Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2977b60b-b2d9-4d0f-a727-0112619219c9.roa
File:                     2977b60b-b2d9-4d0f-a727-0112619219c9.roa (raw, json)
Hash identifier:          HvRm1f5BdCVqMD4VdoFpLey6Ktp9PzjZ8IzuiIJ+Ig4=
Subject key identifier:   E5:C2:87:80:30:22:5B:87:43:0B:D8:71:8C:D8:46:96:A2:B8:A5:3B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       493A6E0CC8DA21290FECA2E2A6E4AE9A5700E246
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2977b60b-b2d9-4d0f-a727-0112619219c9.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.224.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:3a:6e:0c:c8:da:21:29:0f:ec:a2:e2:a6:e4:ae:9a:57:00:e2:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:58:9a:16:9e:81:0a:ff:a1:10:e9:08:72:65:
                    b3:19:f4:d4:81:89:b9:97:d8:73:63:3c:24:3e:a2:
                    9c:67:66:07:3c:6f:dd:dc:93:e9:54:b3:7a:21:0a:
                    8c:f4:f7:a2:8e:b5:b1:63:af:2a:af:c9:76:d8:20:
                    dd:7a:4b:60:16:fe:2b:aa:58:cc:6d:4e:8e:e8:25:
                    45:3e:d5:11:68:01:e4:4b:54:55:16:b6:67:d7:7c:
                    42:9b:ac:74:94:66:7e:80:a1:46:10:3e:b4:bd:83:
                    21:4f:fd:a3:9b:a9:22:23:a6:d3:28:ad:92:9e:3c:
                    03:49:30:21:1d:0d:f5:f5:57:29:d8:07:f5:b3:d8:
                    6d:d9:e4:ea:d1:c6:e7:c8:37:a3:f9:9b:4b:18:74:
                    15:d8:90:2f:47:43:a8:d9:97:34:e5:e4:2b:91:9c:
                    c4:aa:9a:4f:cd:c7:68:2c:ec:ff:1d:ef:43:75:e9:
                    94:5d:9f:8a:31:e6:3b:a0:83:5a:3e:1e:6e:ce:9c:
                    11:88:89:f4:d7:33:9e:5e:ae:c5:1a:97:c3:09:15:
                    6e:d1:40:24:58:4e:dd:8f:5a:85:d4:67:da:4a:b5:
                    21:8c:fe:8b:87:7c:a7:55:3c:c7:52:16:3c:9d:90:
                    c5:1a:5d:93:d8:15:69:d6:fd:f4:6e:4c:fd:83:ed:
                    49:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C2:87:80:30:22:5B:87:43:0B:D8:71:8C:D8:46:96:A2:B8:A5:3B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2977b60b-b2d9-4d0f-a727-0112619219c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.224.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:76:1e:3d:c5:14:6e:74:f5:d1:23:eb:e4:3d:8f:20:0a:e6:
         a9:7e:a9:07:ac:22:64:61:e3:b3:22:6d:a7:2a:6e:cc:af:54:
         58:03:4b:a4:7f:32:92:e6:07:98:82:99:55:e0:89:07:cb:41:
         9f:81:b4:3f:7c:c1:1e:90:74:14:67:82:c5:93:f0:8d:d1:87:
         2c:02:a9:9e:79:ed:6c:ac:4a:ab:95:85:fa:fb:20:25:68:3a:
         bb:27:af:f8:f4:78:e1:1a:76:68:02:c8:f0:68:a2:1c:21:bd:
         3b:09:f2:cd:94:36:02:21:7b:90:97:db:e5:f9:28:a0:39:02:
         28:c3:8e:03:e3:ed:1c:7b:fb:03:60:23:70:e4:40:f2:9c:7d:
         ac:c1:d2:11:95:43:5e:eb:b9:d9:9f:69:f5:a1:c1:35:96:59:
         e6:f9:7b:c1:a9:10:7c:e2:56:f4:cb:b5:95:d8:42:2d:89:37:
         0f:bd:6d:1c:81:dc:9c:6f:87:7c:c5:5d:e9:e3:b1:59:e4:ba:
         f8:80:e0:b8:ac:d0:f2:89:a6:39:24:3c:50:45:ab:fc:d5:3e:
         0c:85:a2:fe:bd:f8:59:80:55:d0:62:9f:f5:31:2c:89:5a:35:
         21:9f:bc:e3:ab:f6:82:6a:e2:91:21:0f:1b:48:3f:16:06:4d:
         7e:1d:48:70
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSTpuDMjaISkP7KLipuSumlcA4kYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWZiMzg2MDdkNGY1MjZkNGRmNzE5MTA0MDE5YzVhYmFk
MjA0OTM5MDA3MDBhZWE2YzI0M2I1YjcxMTk0Nzg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvWJoWnoEK/6EQ6QhyZbMZ9NSBibmX2HNjPCQ+opxnZgc8
b93ck+lUs3ohCoz096KOtbFjryqvyXbYIN16S2AW/iuqWMxtTo7oJUU+1RFoAeRL
VFUWtmfXfEKbrHSUZn6AoUYQPrS9gyFP/aObqSIjptMorZKePANJMCEdDfX1VynY
B/Wz2G3Z5OrRxufIN6P5m0sYdBXYkC9HQ6jZlzTl5CuRnMSqmk/Nx2gs7P8d70N1
6ZRdn4ox5jugg1o+Hm7OnBGIifTXM55ersUal8MJFW7RQCRYTt2PWoXUZ9pKtSGM
/ouHfKdVPMdSFjydkMUaXZPYFWnW/fRuTP2D7UlNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5cKHgDAiW4dDC9hxjNhGlqK4pTswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5NzdiNjBiLWIyZDktNGQwZi1hNzI3LTAxMTI2MTkyMTljOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA24DANBgkqhkiG9w0BAQsFAAOCAQEAWHYePcUUbnT10SPr5D2PIArmqX6p
B6wiZGHjsyJtpypuzK9UWANLpH8ykuYHmIKZVeCJB8tBn4G0P3zBHpB0FGeCxZPw
jdGHLAKpnnntbKxKq5WF+vsgJWg6uyev+PR44Rp2aALI8GiiHCG9OwnyzZQ2AiF7
kJfb5fkooDkCKMOOA+PtHHv7A2AjcORA8px9rMHSEZVDXuu52Z9p9aHBNZZZ5vl7
wakQfOJW9Mu1ldhCLYk3D71tHIHcnG+HfMVd6eOxWeS6+IDguKzQ8ommOSQ8UEWr
/NU+DIWi/r34WYBV0GKf9TEsiVo1IZ+846v2gmrikSEPG0g/FgZNfh1IcA==
-----END CERTIFICATE-----