Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1f0b6e13-882a-4e6d-8c67-165a6b2ee583.roa
File:                     1f0b6e13-882a-4e6d-8c67-165a6b2ee583.roa (raw, json)
Hash identifier:          mxOP399739tNUQme7r442tdufhEZG0CdzA9imUeet9I=
Subject key identifier:   63:D8:AE:DD:4B:B5:06:D8:B7:73:9D:ED:C4:6C:AE:6C:98:1C:1F:BC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       36FEB937F5C2907B8ABD5DB4B72D93F12798804A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1f0b6e13-882a-4e6d-8c67-165a6b2ee583.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.197.208.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:fe:b9:37:f5:c2:90:7b:8a:bd:5d:b4:b7:2d:93:f1:27:98:80:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:63:ea:08:69:d2:ef:25:33:0b:2f:e0:e4:
                    b4:e8:74:9f:e9:ec:3a:92:15:71:e3:9f:10:24:7d:
                    d1:c5:18:7b:d4:d1:2a:2a:91:96:99:78:2c:fc:ea:
                    b6:b5:74:9f:e4:7b:b5:4b:91:45:c6:7c:5d:ea:f6:
                    b2:85:df:95:c3:62:fe:27:eb:77:50:92:22:99:11:
                    f7:9f:8b:98:50:8b:1c:28:b7:c6:d2:6f:23:a2:7f:
                    60:37:4f:31:25:86:e1:9f:db:e8:7d:bc:46:86:3f:
                    5c:c1:60:0b:c2:83:a8:9b:b1:db:bb:60:11:c7:c1:
                    01:49:fd:6f:03:a9:c6:7f:5a:5b:24:24:df:1d:5b:
                    f3:2d:cb:81:bb:72:8b:01:c4:27:ee:88:4e:e5:f8:
                    7e:c1:3b:f1:46:9e:ca:c5:13:2c:f8:aa:47:aa:ff:
                    4e:e3:9c:63:36:0e:f6:02:3a:5c:95:c8:41:10:84:
                    55:f7:6f:56:e5:5c:df:53:8b:f0:b0:f4:0f:4f:e7:
                    5c:4c:0c:1d:b4:3b:a0:d3:d1:9d:d5:00:17:df:cc:
                    e1:b5:37:1b:bd:32:8c:dd:2f:40:3c:03:5b:d1:d7:
                    21:b6:1d:d8:16:ff:fe:0b:1c:ae:5d:0a:2d:f9:6b:
                    b9:f7:02:72:82:3f:14:04:ef:9c:c7:f8:b7:f3:0c:
                    4d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D8:AE:DD:4B:B5:06:D8:B7:73:9D:ED:C4:6C:AE:6C:98:1C:1F:BC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1f0b6e13-882a-4e6d-8c67-165a6b2ee583.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.197.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         20:41:83:3d:98:f7:2b:81:37:ff:74:4a:d5:dd:f3:21:c4:41:
         f7:23:3e:bf:8e:41:0e:4e:1c:04:3e:9f:e7:cd:60:4d:8d:bc:
         45:f9:c2:df:ce:e0:fd:c6:22:76:4e:eb:e8:ed:e4:81:14:8c:
         fa:0d:c4:51:2a:df:8d:e5:4b:f8:6a:19:44:33:d8:b0:69:64:
         46:52:0a:45:5e:95:45:cc:fc:ce:9a:23:b6:d1:13:6d:52:d8:
         ce:24:14:e4:62:02:99:35:36:02:85:98:57:21:7c:37:95:7d:
         cc:8a:c2:80:62:04:fa:d2:96:f4:88:d1:32:5c:69:d2:83:31:
         ac:db:f1:a1:8c:fe:ba:f5:47:86:24:41:80:ef:b6:c1:bb:d5:
         1f:ed:a1:b5:a0:82:78:ec:02:27:2d:82:a7:d4:6d:e7:c4:af:
         2c:ff:50:39:88:bc:90:b8:8f:18:28:bb:b2:3a:ce:b3:59:cf:
         9f:2a:58:dd:b1:f3:51:96:83:8a:47:dd:38:f1:ee:bb:4a:99:
         bb:86:7e:97:77:a2:21:22:f3:b8:02:1f:6f:a1:64:74:cc:95:
         40:73:60:49:2c:cb:84:bf:c9:34:ef:18:01:86:b0:81:14:32:
         92:a3:25:26:a4:57:23:d3:76:58:2e:11:ff:d9:8c:54:62:82:
         25:99:74:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNv65N/XCkHuKvV20ty2T8SeYgEowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTM0ZDY2MmQ2OWM0YWNiMDY0MTk3ZTE2NjUyMmRmMGVh
ZjI5MDI2NjAyZjNmMTY0N2Y3ODI3NGFhNzhlNzRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOKmPqCGnS7yUzCy/g5LTodJ/p7DqSFXHjnxAkfdHFGHvU
0SoqkZaZeCz86ra1dJ/ke7VLkUXGfF3q9rKF35XDYv4n63dQkiKZEfefi5hQixwo
t8bSbyOif2A3TzElhuGf2+h9vEaGP1zBYAvCg6ibsdu7YBHHwQFJ/W8DqcZ/Wlsk
JN8dW/Mty4G7cosBxCfuiE7l+H7BO/FGnsrFEyz4qkeq/07jnGM2DvYCOlyVyEEQ
hFX3b1blXN9Ti/Cw9A9P51xMDB20O6DT0Z3VABffzOG1Nxu9MozdL0A8A1vR1yG2
HdgW//4LHK5dCi35a7n3AnKCPxQE75zH+LfzDE0lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY9iu3Uu1Bti3c53txGyubJgcH7wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFmMGI2ZTEzLTg4MmEtNGU2ZC04YzY3LTE2NWE2YjJlZTU4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2xdAwDQYJKoZIhvcNAQELBQADggEBACBBgz2Y9yuBN/90StXd8yHEQfcj
Pr+OQQ5OHAQ+n+fNYE2NvEX5wt/O4P3GInZO6+jt5IEUjPoNxFEq343lS/hqGUQz
2LBpZEZSCkVelUXM/M6aI7bRE21S2M4kFORiApk1NgKFmFchfDeVfcyKwoBiBPrS
lvSI0TJcadKDMazb8aGM/rr1R4YkQYDvtsG71R/tobWggnjsAictgqfUbefEryz/
UDmIvJC4jxgou7I6zrNZz58qWN2x81GWg4pH3Tjx7rtKmbuGfpd3oiEi87gCH2+h
ZHTMlUBzYEksy4S/yTTvGAGGsIEUMpKjJSakVyPTdlguEf/ZjFRigiWZdFE=
-----END CERTIFICATE-----