Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa
File:                     074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa (raw, json)
Hash identifier:          6lXqLWAwea3a9A5h2EtIP3eUy3IAtazkklLEg8mrlGM=
Subject key identifier:   C0:59:83:07:D2:14:24:AF:F9:07:A5:59:BC:5E:8B:42:7E:C1:1F:D4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6801CE0803FCB6D9C8363ABAE0FD29FC155E96DC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa
Signing time:             Tue 02 Apr 2024 00:00:00 +0000
ROA not before:           Tue 02 Apr 2024 00:00:00 +0000
ROA not after:            Tue 07 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        54.232.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:01:ce:08:03:fc:b6:d9:c8:36:3a:ba:e0:fd:29:fc:15:5e:96:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  2 00:00:00 2024 GMT
            Not After : May  7 23:59:59 2024 GMT
        Subject: serialNumber=0c68eb2f91cd9109aebda850bba2b2389b8334dfb419bec9d8a11099f58b9aa9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f5:9c:aa:83:2b:2c:ba:45:75:43:5e:ee:93:
                    9c:98:8a:b8:29:00:19:29:4e:33:6d:30:5f:28:15:
                    77:b7:ea:63:49:ca:6f:8c:56:ea:e1:68:a9:6a:0d:
                    17:45:e4:e8:29:d3:8e:dd:52:fa:ae:c7:35:1a:bd:
                    d0:6d:36:d7:2c:44:c8:7f:2a:f6:dd:16:c3:ec:a7:
                    2c:de:78:e0:92:2a:62:ae:6c:f0:8b:e3:e7:b8:0a:
                    42:32:90:cb:5e:cd:e0:ab:d8:fc:78:45:be:70:0e:
                    bb:72:5e:dd:f1:7b:cd:fc:df:e8:76:a3:64:3b:34:
                    84:7f:16:f7:cc:c2:71:23:71:e5:48:b2:d0:7c:e7:
                    ef:10:3e:fb:4b:d7:13:79:3e:10:ab:e7:42:dd:06:
                    e4:e4:01:29:3b:f9:52:2a:bb:6f:2b:f9:d9:62:c7:
                    2c:8a:8c:0e:17:ac:df:cc:6f:a5:06:88:29:4a:46:
                    ab:e1:d7:56:d7:91:2c:79:d9:41:c9:a5:fe:a6:f0:
                    29:c9:50:03:04:1b:0d:ae:d9:8a:78:8f:2e:4d:31:
                    49:0a:6e:d3:52:ff:57:06:d6:ce:57:c2:6b:4e:0d:
                    29:f1:ea:11:1b:1d:40:e4:af:70:0b:90:42:14:b9:
                    2f:67:81:38:71:0c:81:f2:b6:d8:5c:01:39:f6:22:
                    6e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:59:83:07:D2:14:24:AF:F9:07:A5:59:BC:5E:8B:42:7E:C1:1F:D4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.232.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:fe:ae:d7:7f:c3:b5:a7:4e:32:aa:4a:0a:a8:77:7b:a8:ec:
         06:89:20:09:8f:77:af:42:24:1a:d0:1f:9b:63:be:d3:a3:e3:
         67:75:56:f2:43:35:bc:e2:e0:8e:51:de:c9:54:63:64:9d:f2:
         ea:eb:eb:7c:9c:6b:5d:e7:6f:11:eb:eb:69:0a:82:c4:88:9d:
         b9:dc:9f:b5:9b:3e:5b:7b:8e:bc:ad:c6:b7:88:e2:eb:aa:5c:
         9a:be:1f:b6:85:74:36:5c:55:53:26:2c:0d:22:53:d5:0c:a3:
         87:76:03:15:42:0f:71:62:8c:a2:4c:9c:50:f0:7b:88:a0:31:
         02:3e:ee:c5:f8:b1:7b:46:32:30:cb:50:53:b6:b3:2c:66:f7:
         dd:3e:e7:e5:a7:2d:f6:2c:90:94:4b:1c:2d:01:96:b5:39:b6:
         28:31:b8:39:59:73:15:f9:5e:55:68:b2:c8:8a:dc:93:6a:3f:
         b3:4f:26:4e:f8:4e:fe:3f:00:85:24:dd:b3:b1:b4:af:26:35:
         8d:15:97:96:91:34:69:62:a7:13:d5:67:00:5e:1c:cb:7e:27:
         ae:dd:6d:23:b8:79:8e:1b:96:19:72:09:e7:d2:75:c9:de:67:
         7a:8f:cb:c9:53:f5:fc:30:f1:9f:4e:78:b1:17:fa:32:10:45:
         59:bf:78:3f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaAHOCAP8ttnINjq64P0p/BVeltwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDAyMDAwMDAwWhcNMjQwNTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzY4ZWIyZjkxY2Q5MTA5YWViZGE4NTBiYmEyYjIzODli
ODMzNGRmYjQxOWJlYzlkOGExMTA5OWY1OGI5YWE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDd9ZyqgyssukV1Q17uk5yYirgpABkpTjNtMF8oFXe36mNJ
ym+MVurhaKlqDRdF5Ogp047dUvquxzUavdBtNtcsRMh/KvbdFsPspyzeeOCSKmKu
bPCL4+e4CkIykMtezeCr2Px4Rb5wDrtyXt3xe8383+h2o2Q7NIR/FvfMwnEjceVI
stB85+8QPvtL1xN5PhCr50LdBuTkASk7+VIqu28r+dlixyyKjA4XrN/Mb6UGiClK
Rqvh11bXkSx52UHJpf6m8CnJUAMEGw2u2Yp4jy5NMUkKbtNS/1cG1s5XwmtODSnx
6hEbHUDkr3ALkEIUuS9ngThxDIHytthcATn2Im6TAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwFmDB9IUJK/5B6VZvF6LQn7BH9QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3NGE4NWZkLWFiOGEtNGQ2YS1iZWVjLWU5MGZhNjU2MGZmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA26DANBgkqhkiG9w0BAQsFAAOCAQEAUv6u13/DtadOMqpKCqh3e6jsBokg
CY93r0IkGtAfm2O+06PjZ3VW8kM1vOLgjlHeyVRjZJ3y6uvrfJxrXedvEevraQqC
xIidudyftZs+W3uOvK3Gt4ji66pcmr4ftoV0NlxVUyYsDSJT1Qyjh3YDFUIPcWKM
okycUPB7iKAxAj7uxfixe0YyMMtQU7azLGb33T7n5act9iyQlEscLQGWtTm2KDG4
OVlzFfleVWiyyIrck2o/s08mTvhO/j8AhSTds7G0ryY1jRWXlpE0aWKnE9VnAF4c
y34nrt1tI7h5jhuWGXIJ59J1yd5neo/LyVP1/DDxn054sRf6MhBFWb94Pw==
-----END CERTIFICATE-----