Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09841762-a46f-48b0-b1d1-c33dc1aada32.roa
File:                     09841762-a46f-48b0-b1d1-c33dc1aada32.roa (raw, json)
Hash identifier:          dldhyc7Xg1/l3xaKx37dM9LAzhoEl0BuFT9Y3G3R5IM=
Subject key identifier:   2D:DE:3A:28:7E:34:37:69:91:A3:C9:AA:A6:2A:D4:E0:44:0A:FE:D3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       36661DD45264B1E88D27708A239E7DF94043B8AB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09841762-a46f-48b0-b1d1-c33dc1aada32.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.202.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:66:1d:d4:52:64:b1:e8:8d:27:70:8a:23:9e:7d:f9:40:43:b8:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:28:53:be:8f:70:53:4d:e3:e0:5f:a7:b7:7b:
                    58:c0:a2:b4:4f:ab:40:b2:cd:59:d7:0c:bb:f3:cf:
                    c2:86:56:7b:98:c3:51:04:12:3c:99:37:8f:97:f2:
                    71:b5:57:82:c0:65:34:4d:97:17:6a:b8:0f:1a:89:
                    a5:08:94:b7:35:1d:98:45:d9:f6:35:ae:d4:a8:df:
                    5d:c8:29:57:eb:a8:6d:63:cf:7d:57:f4:b4:45:45:
                    18:1f:a2:d9:9b:05:ab:4e:d8:38:58:cd:f8:97:2c:
                    4a:8c:77:ed:b6:b6:17:5d:53:c5:75:23:46:c3:75:
                    ca:f0:cd:f0:17:64:c9:31:0b:ba:54:71:ea:84:41:
                    53:02:f5:c4:3a:d2:e4:76:84:0c:64:c3:71:c6:16:
                    b7:f8:f4:b6:e0:5a:7d:68:8f:58:fa:ff:ef:7e:c7:
                    64:f8:2d:81:8a:86:35:f2:4f:2a:06:3c:a5:81:1e:
                    03:b1:56:6c:a6:f7:1b:83:06:ca:4e:c1:ff:d3:4f:
                    dd:21:8b:e4:75:92:02:10:23:d1:08:a2:50:29:e7:
                    75:cb:28:7d:bc:6b:4e:7f:05:19:85:68:67:58:fd:
                    ac:dd:06:9a:de:2e:3d:3c:5b:ea:0e:3f:68:71:0b:
                    05:e3:36:55:11:41:64:c5:67:7c:98:25:9e:2a:1c:
                    66:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:DE:3A:28:7E:34:37:69:91:A3:C9:AA:A6:2A:D4:E0:44:0A:FE:D3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09841762-a46f-48b0-b1d1-c33dc1aada32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.202.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:4f:a1:b2:51:73:66:c3:c4:87:bf:5d:e4:38:e6:7f:72:57:
         23:48:8e:3d:d2:fa:5a:6f:22:f1:06:ea:09:6d:db:fa:6c:69:
         c1:03:f6:e0:05:3f:71:64:66:12:05:ea:26:a2:0e:28:c0:ce:
         3d:6e:af:fd:a7:d1:58:34:9c:27:c2:b1:99:50:8d:ec:8a:95:
         0b:e1:5b:01:a8:7b:4d:3a:cc:ca:e7:ab:a6:52:2e:a1:b9:7b:
         2f:07:b1:16:8d:ce:53:6f:c4:9c:a2:18:e8:c3:f6:95:5f:89:
         5a:d5:7e:84:f3:02:46:64:f5:c9:fa:76:32:11:6b:b8:b9:1a:
         e0:4b:8a:ab:78:48:f6:58:3d:22:f9:9f:1f:1d:06:3c:f9:d0:
         2a:80:58:38:ac:31:25:76:bb:2c:4f:22:bb:21:fa:9d:fb:e0:
         f9:3f:65:96:85:11:f8:73:89:28:bd:52:bf:2e:3f:f4:ad:06:
         d4:89:ec:86:1e:9f:1c:ce:af:91:18:f7:6c:9f:3f:c1:10:1e:
         9a:60:96:80:10:c9:a8:be:96:6f:18:2d:7b:44:f3:af:7f:16:
         a0:b0:6c:7c:b2:05:1a:03:71:c9:bd:ec:72:18:5a:bb:ea:46:
         0d:49:45:d9:d2:2d:16:e3:12:81:50:c8:20:5f:ff:c6:e4:97:
         67:41:74:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNmYd1FJkseiNJ3CKI559+UBDuKswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMWUzZDgxZWRlNzMyNmEzNTMxZDQxNDBmNjQ4MDg0ZWQ3
M2ZmY2RiMWUyMjA5YjE0NmY0ZmQ5MTRhMjZlMmI0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZKFO+j3BTTePgX6e3e1jAorRPq0CyzVnXDLvzz8KGVnuY
w1EEEjyZN4+X8nG1V4LAZTRNlxdquA8aiaUIlLc1HZhF2fY1rtSo313IKVfrqG1j
z31X9LRFRRgfotmbBatO2DhYzfiXLEqMd+22thddU8V1I0bDdcrwzfAXZMkxC7pU
ceqEQVMC9cQ60uR2hAxkw3HGFrf49LbgWn1oj1j6/+9+x2T4LYGKhjXyTyoGPKWB
HgOxVmym9xuDBspOwf/TT90hi+R1kgIQI9EIolAp53XLKH28a05/BRmFaGdY/azd
BpreLj08W+oOP2hxCwXjNlURQWTFZ3yYJZ4qHGY3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULd46KH40N2mRo8mqpirU4EQK/tMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5ODQxNzYyLWE0NmYtNDhiMC1iMWQxLWMzM2RjMWFhZGEzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2ygQwDQYJKoZIhvcNAQELBQADggEBALJPobJRc2bDxIe/XeQ45n9yVyNI
jj3S+lpvIvEG6glt2/psacED9uAFP3FkZhIF6iaiDijAzj1ur/2n0Vg0nCfCsZlQ
jeyKlQvhWwGoe006zMrnq6ZSLqG5ey8HsRaNzlNvxJyiGOjD9pVfiVrVfoTzAkZk
9cn6djIRa7i5GuBLiqt4SPZYPSL5nx8dBjz50CqAWDisMSV2uyxPIrsh+p374Pk/
ZZaFEfhziSi9Ur8uP/StBtSJ7IYenxzOr5EY92yfP8EQHppgloAQyai+lm8YLXtE
869/FqCwbHyyBRoDccm97HIYWrvqRg1JRdnSLRbjEoFQyCBf/8bkl2dBdPg=
-----END CERTIFICATE-----