Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/12d30afd-7657-4d7b-996a-bf7a313920f5.roa
File:                     12d30afd-7657-4d7b-996a-bf7a313920f5.roa (raw, json)
Hash identifier:          ber2xlfJx5Z1d1X16bip9rpQSJbC9JnWqyjixlgZqeo=
Subject key identifier:   0E:E3:71:0A:FA:96:7E:41:79:F3:3B:7F:7D:2D:4D:EA:E8:C9:CA:EE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7F3DC2EE79D2456B50249DBFAE201394BD1592B2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/12d30afd-7657-4d7b-996a-bf7a313920f5.roa
Signing time:             Fri 07 Mar 2025 00:42:19 +0000
ROA not before:           Fri 07 Mar 2025 00:42:19 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:3d:c2:ee:79:d2:45:6b:50:24:9d:bf:ae:20:13:94:bd:15:92:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  7 00:42:19 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:33:ae:0e:c9:3a:76:2e:11:d3:f1:0f:59:f7:
                    07:d2:48:94:99:52:02:51:cc:e9:b5:5a:64:be:59:
                    05:df:ee:22:c1:36:fd:32:b1:2a:7c:d9:09:94:aa:
                    16:4e:26:e9:2b:e4:1a:56:2b:fd:ff:5c:71:8a:0f:
                    75:ae:70:e3:33:1a:2c:78:f8:f2:e5:20:da:16:bb:
                    da:e8:bf:f4:64:0e:31:58:fd:d2:ab:7d:fa:0f:3d:
                    9e:59:db:95:57:af:d5:00:33:f3:4e:19:aa:c1:6f:
                    8d:99:60:17:7f:94:80:2c:83:c9:2f:bc:44:e0:0c:
                    b2:d5:d8:da:d5:03:0a:a8:35:be:cb:02:af:cc:9a:
                    41:be:df:44:0a:4f:c7:22:6d:31:b0:63:58:f3:85:
                    16:18:54:dd:cc:73:7e:46:cc:10:0a:51:68:ee:4a:
                    ae:70:e5:7d:14:ff:a7:36:fc:95:da:a7:65:6c:9a:
                    6f:05:e1:70:4a:37:de:44:bc:7a:70:6a:a9:ee:91:
                    0c:a8:c7:90:a4:48:71:8c:37:14:37:80:de:a5:af:
                    77:cb:55:3b:e9:d4:0d:dd:c1:ea:7e:ff:a1:01:8f:
                    0f:5a:be:52:e3:f5:47:ba:a0:0e:5d:24:96:88:3e:
                    3c:61:41:32:e5:fc:40:57:17:30:89:4f:b0:d0:ce:
                    84:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E3:71:0A:FA:96:7E:41:79:F3:3B:7F:7D:2D:4D:EA:E8:C9:CA:EE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/12d30afd-7657-4d7b-996a-bf7a313920f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         22:02:ea:64:de:f9:f5:d6:4b:a3:ce:55:38:aa:a0:ef:62:06:
         d1:b9:84:d1:a3:63:52:d3:2e:d5:92:4c:bd:fe:75:28:ab:27:
         49:32:b2:d9:17:50:40:b7:28:ef:8b:84:df:45:1c:f4:80:c6:
         c1:7c:b0:b2:ea:11:f3:0c:cd:f7:78:97:5a:82:bf:63:f2:07:
         a2:6c:9b:fc:04:74:83:ca:88:7d:57:0f:bf:b4:88:ac:7d:6e:
         c8:53:d5:9e:fb:4b:9a:c4:2e:ad:e0:2b:b1:3d:2f:d8:b2:ab:
         7b:cd:ef:c5:5e:fc:4b:94:a7:9f:57:a3:6f:78:fb:51:05:8c:
         d0:53:f0:24:a8:56:6e:6e:a8:88:47:e1:99:f7:fc:0b:e7:f5:
         4d:fe:0a:f7:d6:bb:75:d8:02:fb:8b:dc:ec:9d:73:ff:58:6b:
         ba:55:20:66:a8:16:ad:ee:66:3c:9d:85:b3:7b:6e:11:17:3e:
         dd:c6:b4:de:06:f6:0f:57:7d:0a:d5:84:65:3d:79:3c:89:6e:
         10:ac:90:df:2f:f5:0f:e7:8f:02:d7:a1:1c:a8:94:f6:bb:fa:
         be:26:82:dd:3f:03:bc:b9:38:dc:c7:e4:c1:61:44:37:5f:63:
         62:27:17:14:44:dc:73:99:46:16:82:4f:bc:5f:41:fb:f9:9a:
         dc:19:0c:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfz3C7nnSRWtQJJ2/riATlL0VkrIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA3MDA0MjE5WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDIwMWQyNmM5YTM4YWQ2NGVlY2VmM2Q3ZGU0ZmQyMDYz
MWVlOGY3MmRmYmQ5NThhZDdkMmEwOGFjYWU2NWY2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDM64OyTp2LhHT8Q9Z9wfSSJSZUgJRzOm1WmS+WQXf7iLB
Nv0ysSp82QmUqhZOJukr5BpWK/3/XHGKD3WucOMzGix4+PLlINoWu9rov/RkDjFY
/dKrffoPPZ5Z25VXr9UAM/NOGarBb42ZYBd/lIAsg8kvvETgDLLV2NrVAwqoNb7L
Aq/MmkG+30QKT8cibTGwY1jzhRYYVN3Mc35GzBAKUWjuSq5w5X0U/6c2/JXap2Vs
mm8F4XBKN95EvHpwaqnukQyox5CkSHGMNxQ3gN6lr3fLVTvp1A3dwep+/6EBjw9a
vlLj9Ue6oA5dJJaIPjxhQTLl/EBXFzCJT7DQzoTLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDuNxCvqWfkF58zt/fS1N6ujJyu4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEyZDMwYWZkLTc2NTctNGQ3Yi05OTZhLWJmN2EzMTM5MjBmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM270AwDQYJKoZIhvcNAQELBQADggEBACIC6mTe+fXWS6POVTiqoO9iBtG5
hNGjY1LTLtWSTL3+dSirJ0kystkXUEC3KO+LhN9FHPSAxsF8sLLqEfMMzfd4l1qC
v2PyB6Jsm/wEdIPKiH1XD7+0iKx9bshT1Z77S5rELq3gK7E9L9iyq3vN78Ve/EuU
p59Xo294+1EFjNBT8CSoVm5uqIhH4Zn3/Avn9U3+CvfWu3XYAvuL3Oydc/9Ya7pV
IGaoFq3uZjydhbN7bhEXPt3GtN4G9g9XfQrVhGU9eTyJbhCskN8v9Q/njwLXoRyo
lPa7+r4mgt0/A7y5ONzH5MFhRDdfY2InFxRE3HOZRhaCT7xfQfv5mtwZDH0=
-----END CERTIFICATE-----