Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa
File:                     3ad02644-60fe-41b8-bdc5-7402a3456a23.roa (raw, json)
Hash identifier:          rSRuzlvFpt6il3lNIUkjs1VHvl6MvJLu4Hef6bmuquU=
Subject key identifier:   B6:07:1A:E5:B7:F5:1E:A2:90:B9:20:AA:73:33:BB:57:67:CE:30:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7A5400EE3F34C2077403B361282DF2F3198AABB6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa
Signing time:             Fri 18 Apr 2025 15:30:29 +0000
ROA not before:           Fri 18 Apr 2025 15:30:29 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:54:00:ee:3f:34:c2:07:74:03:b3:61:28:2d:f2:f3:19:8a:ab:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 15:30:29 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=2c3e79004152fec3408a6ca87a94cdc1a2cb9f0f6a05e66125c8ddd15f7c2e8a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b7:81:a7:07:d6:28:ac:1d:5e:b9:71:d3:86:
                    f4:54:c1:d3:80:78:a5:0e:05:9a:6d:28:4d:a9:3d:
                    be:54:12:5c:90:50:8d:eb:ea:05:f4:03:02:24:5e:
                    ed:33:8f:91:23:42:46:87:bc:fd:f7:37:df:35:1f:
                    81:e3:b0:03:f6:e8:2a:52:bb:cd:27:6d:86:78:93:
                    a2:99:5e:84:2d:17:09:76:9a:20:f1:22:f3:97:1a:
                    3b:79:c2:1b:1a:98:9e:60:d9:91:0e:8c:9c:44:3c:
                    b6:cf:c9:53:ab:fa:96:5e:e5:7f:e5:b0:d5:b8:1d:
                    7d:e9:10:9b:e9:92:b2:94:d7:c4:2f:b4:43:b4:64:
                    a8:80:a9:be:4d:c1:10:2b:41:78:1a:7f:ce:01:c5:
                    3f:0e:15:d4:ba:ca:af:ac:86:e1:ab:01:75:20:13:
                    47:d6:94:aa:18:d7:b6:4a:64:d5:00:d6:4a:b1:aa:
                    0a:c0:fb:17:e9:56:b7:a5:b8:a4:68:08:84:68:6d:
                    80:e3:81:c0:75:ce:86:d8:f2:b8:90:9b:50:84:36:
                    a7:de:32:ad:57:43:0a:d6:5f:32:30:9b:0c:4c:50:
                    48:a4:be:55:e2:3a:96:92:68:01:a1:4d:9e:92:d0:
                    9c:52:a0:2b:9e:63:be:9c:a8:82:84:95:b6:07:1c:
                    04:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:07:1A:E5:B7:F5:1E:A2:90:B9:20:AA:73:33:BB:57:67:CE:30:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:a4:8c:32:9a:84:e5:59:34:90:e7:82:fd:ad:d6:87:83:8f:
         8d:61:35:04:04:75:ea:bb:7f:2a:b3:2e:68:82:86:af:15:52:
         2d:2f:30:f0:c9:3b:d6:8e:79:46:73:d7:fa:f6:c2:bb:72:77:
         9a:6b:88:e1:f8:ce:62:33:b7:c3:d9:d9:e1:c4:da:6b:e8:71:
         f2:3f:21:66:51:2e:9f:c6:60:7f:c9:ad:3b:53:f1:1a:2f:57:
         b1:ec:04:16:1c:6b:b7:89:dd:23:1f:07:96:d0:1b:d3:4f:59:
         e9:4f:46:ba:e0:50:bf:90:d2:66:b9:a1:f7:59:ca:7e:3c:0f:
         b4:7b:66:02:b7:e2:ab:a8:5b:9a:0e:6f:fc:94:b5:5e:1c:ac:
         6f:a4:b0:3b:f3:6c:7b:d9:6f:e4:10:a9:60:81:8e:5c:37:0a:
         7f:db:76:40:7c:20:80:be:3a:ca:3c:15:48:90:cf:70:1b:64:
         ec:b9:25:70:36:4a:f1:06:83:81:97:ce:de:70:93:d0:fd:3c:
         a2:b6:bd:12:0b:1e:58:50:3a:86:0b:00:53:14:f0:bd:6d:c7:
         d2:d4:46:d8:83:1e:96:91:e3:16:9b:32:04:59:d1:ae:5b:57:
         27:23:f7:aa:47:54:f4:6b:d8:5d:f3:d0:f5:b3:7e:7b:b9:fd:
         d9:d3:8f:17
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUelQA7j80wgd0A7NhKC3y8xmKq7YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTUzMDI5WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzNlNzkwMDQxNTJmZWMzNDA4YTZjYTg3YTk0Y2RjMWEy
Y2I5ZjBmNmEwNWU2NjEyNWM4ZGRkMTVmN2MyZThhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLt4GnB9YorB1euXHThvRUwdOAeKUOBZptKE2pPb5UElyQ
UI3r6gX0AwIkXu0zj5EjQkaHvP33N981H4HjsAP26CpSu80nbYZ4k6KZXoQtFwl2
miDxIvOXGjt5whsamJ5g2ZEOjJxEPLbPyVOr+pZe5X/lsNW4HX3pEJvpkrKU18Qv
tEO0ZKiAqb5NwRArQXgaf84BxT8OFdS6yq+shuGrAXUgE0fWlKoY17ZKZNUA1kqx
qgrA+xfpVreluKRoCIRobYDjgcB1zobY8riQm1CENqfeMq1XQwrWXzIwmwxMUEik
vlXiOpaSaAGhTZ6S0JxSoCueY76cqIKElbYHHAR5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtgca5bf1HqKQuSCqczO7V2fOMPcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhZDAyNjQ0LTYwZmUtNDFiOC1iZGM1LTc0MDJhMzQ1NmEyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XpMwDQYJKoZIhvcNAQELBQADggEBAIWkjDKahOVZNJDngv2t1oeDj41h
NQQEdeq7fyqzLmiChq8VUi0vMPDJO9aOeUZz1/r2wrtyd5priOH4zmIzt8PZ2eHE
2mvocfI/IWZRLp/GYH/JrTtT8RovV7HsBBYca7eJ3SMfB5bQG9NPWelPRrrgUL+Q
0ma5ofdZyn48D7R7ZgK34quoW5oOb/yUtV4crG+ksDvzbHvZb+QQqWCBjlw3Cn/b
dkB8IIC+Oso8FUiQz3AbZOy5JXA2SvEGg4GXzt5wk9D9PKK2vRILHlhQOoYLAFMU
8L1tx9LURtiDHpaR4xabMgRZ0a5bVycj96pHVPRr2F3z0PWzfnu5/dnTjxc=
-----END CERTIFICATE-----