Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa
File:                     3ad02644-60fe-41b8-bdc5-7402a3456a23.roa (raw, json)
Hash identifier:          ikw8CsFTaVqwxeVGrDFiIS0mkJc4FAw3VlQHSI6lJ00=
Subject key identifier:   5D:08:B6:C1:24:1A:25:03:8F:10:93:71:8E:22:83:7B:D2:77:64:FD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42D6214C677CF69F7041DAAC4A410A42F23AED23
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d6:21:4c:67:7c:f6:9f:70:41:da:ac:4a:41:0a:42:f2:3a:ed:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b5:f6:34:fc:4f:71:71:ec:e9:5d:30:88:2a:
                    f7:3c:10:87:ed:f4:29:ee:f8:b6:0c:2a:91:fa:d9:
                    ce:b5:38:e8:d3:d4:5a:df:5d:de:d5:db:90:bb:7e:
                    45:89:f0:c1:06:83:52:3a:e3:c3:44:30:dd:3b:57:
                    78:17:49:ea:c1:c0:28:1e:e7:c4:27:36:49:1f:98:
                    33:c3:77:5c:b0:09:48:8c:2d:00:32:e6:0c:7e:2e:
                    5b:f7:37:d9:de:1e:56:c2:e4:96:51:f9:8e:ea:a6:
                    57:28:d9:fc:37:78:48:d4:13:be:1b:37:7b:e8:b0:
                    40:5a:d3:8a:b5:5d:b2:42:0a:dc:2f:67:6a:70:ab:
                    95:d1:f7:91:dc:40:94:78:5c:08:d1:b4:14:48:c9:
                    24:80:a5:fc:f0:fa:2a:f1:8d:56:3c:69:67:5d:d0:
                    0d:e0:04:b4:5a:7e:a7:e4:64:e5:f5:81:7b:8f:36:
                    0f:6c:d3:ed:8b:c8:bc:14:05:cf:a8:be:92:81:42:
                    5c:2a:e9:69:aa:d6:9e:c1:e2:48:10:3b:d6:93:43:
                    25:d2:8c:ce:f4:6f:37:ad:73:f9:ab:a4:af:e6:06:
                    23:79:39:cd:2f:7b:ba:35:10:a5:ad:05:6d:e3:19:
                    c3:82:eb:34:d8:c9:d9:da:81:ce:7f:01:d0:ec:34:
                    44:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:08:B6:C1:24:1A:25:03:8F:10:93:71:8E:22:83:7B:D2:77:64:FD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:44:3e:80:a3:9e:68:56:40:55:6f:65:61:a7:5c:c9:07:15:
         50:00:72:e0:b0:d1:f8:68:8e:dd:ab:7c:26:35:58:ab:b7:17:
         f9:87:b8:a9:d0:4f:21:da:b3:8d:7f:25:42:53:dd:9c:50:d9:
         dd:0c:2a:11:1e:d1:38:26:d5:e4:6e:1e:aa:26:be:55:6a:9a:
         33:5b:2b:97:f0:ce:62:06:a9:7b:00:33:dd:3a:7f:61:c2:5a:
         da:31:c7:21:95:d2:90:c2:76:1c:ce:f3:6a:4b:45:e4:ec:e3:
         37:56:09:c5:13:db:7a:61:d8:3f:32:f2:5e:21:82:e2:70:8c:
         3a:35:23:a3:f9:11:e5:c8:29:e6:4a:a7:75:c1:70:4e:f4:ce:
         b8:d1:bf:0f:7e:79:f8:2c:54:c9:16:f4:d7:e8:b0:b8:65:07:
         1f:8f:f3:b4:b2:c5:41:ea:0a:59:2e:1b:e2:86:6a:02:60:bd:
         e1:92:80:7d:7d:a8:55:df:d8:c6:b9:bf:74:ee:7e:6e:3d:3c:
         9e:fd:72:06:ad:2c:a5:10:8c:61:58:f8:4a:48:42:53:b1:07:
         ce:97:aa:2c:5a:5c:fc:d3:66:6f:95:b0:2f:ef:e2:a7:c1:f8:
         c5:63:5c:bc:af:41:82:13:b5:0c:a4:57:9c:5e:bb:9c:78:3d:
         fc:83:13:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQtYhTGd89p9wQdqsSkEKQvI67SMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTAwM2ZhODBjY2Q2ZDYxNjVmN2RlMjNkOTlhYmJiNzhj
YWY3MzAxZWQ2NjcyZjc1YTIwYTQwNDc3MjljNDExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDytfY0/E9xcezpXTCIKvc8EIft9Cnu+LYMKpH62c61OOjT
1FrfXd7V25C7fkWJ8MEGg1I648NEMN07V3gXSerBwCge58QnNkkfmDPDd1ywCUiM
LQAy5gx+Llv3N9neHlbC5JZR+Y7qplco2fw3eEjUE74bN3vosEBa04q1XbJCCtwv
Z2pwq5XR95HcQJR4XAjRtBRIySSApfzw+irxjVY8aWdd0A3gBLRafqfkZOX1gXuP
Ng9s0+2LyLwUBc+ovpKBQlwq6Wmq1p7B4kgQO9aTQyXSjM70bzetc/mrpK/mBiN5
Oc0ve7o1EKWtBW3jGcOC6zTYydnagc5/AdDsNETFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXQi2wSQaJQOPEJNxjiKDe9J3ZP0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhZDAyNjQ0LTYwZmUtNDFiOC1iZGM1LTc0MDJhMzQ1NmEyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XpMwDQYJKoZIhvcNAQELBQADggEBAH5EPoCjnmhWQFVvZWGnXMkHFVAA
cuCw0fhojt2rfCY1WKu3F/mHuKnQTyHas41/JUJT3ZxQ2d0MKhEe0Tgm1eRuHqom
vlVqmjNbK5fwzmIGqXsAM906f2HCWtoxxyGV0pDCdhzO82pLReTs4zdWCcUT23ph
2D8y8l4hguJwjDo1I6P5EeXIKeZKp3XBcE70zrjRvw9+efgsVMkW9NfosLhlBx+P
87SyxUHqClkuG+KGagJgveGSgH19qFXf2Ma5v3Tufm49PJ79cgatLKUQjGFY+EpI
QlOxB86XqixaXPzTZm+VsC/v4qfB+MVjXLyvQYITtQykV5xeu5x4PfyDEyg=
-----END CERTIFICATE-----