Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c5f4c5e-740b-46ae-a76c-428c13bd4885.roa
File:                     2c5f4c5e-740b-46ae-a76c-428c13bd4885.roa (raw, json)
Hash identifier:          pdJdFy8YKVgcOFlxQp0Zyz/coEbFYsqs5VzgBfIBUtg=
Subject key identifier:   C1:1B:3F:AD:79:B0:13:E0:9F:B0:65:6C:64:18:82:A2:4C:5C:C6:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       397AF3B175B9C760DE640A883F957F26515729ED
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c5f4c5e-740b-46ae-a76c-428c13bd4885.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.92.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:7a:f3:b1:75:b9:c7:60:de:64:0a:88:3f:95:7f:26:51:57:29:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b4:60:06:c4:99:09:69:12:51:d4:a4:f9:2b:
                    20:6c:e9:06:71:93:f8:e3:1a:e5:f0:8d:76:a0:d7:
                    d3:81:ed:05:0f:51:83:2f:5f:4e:e5:0b:e5:79:b0:
                    f6:d8:8a:b5:1a:b4:3e:a5:79:82:a6:e1:cc:fb:15:
                    7e:3e:29:43:cb:c4:37:e7:4d:65:a1:a3:7a:88:8b:
                    29:27:26:13:cf:e6:df:18:68:c5:1c:f0:1d:44:7a:
                    bf:a1:a1:1f:30:c4:3c:f6:81:fe:51:3a:b7:09:5d:
                    97:df:4a:96:78:6c:99:a7:e0:87:5e:31:1a:40:b9:
                    d2:65:f5:08:90:e2:db:60:c0:8f:ef:71:20:b6:18:
                    4c:a9:7c:05:41:b5:86:5a:28:f1:e1:0f:8e:72:f3:
                    ad:73:c3:90:f2:3d:6a:8f:91:26:19:70:9b:91:5a:
                    5f:56:cf:37:e1:29:e5:1e:f7:c8:58:e1:62:26:20:
                    60:db:2b:5a:1a:36:44:3f:08:86:76:38:13:23:16:
                    71:37:42:ed:70:99:f0:7c:c1:77:15:f4:fd:ae:3e:
                    36:75:0c:99:98:a3:eb:16:f7:8c:f4:e9:f0:f6:a5:
                    4a:8d:f5:50:79:7d:f2:9f:d0:33:81:bb:dd:9c:6b:
                    f6:f8:4a:55:3f:02:60:23:55:90:06:28:da:d9:ed:
                    0d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1B:3F:AD:79:B0:13:E0:9F:B0:65:6C:64:18:82:A2:4C:5C:C6:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c5f4c5e-740b-46ae-a76c-428c13bd4885.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.92.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         68:cb:0d:92:b6:84:54:19:b3:e1:82:9b:0c:c8:59:25:8a:7f:
         22:f1:68:77:4d:4b:65:5b:5f:e5:66:37:43:aa:1c:26:71:58:
         df:cd:2d:95:34:1a:db:67:e5:57:72:e4:fa:e0:db:12:7d:77:
         49:2b:88:f0:af:cc:d4:28:9d:05:81:6c:7b:fa:19:79:bd:d6:
         48:66:18:e8:52:34:42:43:9e:34:b7:a1:e4:33:3c:d5:ac:95:
         ab:cc:03:03:87:a8:60:22:59:27:4a:95:f6:44:90:4e:76:ef:
         4d:73:6d:cf:0c:88:dd:a4:e9:24:32:43:7f:fe:f1:f5:2c:95:
         bb:83:c7:13:e1:a9:9c:4d:53:f9:37:e8:94:ca:e7:26:da:12:
         b6:d4:0d:2b:c5:73:a9:84:54:26:3a:c3:ee:e7:93:af:c3:83:
         28:a5:75:be:39:04:76:a2:2f:89:80:c5:1e:5b:4d:af:fd:24:
         69:5f:9c:5a:62:f9:31:c1:6c:25:04:86:14:2f:96:c7:ac:cf:
         a0:66:18:3b:f3:ea:98:3f:6e:87:6e:b7:13:04:96:ac:b6:7f:
         d7:f4:fc:8d:57:26:e8:9f:ae:12:db:23:c2:73:8c:48:b5:28:
         3b:05:91:25:e7:81:99:60:cc:0a:24:c2:36:3b:47:b6:37:11:
         f9:48:81:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOXrzsXW5x2DeZAqIP5V/JlFXKe0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjM3MTg3OWU0NjczNjhhZjQ0NThiOTk3NzYzMzRkOWM4
OGU4MDNmYWExYTc3OTEyN2ZiYzIzNjI2OTZmNWQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCstGAGxJkJaRJR1KT5KyBs6QZxk/jjGuXwjXag19OB7QUP
UYMvX07lC+V5sPbYirUatD6leYKm4cz7FX4+KUPLxDfnTWWho3qIiyknJhPP5t8Y
aMUc8B1Eer+hoR8wxDz2gf5ROrcJXZffSpZ4bJmn4IdeMRpAudJl9QiQ4ttgwI/v
cSC2GEypfAVBtYZaKPHhD45y861zw5DyPWqPkSYZcJuRWl9WzzfhKeUe98hY4WIm
IGDbK1oaNkQ/CIZ2OBMjFnE3Qu1wmfB8wXcV9P2uPjZ1DJmYo+sW94z06fD2pUqN
9VB5ffKf0DOBu92ca/b4SlU/AmAjVZAGKNrZ7Q0DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwRs/rXmwE+CfsGVsZBiCokxcxoAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjNWY0YzVlLTc0MGItNDZhZS1hNzZjLTQyOGMxM2JkNDg4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2XAAwDQYJKoZIhvcNAQELBQADggEBAGjLDZK2hFQZs+GCmwzIWSWKfyLx
aHdNS2VbX+VmN0OqHCZxWN/NLZU0Gttn5Vdy5Prg2xJ9d0kriPCvzNQonQWBbHv6
GXm91khmGOhSNEJDnjS3oeQzPNWslavMAwOHqGAiWSdKlfZEkE52701zbc8MiN2k
6SQyQ3/+8fUslbuDxxPhqZxNU/k36JTK5ybaErbUDSvFc6mEVCY6w+7nk6/Dgyil
db45BHaiL4mAxR5bTa/9JGlfnFpi+THBbCUEhhQvlsesz6BmGDvz6pg/bodutxME
lqy2f9f0/I1XJuifrhLbI8JzjEi1KDsFkSXngZlgzAokwjY7R7Y3EflIgaI=
-----END CERTIFICATE-----