Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e4a270a-8468-429b-9756-be2ffa392b61.roa
File:                     1e4a270a-8468-429b-9756-be2ffa392b61.roa (raw, json)
Hash identifier:          EeyAFsGQGXX2jUIacDvvIecPrMCEpotEIzV3sWu/85I=
Subject key identifier:   31:E8:44:E8:AF:A5:7D:9E:92:02:C1:CC:1A:C9:FC:00:54:69:BB:FB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5EB9A73B32E03C89F0814E3A17C05450E3A9A2C7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e4a270a-8468-429b-9756-be2ffa392b61.roa
Signing time:             Tue 20 May 2025 17:00:24 +0000
ROA not before:           Tue 20 May 2025 17:00:24 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:b9:a7:3b:32:e0:3c:89:f0:81:4e:3a:17:c0:54:50:e3:a9:a2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 17:00:24 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=f4cf87a838b0413ce18ed550dbc16768ea148925d29fea67affceb23f7c9718c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:63:68:56:54:74:d8:3c:1b:ae:a8:0b:d0:2e:
                    c4:8d:06:c1:70:f1:99:cd:a7:cf:4d:4b:30:fb:16:
                    24:37:e3:52:40:77:82:e9:3a:f1:c4:11:76:09:57:
                    09:3a:49:0a:03:5f:86:44:32:e7:38:d9:6e:32:b4:
                    65:a9:c1:1e:99:ee:1b:0d:86:31:6b:f6:7f:af:d0:
                    35:ef:d6:39:7d:50:63:6c:67:1f:89:34:2f:0d:67:
                    d4:d9:93:4d:06:9f:cf:8b:17:09:d5:dd:e1:d1:92:
                    ca:16:77:9e:db:00:b5:74:23:d2:38:3b:46:6c:66:
                    d1:e5:7e:97:38:20:ad:76:3c:d3:63:52:b6:26:7e:
                    81:8a:4b:b5:89:d5:c3:62:a9:8d:d6:c8:c5:a1:1a:
                    f5:cb:9d:ac:ab:bd:ed:d1:2c:2f:ba:d3:5b:a2:d7:
                    6b:a7:39:8d:66:cc:ae:ca:81:51:fb:62:8a:c9:2a:
                    5d:9a:fa:cd:d7:96:04:61:8e:f6:86:86:a7:ba:05:
                    b8:9b:3a:52:c5:2a:e5:64:b4:11:a1:ce:7a:72:4b:
                    e2:af:16:06:b5:b2:ad:02:77:e5:2a:e8:c9:ca:3d:
                    64:02:f7:2f:d2:06:c0:2a:d7:3d:da:b1:12:77:8d:
                    98:96:88:9b:40:32:7e:2f:b8:cc:3f:5c:e4:5a:55:
                    ad:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E8:44:E8:AF:A5:7D:9E:92:02:C1:CC:1A:C9:FC:00:54:69:BB:FB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e4a270a-8468-429b-9756-be2ffa392b61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:f4:47:71:5a:b3:af:a8:d4:2f:48:16:da:d7:47:99:8c:a4:
         7f:04:0b:35:22:ce:69:a0:6e:7d:c6:87:5f:bc:c8:a2:39:ea:
         46:3d:46:2d:f3:ca:f7:a3:a1:fa:9c:10:72:56:7f:c2:f5:63:
         6a:08:be:78:64:89:d9:a3:e5:e4:98:3e:60:02:4a:1c:48:72:
         ec:73:70:aa:0b:a2:d3:c3:90:39:01:72:87:96:e6:08:18:60:
         ab:95:33:66:37:38:da:ea:b0:cc:4a:33:bd:b1:d1:39:68:15:
         4d:a6:45:f6:85:b1:ad:9b:a0:6c:44:bd:f2:e5:19:6b:06:d6:
         7c:81:5c:f1:72:5f:e7:73:77:8c:54:cb:98:46:59:18:83:09:
         9b:d3:e5:f3:5a:30:aa:13:32:ba:bb:e0:87:67:14:f2:f1:a2:
         60:e4:9c:90:20:f2:fb:f2:45:8c:69:35:59:34:25:b4:b8:04:
         5f:cd:c1:3c:57:bf:8f:19:28:03:94:6c:0c:2c:40:ec:81:44:
         61:90:73:e7:7a:fb:94:53:4c:c8:1c:68:e8:c0:92:ff:f0:50:
         8b:00:ed:0c:b9:d0:8d:62:f4:13:aa:58:f8:82:b5:ef:40:e9:
         47:69:30:d2:68:97:9c:9e:78:49:23:54:51:4e:3c:75:f6:5b:
         31:36:8e:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXrmnOzLgPInwgU46F8BUUOOposcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTcwMDI0WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGNmODdhODM4YjA0MTNjZTE4ZWQ1NTBkYmMxNjc2OGVh
MTQ4OTI1ZDI5ZmVhNjdhZmZjZWIyM2Y3Yzk3MThjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9Y2hWVHTYPBuuqAvQLsSNBsFw8ZnNp89NSzD7FiQ341JA
d4LpOvHEEXYJVwk6SQoDX4ZEMuc42W4ytGWpwR6Z7hsNhjFr9n+v0DXv1jl9UGNs
Zx+JNC8NZ9TZk00Gn8+LFwnV3eHRksoWd57bALV0I9I4O0ZsZtHlfpc4IK12PNNj
UrYmfoGKS7WJ1cNiqY3WyMWhGvXLnayrve3RLC+601ui12unOY1mzK7KgVH7YorJ
Kl2a+s3XlgRhjvaGhqe6BbibOlLFKuVktBGhznpyS+KvFga1sq0Cd+Uq6MnKPWQC
9y/SBsAq1z3asRJ3jZiWiJtAMn4vuMw/XORaVa0HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMehE6K+lfZ6SAsHMGsn8AFRpu/swHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFlNGEyNzBhLTg0NjgtNDI5Yi05NzU2LWJlMmZmYTM5MmI2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0d9YwDQYJKoZIhvcNAQELBQADggEBAHH0R3Fas6+o1C9IFtrXR5mMpH8E
CzUizmmgbn3Gh1+8yKI56kY9Ri3zyvejofqcEHJWf8L1Y2oIvnhkidmj5eSYPmAC
ShxIcuxzcKoLotPDkDkBcoeW5ggYYKuVM2Y3ONrqsMxKM72x0TloFU2mRfaFsa2b
oGxEvfLlGWsG1nyBXPFyX+dzd4xUy5hGWRiDCZvT5fNaMKoTMrq74IdnFPLxomDk
nJAg8vvyRYxpNVk0JbS4BF/NwTxXv48ZKAOUbAwsQOyBRGGQc+d6+5RTTMgcaOjA
kv/wUIsA7Qy50I1i9BOqWPiCte9A6UdpMNJol5yeeEkjVFFOPHX2WzE2jpo=
-----END CERTIFICATE-----