:52:44:57:C0:6B:7C:3E:FA:B4:98:AF:DD:3D:CE:0F:3F:42:79
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ede7f351-4d0f-4c75-9915-6673e09863e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.15.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9c:4b:7a:43:f8:b0:1f:01:f1:eb:9e:dc:59:83:ca:35:fb:97:
         65:02:ce:94:12:6a:37:d7:7d:a0:4d:94:4e:f1:95:51:be:c1:
         57:17:4f:0d:00:03:01:2c:a8:2a:ed:fb:55:6f:5c:d2:73:77:
         6c:df:8c:49:d0:8f:f2:bb:33:ff:af:d5:e4:c9:f4:77:ab:7c:
         90:b1:41:9e:ec:f3:b1:d9:25:28:93:b1:d7:fd:b5:9e:6f:f1:
         24:8c:00:87:ae:a4:5a:3b:dd:f6:c0:7c:ec:61:21:89:1e:56:
         2f:43:20:5c:14:53:38:32:ce:2a:e4:86:8c:f0:03:dc:00:f4:
         19:1f:de:cf:70:a2:20:7a:71:69:d6:d1:3c:a3:3c:4c:3e:a3:
         98:de:87:57:f8:fc:01:73:16:5d:a0:48:c5:2d:e3:85:39:3a:
         ed:4b:ee:df:ad:74:96:15:5a:ac:9d:9b:83:29:13:10:0e:66:
         78:b5:dc:b4:35:1e:8f:e0:e2:af:19:70:cc:bb:d6:39:0d:92:
         d5:38:ba:49:2e:47:ad:dc:ed:b0:8d:3d:ae:27:f4:3c:d3:e8:
         03:4a:92:56:a8:3e:d7:5c:c2:75:93:80:c5:dd:13:c2:7d:6c:
         bb:b0:d2:3a:20:f2:31:6a:e9:33:cd:7b:fe:34:32:b2:ff:23:
         bf:f8:b8:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDIVRPgd4hXYp68coLqmpzYst7XUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYzMTA2WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTRkNDBkODQ4NzVkMDk0M2EwYWJiYzU0YjE3MTliZWVk
MjU5NmRkOTMwZWRmODcxNjI0MmQ0ODkwMzI2M2QxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP0Yr9WSiO8UoO3jVLVoDu27VYgFeTAPBDhcvbfjoFnX4I
EVj33WIzMfpv4pSEu8Rh655y/FXec8UUu1pzrpUsgZ/nAHFe9ucHjtDQ4Xf1CxPI
KNybVzk0PdgbnvMuBLSScmCUz8u/XYriCO9APoypfnoVFAUOjy+K2IK+5vhtAxLA
JC6Qo++qr2PGT18CAFoMdQ2WVgv2Ywm7P3iiiv9IwX4a6OgzgLF1NCvuDt0pi5ES
P3s+anhrpUmHfMl46IAao3DPG5cSmqb+F/QAFDrPOE3LVnCjhou4YlBxZJoY8OIq
4l8ZwC1Rb0XZYxk9nPJp7Y1xBscjCy+85dpI7ryBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9LRSRFfAa3w++rSYr909zg8/QnkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VkZTdmMzUxLTRkMGYtNGM3NS05OTE1LTY2NzNlMDk4NjNlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY0D0AwDQYJKoZIhvcNAQELBQADggEBAJxLekP4sB8B8eue3FmDyjX7l2UC
zpQSajfXfaBNlE7xlVG+wVcXTw0AAwEsqCrt+1VvXNJzd2zfjEnQj/K7M/+v1eTJ
9HerfJCxQZ7s87HZJSiTsdf9tZ5v8SSMAIeupFo73fbAfOxhIYkeVi9DIFwUUzgy
zirkhozwA9wA9Bkf3s9woiB6cWnW0TyjPEw+o5jeh1f4/AFzFl2gSMUt44U5Ou1L
7t+tdJYVWqydm4MpExAOZni13LQ1Ho/g4q8ZcMy71jkNktU4ukkuR63c7bCNPa4n
9DzT6ANKklaoPtdcwnWTgMXdE8J9bLuw0jog8jFq6TPNe/40MrL/I7/4uOU=
-----END CERTIFICATE-----