Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4be5bf81-7974-4cac-8621-0cce3471aa2b.roa
File:                     4be5bf81-7974-4cac-8621-0cce3471aa2b.roa (raw, json)
Hash identifier:          5JTiG5DXhajN83TOgvmnVskcnqBmKCiZPhUKFGHpmgw=
Subject key identifier:   1D:8E:C3:1B:9C:59:90:DB:53:A2:6C:19:4D:F9:5B:AD:37:EA:72:E6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6341B625A699E13C1960CD4D6DF0FD9BBCF66BD1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4be5bf81-7974-4cac-8621-0cce3471aa2b.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.160.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:41:b6:25:a6:99:e1:3c:19:60:cd:4d:6d:f0:fd:9b:bc:f6:6b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1e:92:37:d9:de:8d:cd:60:c1:c2:81:b3:47:
                    ef:c8:db:2e:eb:5b:92:d6:a6:41:94:e1:c1:a1:d9:
                    d4:18:54:ed:86:ce:bf:52:c7:32:c5:30:19:ce:a6:
                    d9:3e:38:04:a1:a1:f1:cc:1d:46:ee:20:04:3e:ff:
                    a7:79:1d:45:7e:72:c8:c1:e8:99:40:bc:14:53:e8:
                    c6:ff:bc:03:23:f8:da:12:6b:1b:17:51:90:6d:40:
                    7a:f6:ce:db:12:8f:40:1f:2f:9f:7e:c8:e0:d4:b2:
                    93:e8:33:17:92:5e:21:9a:0d:ec:fc:9c:f4:66:4c:
                    46:43:46:1e:39:64:8f:ef:44:e2:59:20:8e:59:07:
                    ed:83:df:e2:5f:51:b1:79:13:1a:92:4b:f3:59:13:
                    33:ff:eb:7b:27:5b:1f:47:16:4f:e8:8b:9f:a3:84:
                    d0:69:84:f5:cb:9d:c4:4f:ff:b1:c5:60:56:c5:fc:
                    6a:bc:b6:a3:e8:f0:dc:24:e5:bb:ca:be:01:7f:2f:
                    21:9d:1e:32:56:32:94:4c:0f:c2:1f:a8:7a:4f:6a:
                    83:82:54:30:d1:a5:25:2e:24:75:48:b7:67:38:7e:
                    96:ed:37:d1:44:e1:64:88:70:dd:d2:c4:75:7a:42:
                    82:43:17:c0:21:9c:b6:1e:6a:e8:e8:f7:12:ea:3e:
                    b7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:8E:C3:1B:9C:59:90:DB:53:A2:6C:19:4D:F9:5B:AD:37:EA:72:E6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4be5bf81-7974-4cac-8621-0cce3471aa2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0c:e4:75:10:b2:30:e0:89:c6:bc:08:59:00:20:dd:a7:01:b8:
         ed:98:50:49:dc:02:6a:06:85:71:d4:35:2a:35:d4:cd:78:36:
         c6:fb:da:e6:b7:81:06:eb:86:6d:8b:6c:70:d0:67:3c:6e:a4:
         85:9a:f0:6c:89:7d:5f:dd:bd:7a:ec:b7:9d:33:39:b7:f7:b6:
         87:24:ba:d2:d1:6e:8d:93:17:97:00:26:4a:de:bd:64:bd:16:
         09:ce:72:45:01:57:3c:60:47:87:94:f1:1d:05:a0:86:1c:e1:
         83:ab:a7:b0:3f:a4:1f:0e:23:ab:33:7f:97:b5:cd:62:16:b2:
         61:54:e1:26:f6:ff:e3:ab:e1:a6:11:e8:4b:d8:9c:66:0d:7b:
         85:85:31:07:96:bf:6c:2b:a2:34:d4:a7:f6:1c:46:b7:31:28:
         f4:a1:2a:59:55:c5:52:aa:58:50:63:f3:dd:21:a9:f3:d4:f8:
         a6:0a:c4:53:64:28:6b:40:36:9a:9d:a4:c2:69:dc:3a:8b:4b:
         7d:3b:9d:cd:6e:c8:ca:c1:df:c3:d3:ac:a5:cd:8f:cc:c1:10:
         ab:db:76:f5:e5:f4:80:b0:8e:83:47:39:14:1a:82:ea:b1:5e:
         0d:0c:8d:c7:39:1d:bf:06:56:d1:94:34:38:f7:8e:3f:ef:8b:
         67:c3:70:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY0G2JaaZ4TwZYM1NbfD9m7z2a9EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MGQwNGMwMDI3ZjFkOWFiZTRmNzU1MDQ5MGIxODExOGM3
OTg4MWY2ZjcxNDE0NmU1MTExMmMxMGJkYTljMTVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+HpI32d6NzWDBwoGzR+/I2y7rW5LWpkGU4cGh2dQYVO2G
zr9SxzLFMBnOptk+OAShofHMHUbuIAQ+/6d5HUV+csjB6JlAvBRT6Mb/vAMj+NoS
axsXUZBtQHr2ztsSj0AfL59+yODUspPoMxeSXiGaDez8nPRmTEZDRh45ZI/vROJZ
II5ZB+2D3+JfUbF5ExqSS/NZEzP/63snWx9HFk/oi5+jhNBphPXLncRP/7HFYFbF
/Gq8tqPo8Nwk5bvKvgF/LyGdHjJWMpRMD8IfqHpPaoOCVDDRpSUuJHVIt2c4fpbt
N9FE4WSIcN3SxHV6QoJDF8AhnLYeaujo9xLqPrcLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHY7DG5xZkNtTomwZTflbrTfqcuYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiZTViZjgxLTc5NzQtNGNhYy04NjIxLTBjY2UzNDcxYWEyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM29aAwDQYJKoZIhvcNAQELBQADggEBAAzkdRCyMOCJxrwIWQAg3acBuO2Y
UEncAmoGhXHUNSo11M14Nsb72ua3gQbrhm2LbHDQZzxupIWa8GyJfV/dvXrst50z
Obf3tockutLRbo2TF5cAJkrevWS9FgnOckUBVzxgR4eU8R0FoIYc4YOrp7A/pB8O
I6szf5e1zWIWsmFU4Sb2/+Or4aYR6EvYnGYNe4WFMQeWv2wrojTUp/YcRrcxKPSh
KllVxVKqWFBj890hqfPU+KYKxFNkKGtANpqdpMJp3DqLS307nc1uyMrB38PTrKXN
j8zBEKvbdvXl9ICwjoNHORQaguqxXg0Mjcc5Hb8GVtGUNDj3jj/vi2fDcIM=
-----END CERTIFICATE-----