Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ab011af-fada-4c8e-b056-1a9dfdb769da.roa
File:                     3ab011af-fada-4c8e-b056-1a9dfdb769da.roa (raw, json)
Hash identifier:          4ulpMqAKTj4AFvPZFdP94YAHTRVpHQfExDuZvpOybQU=
Subject key identifier:   3B:2D:18:8C:70:B0:96:F7:87:D6:9E:A0:80:02:D0:49:23:EF:CB:7F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       46BA5FE850D6A094E9A9DE9C603166DA423E7F4A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ab011af-fada-4c8e-b056-1a9dfdb769da.roa
Signing time:             Wed 21 May 2025 00:31:25 +0000
ROA not before:           Wed 21 May 2025 00:31:25 +0000
ROA not after:            Wed 25 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:ba:5f:e8:50:d6:a0:94:e9:a9:de:9c:60:31:66:da:42:3e:7f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 21 00:31:25 2025 GMT
            Not After : Jun 25 23:59:59 2025 GMT
        Subject: serialNumber=5600adb98ca5eccae2484a3522289c85f34c3a82a3d22fc0aab6f4bb189f9f9a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6e:84:97:cf:7c:26:58:96:32:ab:67:8c:20:
                    7c:2c:cb:6f:55:95:3b:b4:28:b2:89:75:b4:16:73:
                    ec:e2:71:df:1b:70:b6:20:81:bb:01:1b:02:66:10:
                    7e:ab:32:24:e7:e5:74:f1:c6:22:c2:3a:f3:2c:f7:
                    e4:29:c2:4e:f7:fd:cd:cb:82:5b:ad:d4:fb:a7:d0:
                    16:43:50:23:09:f4:17:2e:f1:a0:1a:03:2d:14:c3:
                    59:2a:79:8e:64:d3:1e:ab:31:e7:d4:c5:12:c1:a8:
                    ef:fa:eb:2d:ad:4b:fc:ee:8c:56:6b:4f:4f:c5:ec:
                    b5:2d:4b:c2:f7:73:cd:b6:93:ad:87:b0:88:f3:b0:
                    d5:a0:7d:c1:71:91:8c:f7:dd:75:b1:87:45:62:9a:
                    5c:c1:ea:9a:0b:ae:28:c0:6e:2c:1f:a3:1e:59:9c:
                    ff:76:f3:db:aa:62:7a:bd:1a:22:81:05:5f:af:eb:
                    1a:e0:31:d1:0e:19:c5:d0:70:69:9f:74:48:f2:03:
                    1d:07:a4:b2:90:b4:b8:61:5b:19:d6:cc:75:51:7f:
                    a1:76:ad:20:ba:b4:ae:a3:20:43:81:ab:7f:39:b0:
                    44:c2:9d:dc:87:67:8b:3f:5b:8c:9f:d5:f2:83:72:
                    06:93:dd:8b:9e:5f:ad:82:ae:d8:84:20:d8:f8:39:
                    55:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:2D:18:8C:70:B0:96:F7:87:D6:9E:A0:80:02:D0:49:23:EF:CB:7F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ab011af-fada-4c8e-b056-1a9dfdb769da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4e:39:56:01:a5:2e:03:c8:41:27:11:a8:03:c5:45:27:80:bb:
         4a:19:e0:d1:d0:a4:ab:bc:c8:5c:55:87:fa:42:01:b5:71:66:
         93:eb:39:9c:6e:82:c9:56:ca:61:56:9e:17:20:4e:53:52:6c:
         be:03:31:15:3e:53:25:73:79:57:dd:9e:54:58:05:17:a0:3f:
         80:cc:d1:d3:b3:29:78:02:42:eb:65:36:f6:d5:de:a9:1e:79:
         a9:19:e7:d2:2c:20:12:a7:76:57:1c:56:e7:ec:e5:bc:18:81:
         65:7c:04:90:51:22:13:80:09:b3:75:d7:63:4e:1d:68:e1:c7:
         7a:0b:e5:d0:07:8c:60:0f:0a:0b:4c:a7:ee:b8:67:a2:30:e1:
         10:05:64:a2:62:af:bd:58:95:39:e8:e7:d6:f2:95:ec:c3:75:
         93:24:0b:ff:78:04:0d:8b:ab:45:12:f1:0a:f9:68:dd:64:27:
         b0:95:1b:7a:e9:e1:5c:fe:a0:b8:43:a4:0b:64:cc:30:09:f1:
         7e:aa:75:f0:72:33:d3:f3:53:21:8e:ce:0c:d8:3c:f0:ab:55:
         19:41:e3:0c:0a:ad:01:9b:19:45:66:40:c1:4b:b1:bd:5f:c4:
         c8:08:cb:9b:3e:93:15:3a:4c:4d:83:7c:18:7c:ba:6b:52:6b:
         1f:31:36:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURrpf6FDWoJTpqd6cYDFm2kI+f0owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIxMDAzMTI1WhcNMjUwNjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjAwYWRiOThjYTVlY2NhZTI0ODRhMzUyMjI4OWM4NWYz
NGMzYTgyYTNkMjJmYzBhYWI2ZjRiYjE4OWY5ZjlhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxboSXz3wmWJYyq2eMIHwsy29VlTu0KLKJdbQWc+zicd8b
cLYggbsBGwJmEH6rMiTn5XTxxiLCOvMs9+Qpwk73/c3Lglut1Pun0BZDUCMJ9Bcu
8aAaAy0Uw1kqeY5k0x6rMefUxRLBqO/66y2tS/zujFZrT0/F7LUtS8L3c822k62H
sIjzsNWgfcFxkYz33XWxh0VimlzB6poLrijAbiwfox5ZnP9289uqYnq9GiKBBV+v
6xrgMdEOGcXQcGmfdEjyAx0HpLKQtLhhWxnWzHVRf6F2rSC6tK6jIEOBq385sETC
ndyHZ4s/W4yf1fKDcgaT3YueX62CrtiEINj4OVV/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOy0YjHCwlveH1p6ggALQSSPvy38wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhYjAxMWFmLWZhZGEtNGM4ZS1iMDU2LTFhOWRmZGI3NjlkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM0d+AwDQYJKoZIhvcNAQELBQADggEBAE45VgGlLgPIQScRqAPFRSeAu0oZ
4NHQpKu8yFxVh/pCAbVxZpPrOZxugslWymFWnhcgTlNSbL4DMRU+UyVzeVfdnlRY
BRegP4DM0dOzKXgCQutlNvbV3qkeeakZ59IsIBKndlccVufs5bwYgWV8BJBRIhOA
CbN112NOHWjhx3oL5dAHjGAPCgtMp+64Z6Iw4RAFZKJir71YlTno59bylezDdZMk
C/94BA2Lq0US8Qr5aN1kJ7CVG3rp4Vz+oLhDpAtkzDAJ8X6qdfByM9PzUyGOzgzY
PPCrVRlB4wwKrQGbGUVmQMFLsb1fxMgIy5s+kxU6TE2DfBh8umtSax8xNjU=
-----END CERTIFICATE-----