Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22586366-872a-4037-9f6a-47cc45bc4ab9.roa
File:                     22586366-872a-4037-9f6a-47cc45bc4ab9.roa (raw, json)
Hash identifier:          lXvkpcznhNKvwqu4bJfVqbngCCGjXOiusC2LQLUGp94=
Subject key identifier:   FB:E5:8B:69:4F:C0:C7:83:7C:05:7E:80:9F:83:AA:DA:3A:AC:F2:9D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       333B79CBE62052BBA91C18F5EEE08E9E57D40DEF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22586366-872a-4037-9f6a-47cc45bc4ab9.roa
Signing time:             Mon 30 Jun 2025 17:40:09 +0000
ROA not before:           Mon 30 Jun 2025 17:40:09 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.219.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:3b:79:cb:e6:20:52:bb:a9:1c:18:f5:ee:e0:8e:9e:57:d4:0d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 17:40:09 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=e80f6df4488e38aab5299be19d150b4d5b3d78d8cf99796381444e7aeeaa1b21, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:52:4b:e0:a6:e5:87:78:d4:ae:b3:91:29:0a:
                    23:e9:a0:5b:e4:6f:3d:aa:70:ff:6d:ab:e4:3c:b4:
                    93:b8:c3:4e:7d:4a:13:0e:b6:db:48:81:43:78:c1:
                    7e:85:b4:29:a0:4e:b7:1a:19:4d:43:cd:ad:f1:e4:
                    c5:9d:3e:0b:6c:1e:a4:34:63:cd:dd:47:f2:be:15:
                    6c:8b:b1:6c:55:0a:95:35:0a:5b:23:86:0d:d0:67:
                    37:0b:8a:28:b7:f3:db:e7:a3:bc:cf:a8:5b:68:ab:
                    68:39:e5:6d:1b:f3:08:a4:67:b8:92:68:89:40:a8:
                    1b:89:bf:0e:4c:0c:14:95:f8:1d:31:7b:bd:a5:43:
                    1d:af:5e:8c:1c:94:c5:9f:f6:27:e2:21:5f:b3:b1:
                    a6:f1:c2:8b:4d:67:e7:86:e4:2d:2d:2d:20:13:7b:
                    55:cf:51:2b:1e:e7:cc:87:6c:ef:35:ad:bd:bf:a2:
                    ae:fe:ef:0a:fa:d7:d3:3d:cf:2c:ff:a3:4e:74:5f:
                    0f:13:4c:a1:0a:14:b4:98:53:a8:20:dc:7f:89:62:
                    7b:51:78:eb:c4:0e:58:44:4a:dc:0f:eb:78:47:84:
                    4e:89:b4:50:df:0a:22:3f:0c:49:1c:59:41:47:64:
                    19:ec:26:45:c3:b8:37:9c:85:9c:92:68:37:f0:81:
                    2d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:E5:8B:69:4F:C0:C7:83:7C:05:7E:80:9F:83:AA:DA:3A:AC:F2:9D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22586366-872a-4037-9f6a-47cc45bc4ab9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.219.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         05:4e:e3:ec:fc:ff:5c:ad:70:57:ae:8f:42:bc:c7:3d:57:36:
         0c:9a:88:63:ba:1a:89:72:26:63:a2:26:d9:a7:c0:1d:c2:06:
         f6:a6:d2:2a:c1:c8:91:de:cd:a2:34:7f:de:7b:9c:bc:f9:16:
         e9:7a:fb:7b:e2:62:63:01:e2:e9:fd:c2:00:e0:28:41:36:f0:
         1f:40:91:df:16:bf:be:f5:c0:8e:6c:08:e4:6e:48:51:1d:86:
         de:e3:00:ac:af:e9:df:59:9c:15:52:96:1e:6b:09:84:f6:14:
         63:bd:7f:56:e1:93:1e:98:5e:a1:bf:ef:cb:f2:72:75:78:c0:
         da:73:3e:be:34:4b:ff:dc:a3:61:42:e3:ec:72:5f:55:f4:a1:
         d7:69:0d:b7:49:98:44:b7:be:00:5d:00:38:7c:db:15:42:b3:
         d4:b9:05:f0:4f:3f:7d:32:15:68:58:9c:90:c5:86:5d:6c:59:
         b6:b6:05:f0:3a:09:e7:e8:12:0d:fa:8c:d1:b5:09:90:a3:d6:
         29:25:dd:26:22:42:32:43:5a:6a:21:56:96:dc:42:87:41:4b:
         a4:55:8c:2d:fa:33:0a:09:b2:49:f5:52:21:23:2f:77:8b:b6:
         9e:39:8b:60:28:12:52:77:6b:73:c9:4c:f0:23:5c:c8:03:a7:
         ee:2b:98:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMzt5y+YgUrupHBj17uCOnlfUDe8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTc0MDA5WhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODBmNmRmNDQ4OGUzOGFhYjUyOTliZTE5ZDE1MGI0ZDVi
M2Q3OGQ4Y2Y5OTc5NjM4MTQ0NGU3YWVlYWExYjIxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNUkvgpuWHeNSus5EpCiPpoFvkbz2qcP9tq+Q8tJO4w059
ShMOtttIgUN4wX6FtCmgTrcaGU1Dza3x5MWdPgtsHqQ0Y83dR/K+FWyLsWxVCpU1
Clsjhg3QZzcLiii389vno7zPqFtoq2g55W0b8wikZ7iSaIlAqBuJvw5MDBSV+B0x
e72lQx2vXowclMWf9ifiIV+zsabxwotNZ+eG5C0tLSATe1XPUSse58yHbO81rb2/
oq7+7wr619M9zyz/o050Xw8TTKEKFLSYU6gg3H+JYntReOvEDlhEStwP63hHhE6J
tFDfCiI/DEkcWUFHZBnsJkXDuDechZySaDfwgS2BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU++WLaU/Ax4N8BX6An4Oq2jqs8p0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIyNTg2MzY2LTg3MmEtNDAzNy05ZjZhLTQ3Y2M0NWJjNGFiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY224AwDQYJKoZIhvcNAQELBQADggEBAAVO4+z8/1ytcFeuj0K8xz1XNgya
iGO6GolyJmOiJtmnwB3CBvam0irByJHezaI0f957nLz5Ful6+3viYmMB4un9wgDg
KEE28B9Akd8Wv771wI5sCORuSFEdht7jAKyv6d9ZnBVSlh5rCYT2FGO9f1bhkx6Y
XqG/78vycnV4wNpzPr40S//co2FC4+xyX1X0oddpDbdJmES3vgBdADh82xVCs9S5
BfBPP30yFWhYnJDFhl1sWba2BfA6CefoEg36jNG1CZCj1ikl3SYiQjJDWmohVpbc
QodBS6RVjC36MwoJskn1UiEjL3eLtp45i2AoElJ3a3PJTPAjXMgDp+4rmL0=
-----END CERTIFICATE-----