Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00096550-9146-49e8-a27a-307c65c0661e.roa
File:                     00096550-9146-49e8-a27a-307c65c0661e.roa (raw, json)
Hash identifier:          blthB3nL6/I8H2KRwpFl2DXHbV1JjdZlt5f9pzA4R2Q=
Subject key identifier:   A2:92:5A:3B:02:2A:1B:14:26:E9:C8:38:00:A3:49:33:CE:0E:B8:D2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4005C43F853311EC9C0A8E08915E821821F8AA00
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00096550-9146-49e8-a27a-307c65c0661e.roa
Signing time:             Mon 30 Jun 2025 16:51:13 +0000
ROA not before:           Mon 30 Jun 2025 16:51:13 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.68.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:05:c4:3f:85:33:11:ec:9c:0a:8e:08:91:5e:82:18:21:f8:aa:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 16:51:13 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=512c89b0cb40d10af53904938faf3f94c4ef6fb79de8b688c3e48ff4b4dd95f2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:71:b0:bc:d2:dd:70:2f:89:3d:05:1f:cc:f6:
                    5d:39:ee:42:b2:d4:ec:77:75:77:79:c3:74:b9:a7:
                    18:74:47:ac:ba:cd:81:14:3d:d3:49:57:43:7f:fc:
                    43:50:c6:8d:ad:e4:6a:e2:30:61:73:eb:e7:dc:9e:
                    84:6d:c6:e6:d2:5e:5b:68:c4:73:f0:e5:c7:6b:53:
                    0b:03:50:7c:da:36:2b:f2:3c:a8:29:c4:43:ab:f1:
                    ff:1d:53:7f:24:b0:32:fe:f1:32:af:38:37:11:8d:
                    db:2f:2e:16:4c:63:19:93:e0:69:5c:ce:9a:c6:0c:
                    5f:40:dc:9f:5b:b4:32:6a:9a:2e:6e:12:33:52:20:
                    dd:b3:ef:6f:00:23:dc:3c:3d:c3:21:b8:3b:09:f4:
                    c4:c3:4f:ec:ff:9f:24:61:87:2d:f4:ba:e2:64:de:
                    b3:2e:bf:be:60:13:b1:84:09:27:5d:97:10:2f:58:
                    04:57:b6:1a:c1:47:2c:29:af:3a:eb:51:17:1c:f3:
                    f5:a0:8e:90:b2:05:2f:61:4d:b8:ec:38:08:26:70:
                    cc:0a:cd:d5:78:13:a0:53:ab:8e:91:81:db:c3:df:
                    43:bc:de:ee:b1:dd:07:ab:13:e8:aa:2f:57:49:f4:
                    4d:21:a0:c2:9e:16:17:2b:3b:83:f6:a3:b9:d6:e9:
                    6e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:92:5A:3B:02:2A:1B:14:26:E9:C8:38:00:A3:49:33:CE:0E:B8:D2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00096550-9146-49e8-a27a-307c65c0661e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.68.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3f:c0:2d:b2:24:7b:6b:2b:c0:ab:f8:9a:ea:c6:a0:46:fc:7a:
         f1:93:f8:3f:3e:b5:04:16:50:ca:fc:5c:9e:0c:aa:b4:37:0a:
         4f:62:2b:c8:62:44:13:fc:43:dc:2c:62:85:52:6b:04:66:13:
         cd:3c:a4:60:5a:20:68:89:5b:29:56:a7:58:e1:8d:81:ea:24:
         65:6e:58:b0:b5:7d:dd:2c:37:ce:72:51:84:5b:81:19:a2:cc:
         4b:a2:32:5d:c0:7c:34:62:c2:d2:00:d4:a1:24:cc:98:30:2a:
         32:d4:11:78:58:96:75:9c:e4:40:62:1e:a0:16:32:cc:d8:8e:
         c2:7d:80:81:77:89:ef:18:c0:43:e9:ff:56:1c:ea:b2:cf:34:
         f0:c4:db:af:b6:5e:62:ea:b5:99:18:59:9f:d4:f5:26:31:1f:
         61:c6:c0:9e:1d:3b:03:7d:d2:9d:9d:cf:9d:47:a4:03:be:cf:
         41:dd:e4:ed:48:93:9e:67:80:d0:c0:b3:76:74:a8:2a:e7:88:
         cb:2f:c6:26:2e:da:0e:69:78:00:9a:9d:85:8f:27:ff:de:2f:
         8e:86:99:a6:3c:ea:81:b4:60:a9:03:f1:22:8d:e7:fa:97:04:
         5d:cc:40:93:7f:dd:07:97:f1:e2:cb:51:9d:aa:85:ab:61:04:
         26:95:92:c5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQAXEP4UzEeycCo4IkV6CGCH4qgAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTY1MTEzWhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTJjODliMGNiNDBkMTBhZjUzOTA0OTM4ZmFmM2Y5NGM0
ZWY2ZmI3OWRlOGI2ODhjM2U0OGZmNGI0ZGQ5NWYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7cbC80t1wL4k9BR/M9l057kKy1Ox3dXd5w3S5pxh0R6y6
zYEUPdNJV0N//ENQxo2t5GriMGFz6+fcnoRtxubSXltoxHPw5cdrUwsDUHzaNivy
PKgpxEOr8f8dU38ksDL+8TKvODcRjdsvLhZMYxmT4GlczprGDF9A3J9btDJqmi5u
EjNSIN2z728AI9w8PcMhuDsJ9MTDT+z/nyRhhy30uuJk3rMuv75gE7GECSddlxAv
WARXthrBRywprzrrURcc8/WgjpCyBS9hTbjsOAgmcMwKzdV4E6BTq46RgdvD30O8
3u6x3QerE+iqL1dJ9E0hoMKeFhcrO4P2o7nW6W5fAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUopJaOwIqGxQm6cg4AKNJM84OuNIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwMDk2NTUwLTkxNDYtNDllOC1hMjdhLTMwN2M2NWMwNjYxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE0RDANBgkqhkiG9w0BAQsFAAOCAQEAP8AtsiR7ayvAq/ia6sagRvx68ZP4
Pz61BBZQyvxcngyqtDcKT2IryGJEE/xD3CxihVJrBGYTzTykYFogaIlbKVanWOGN
geokZW5YsLV93Sw3znJRhFuBGaLMS6IyXcB8NGLC0gDUoSTMmDAqMtQReFiWdZzk
QGIeoBYyzNiOwn2AgXeJ7xjAQ+n/Vhzqss808MTbr7ZeYuq1mRhZn9T1JjEfYcbA
nh07A33SnZ3PnUekA77PQd3k7UiTnmeA0MCzdnSoKueIyy/GJi7aDml4AJqdhY8n
/94vjoaZpjzqgbRgqQPxIo3n+pcEXcxAk3/dB5fx4stRnaqFq2EEJpWSxQ==
-----END CERTIFICATE-----