Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa
File:                     21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa (raw, json)
Hash identifier:          dTvba6DS2H70PXIjuCjjxm/sYHzZ4ZUNsNVMYSrjvRU=
Subject key identifier:   40:1D:F4:F4:C9:7E:15:DC:87:1E:9C:03:70:B9:0A:8E:16:9C:54:1D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7A02CDE46D1470F2EBFAE7DF44D7787A560330EB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.146.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:02:cd:e4:6d:14:70:f2:eb:fa:e7:df:44:d7:78:7a:56:03:30:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:66:91:54:d0:d0:49:93:5e:93:40:5e:88:d8:
                    59:8e:b8:df:fa:88:91:c1:47:d5:13:f2:ae:32:71:
                    f1:f3:57:5e:7c:7a:bd:39:95:09:2f:50:d7:e2:4f:
                    11:e6:f5:12:06:ac:a2:b7:4e:ee:33:c1:f1:41:f8:
                    1e:b1:88:70:45:7a:a2:f3:ed:f9:31:c1:5b:55:eb:
                    3d:aa:65:da:f0:f1:c9:6a:76:19:c0:38:20:8d:33:
                    96:9a:75:1b:90:9a:91:bf:00:50:24:cb:47:2d:15:
                    4a:01:1b:fc:1b:68:25:a6:2e:5e:a0:00:eb:08:cd:
                    b9:13:ae:32:e5:f2:2e:01:e0:1c:0a:2b:86:9b:b5:
                    a6:e6:1c:b0:73:15:86:d3:cf:76:c7:f9:32:4f:54:
                    8f:a4:4b:32:0d:8b:91:fe:cc:6c:25:0e:cd:10:da:
                    c6:7b:9c:c8:a6:21:ee:61:ed:e3:f7:65:90:1b:a7:
                    38:2c:75:69:f5:c3:6f:42:f1:b1:33:5e:1d:1e:a0:
                    5c:ec:cd:70:9c:6a:4a:4a:31:3a:e3:bc:61:75:b7:
                    2e:19:6d:90:2b:0c:f5:8c:47:54:79:d3:93:1e:b3:
                    77:f5:fd:14:72:12:35:fc:28:54:ef:b7:8f:6b:d4:
                    39:44:97:58:53:e1:89:7f:cf:cf:e5:b7:79:eb:8d:
                    25:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1D:F4:F4:C9:7E:15:DC:87:1E:9C:03:70:B9:0A:8E:16:9C:54:1D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.146.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8d:2b:86:03:a8:05:0a:72:34:c5:e9:93:69:7e:2c:5d:2c:10:
         75:cc:e8:a2:17:ba:13:71:74:8e:13:0d:3f:13:a7:54:f1:2a:
         84:f5:ad:ab:4c:06:05:dd:79:72:45:4e:b7:12:4f:54:cf:06:
         fb:70:d9:65:6b:53:6f:f6:c3:be:bb:de:2c:5b:b5:7a:e8:4b:
         56:bb:f9:34:6e:29:04:54:d2:c4:2d:23:55:73:ad:3d:62:6f:
         f5:4f:ae:cb:70:39:e2:f6:2f:14:71:46:bb:24:0b:44:15:69:
         c7:a2:16:92:af:a3:7a:8e:f1:71:0f:e7:69:1b:ed:35:ef:0b:
         71:3c:92:d9:67:4a:a9:e5:c7:ea:6a:82:4a:b8:64:79:84:21:
         64:8b:f4:fb:ad:30:39:eb:ef:d3:66:4f:2f:a6:d8:3f:47:fc:
         01:30:33:73:eb:39:43:f8:74:ef:3e:b2:0d:3c:5e:6e:a2:2c:
         50:4c:ff:e8:f6:df:21:2f:30:7a:22:4a:a5:41:fb:7b:d8:4a:
         58:26:1a:e4:1c:31:5b:a3:45:db:aa:aa:a7:cb:ba:9a:d1:34:
         27:b2:dd:af:fb:95:b3:53:a3:82:b5:00:21:72:6e:51:dc:f8:
         0d:75:7c:59:5a:2e:93:12:4d:d4:97:b8:89:30:95:e4:23:8b:
         f4:1c:07:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUegLN5G0UcPLr+uffRNd4elYDMOswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzU0OGExNTRiMDU3YWYyNGUzMDFkYmFlNjRkMzU5YTZk
NDgzYWRlMDk5NmM1MmYxMjE2OGI0NjQ4YTI3MDQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWZpFU0NBJk16TQF6I2FmOuN/6iJHBR9UT8q4ycfHzV158
er05lQkvUNfiTxHm9RIGrKK3Tu4zwfFB+B6xiHBFeqLz7fkxwVtV6z2qZdrw8clq
dhnAOCCNM5aadRuQmpG/AFAky0ctFUoBG/wbaCWmLl6gAOsIzbkTrjLl8i4B4BwK
K4abtabmHLBzFYbTz3bH+TJPVI+kSzINi5H+zGwlDs0Q2sZ7nMimIe5h7eP3ZZAb
pzgsdWn1w29C8bEzXh0eoFzszXCcakpKMTrjvGF1ty4ZbZArDPWMR1R505Mes3f1
/RRyEjX8KFTvt49r1DlEl1hT4Yl/z8/lt3nrjSWxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQB309Ml+FdyHHpwDcLkKjhacVB0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIxMzY3ZGRkLWMyNDEtNDRhMi1hNmU2LTEzODdiMWUxZmM2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2kmAwDQYJKoZIhvcNAQELBQADggEBAI0rhgOoBQpyNMXpk2l+LF0sEHXM
6KIXuhNxdI4TDT8Tp1TxKoT1ratMBgXdeXJFTrcST1TPBvtw2WVrU2/2w7673ixb
tXroS1a7+TRuKQRU0sQtI1VzrT1ib/VPrstwOeL2LxRxRrskC0QVaceiFpKvo3qO
8XEP52kb7TXvC3E8ktlnSqnlx+pqgkq4ZHmEIWSL9PutMDnr79NmTy+m2D9H/AEw
M3PrOUP4dO8+sg08Xm6iLFBM/+j23yEvMHoiSqVB+3vYSlgmGuQcMVujRduqqqfL
uprRNCey3a/7lbNTo4K1ACFyblHc+A11fFlaLpMSTdSXuIkwleQji/QcB38=
-----END CERTIFICATE-----