Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa
File:                     f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa (raw, json)
Hash identifier:          y7wSy0wSydL2pdeImXop+aCfT+hL29OsGIZ+SnBisX4=
Subject key identifier:   0A:AC:D2:73:B6:C4:C9:C8:1B:20:83:B1:04:47:1A:2C:1F:67:D6:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7527E1376F5FBEB77DA6C31592958DC7D6F8B75C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa
Signing time:             Tue 20 May 2025 17:10:15 +0000
ROA not before:           Tue 20 May 2025 17:10:15 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:27:e1:37:6f:5f:be:b7:7d:a6:c3:15:92:95:8d:c7:d6:f8:b7:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:10:15 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=9856a9703adcacbe15161dd63b4dce8e726691753b0a5329135ff8dd1dcabf6d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2f:d6:2d:a5:06:e1:03:33:08:37:8a:9f:30:
                    86:f1:1a:aa:8c:46:94:2e:0c:8a:fe:78:29:f9:78:
                    76:9a:45:9c:a5:f7:10:16:a7:90:0c:fd:12:52:db:
                    b7:d5:a5:a4:6a:8b:f3:ab:37:39:63:82:a7:bf:f2:
                    b0:13:64:70:a2:78:74:51:bd:96:13:3f:02:f2:b5:
                    4b:92:8e:5a:63:aa:c7:a4:36:a0:fd:9e:cd:04:58:
                    0a:ee:68:5f:67:de:8a:eb:bd:96:ee:4b:39:28:67:
                    dd:82:fd:5f:b2:98:5e:db:03:e8:67:89:e6:de:31:
                    51:83:4d:9a:7b:b2:87:1a:27:62:ea:8a:75:2c:a3:
                    25:00:63:d7:29:57:e6:50:83:14:87:17:4c:d5:46:
                    fb:7a:e0:aa:8f:dc:65:b7:43:00:f4:97:fd:bf:78:
                    75:ce:e2:ce:5d:59:54:84:03:b4:b4:eb:b9:68:88:
                    b8:67:95:7b:7e:91:25:76:1d:0d:57:79:ba:9a:aa:
                    83:27:04:bd:d1:07:6f:ab:85:6a:48:3a:bf:62:c1:
                    91:84:4c:55:e2:66:2c:f8:1b:9e:67:cc:cb:5f:1c:
                    ae:32:be:5d:d6:e4:59:fa:2e:d4:bc:aa:b4:86:08:
                    a7:b2:49:86:d8:0f:9d:2e:c6:90:80:e7:cf:62:b6:
                    a9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:AC:D2:73:B6:C4:C9:C8:1B:20:83:B1:04:47:1A:2C:1F:67:D6:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         51:68:82:bb:32:e6:ae:c0:dc:6a:be:e6:ac:ef:32:f0:18:88:
         4d:77:c8:9a:2d:a6:1e:b2:39:42:1b:95:b4:c5:c7:65:b1:b2:
         54:9a:4c:5c:cc:9b:c1:dc:c1:02:5c:ec:28:17:1d:e7:6c:4f:
         9c:87:28:3c:a7:94:e4:79:e7:8d:eb:a5:7f:f1:80:cf:5c:cc:
         12:3e:7a:6b:7a:f4:8e:47:cb:28:41:59:fb:cc:2f:28:f2:91:
         38:69:a5:be:a1:f9:b2:33:ef:aa:c6:51:8a:f6:62:94:44:7e:
         79:05:ef:d7:e4:63:39:9d:38:b7:47:59:96:d1:1d:af:de:7c:
         c2:0f:18:a9:f0:45:76:20:5f:a2:37:f5:6b:6f:e3:82:71:54:
         ba:4d:2a:7f:18:aa:c0:71:0c:f9:eb:3c:87:30:91:b2:b9:38:
         08:27:98:cb:4a:74:18:83:e1:eb:93:e5:74:36:81:e1:f8:56:
         e6:ee:25:74:16:b5:03:eb:c6:94:5e:57:55:57:f2:49:5e:c3:
         a7:f1:57:13:64:88:e8:9a:84:16:2e:6b:d2:3a:5f:14:8d:34:
         db:8b:8f:c6:cb:5b:5f:7c:09:e1:dd:4f:ee:c6:f5:7e:62:2d:
         d9:ee:5a:51:67:c5:3c:b2:c2:dd:0e:78:34:7e:9b:ed:3a:95:
         22:26:bb:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdSfhN29fvrd9psMVkpWNx9b4t1wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTcxMDE1WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODU2YTk3MDNhZGNhY2JlMTUxNjFkZDYzYjRkY2U4ZTcy
NjY5MTc1M2IwYTUzMjkxMzVmZjhkZDFkY2FiZjZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpL9YtpQbhAzMIN4qfMIbxGqqMRpQuDIr+eCn5eHaaRZyl
9xAWp5AM/RJS27fVpaRqi/OrNzljgqe/8rATZHCieHRRvZYTPwLytUuSjlpjqsek
NqD9ns0EWAruaF9n3orrvZbuSzkoZ92C/V+ymF7bA+hniebeMVGDTZp7socaJ2Lq
inUsoyUAY9cpV+ZQgxSHF0zVRvt64KqP3GW3QwD0l/2/eHXO4s5dWVSEA7S067lo
iLhnlXt+kSV2HQ1XebqaqoMnBL3RB2+rhWpIOr9iwZGETFXiZiz4G55nzMtfHK4y
vl3W5Fn6LtS8qrSGCKeySYbYD50uxpCA589itqlrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCqzSc7bEycgbIIOxBEcaLB9n1howHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YxODVmOGJiLTU0YTYtNGEwOS04ZGI5LWVlY2RjOWNlYzQ1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ0X3AwDQYJKoZIhvcNAQELBQADggEBAFFogrsy5q7A3Gq+5qzvMvAYiE13
yJotph6yOUIblbTFx2WxslSaTFzMm8HcwQJc7CgXHedsT5yHKDynlOR5543rpX/x
gM9czBI+emt69I5HyyhBWfvMLyjykThppb6h+bIz76rGUYr2YpREfnkF79fkYzmd
OLdHWZbRHa/efMIPGKnwRXYgX6I39Wtv44JxVLpNKn8YqsBxDPnrPIcwkbK5OAgn
mMtKdBiD4euT5XQ2geH4VubuJXQWtQPrxpReV1VX8klew6fxVxNkiOiahBYua9I6
XxSNNNuLj8bLW198CeHdT+7G9X5iLdnuWlFnxTyywt0OeDR+m+06lSImu5c=
-----END CERTIFICATE-----