Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa
File:                     4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa (raw, json)
Hash identifier:          +OiWBU2vkg/QnNCSp0PrRJytA0iKXhFDVUj4J7NNa+4=
Subject key identifier:   AB:64:5B:1C:FD:99:FA:41:90:3E:28:F6:91:99:94:38:3B:A0:69:A5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1FF09B5216FF978C3E5ED6F9BC7B21E1E433D3C7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa
Signing time:             Tue 04 Mar 2025 21:20:11 +0000
ROA not before:           Tue 04 Mar 2025 21:20:11 +0000
ROA not after:            Tue 08 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f0:9b:52:16:ff:97:8c:3e:5e:d6:f9:bc:7b:21:e1:e4:33:d3:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  4 21:20:11 2025 GMT
            Not After : Apr  8 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ba:1d:85:bd:d6:65:40:e7:34:28:e0:10:94:
                    96:1a:92:de:ac:01:07:3e:f3:8f:25:e3:a3:08:a4:
                    3b:36:3d:92:72:6f:f9:b2:4f:d7:98:03:c7:df:5c:
                    98:92:01:c5:50:53:ce:48:28:c3:91:5e:7e:73:15:
                    66:fa:04:b6:1b:0c:4b:d1:f7:75:6f:00:cc:ea:26:
                    29:0d:8a:74:ea:1b:78:60:15:88:99:cd:6d:b9:84:
                    cc:22:8f:3b:5b:aa:ce:73:20:8a:83:1e:42:fd:08:
                    e5:e0:c2:d7:a4:45:58:3e:86:23:1b:85:01:6a:0b:
                    35:a5:d5:8a:00:a3:ee:91:44:66:8f:73:db:92:a0:
                    d2:3c:ac:f1:25:fc:0d:2f:bd:85:1c:f7:53:63:e2:
                    ef:da:54:ff:83:8f:ba:b8:c3:3c:c2:2f:3a:91:e7:
                    57:42:a4:48:39:80:1a:19:a6:ba:28:2d:eb:2c:f6:
                    66:47:6d:6c:4f:7f:ed:18:f0:6e:92:91:4f:15:4d:
                    3b:dd:da:52:db:18:51:97:bf:83:a4:f1:bb:20:36:
                    2b:77:fe:17:e7:53:9b:cc:33:8c:2e:c3:52:99:57:
                    d5:1c:db:2c:78:85:cd:f0:79:87:ca:b7:dd:c6:1c:
                    71:d3:10:a3:16:6d:24:48:b8:f0:94:0d:be:f4:40:
                    51:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:64:5B:1C:FD:99:FA:41:90:3E:28:F6:91:99:94:38:3B:A0:69:A5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         86:d4:2f:85:99:83:40:e1:41:88:0b:48:f0:c2:58:2e:bd:fa:
         a4:3d:b7:88:f2:8b:f3:bc:08:23:d2:5e:b2:23:33:37:bb:b5:
         a1:a9:ce:bb:96:4a:71:8f:8f:96:0f:ca:8c:7a:54:d3:1a:82:
         5d:a7:3a:91:47:2d:42:b3:80:6b:9f:2e:85:de:32:d2:30:28:
         78:eb:17:4b:e2:e1:57:b1:4e:67:a9:91:53:a7:59:20:6e:23:
         82:1a:5a:53:b1:f1:c7:83:c8:e2:33:b9:a9:f4:dc:3a:d2:54:
         7c:14:fa:73:da:c9:92:08:3e:69:e7:69:3d:4e:f0:94:ed:62:
         3a:60:e7:c7:33:92:87:94:9a:cc:51:2b:0d:d1:ec:bd:94:9c:
         13:17:e3:7c:2e:86:1c:f1:c8:27:fa:7c:d0:3d:c4:c0:83:54:
         0f:ef:09:4e:c7:eb:0d:ec:e4:52:b9:2e:af:2c:28:e5:a9:38:
         ad:40:0a:c1:09:65:53:15:37:05:e5:a4:05:da:86:d8:ee:cb:
         57:10:ef:84:45:15:57:a8:9a:a7:0c:c0:bc:ba:8a:ff:46:55:
         71:6d:f9:96:c5:13:db:30:35:b9:dd:c5:46:78:88:a8:25:ad:
         42:0e:c7:38:cb:41:aa:8e:1d:2d:8f:f1:85:74:8b:9c:31:42:
         dc:58:d4:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH/CbUhb/l4w+Xtb5vHsh4eQz08cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA0MjEyMDExWhcNMjUwNDA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzNlZmNmY2U1Yjk1OGE1N2Q4ZjgxMzE4MmVlMmY1Zjky
YmVjMzVkYmE1MGNhNjY3YzE2Mjg1ZTIxZDBjNjdlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuuh2FvdZlQOc0KOAQlJYakt6sAQc+848l46MIpDs2PZJy
b/myT9eYA8ffXJiSAcVQU85IKMORXn5zFWb6BLYbDEvR93VvAMzqJikNinTqG3hg
FYiZzW25hMwijztbqs5zIIqDHkL9COXgwtekRVg+hiMbhQFqCzWl1YoAo+6RRGaP
c9uSoNI8rPEl/A0vvYUc91Nj4u/aVP+Dj7q4wzzCLzqR51dCpEg5gBoZprooLess
9mZHbWxPf+0Y8G6SkU8VTTvd2lLbGFGXv4Ok8bsgNit3/hfnU5vMM4wuw1KZV9Uc
2yx4hc3weYfKt93GHHHTEKMWbSRIuPCUDb70QFFTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq2RbHP2Z+kGQPij2kZmUODugaaUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRlMzNmZmEyLWMyOWEtNGZjZC1iYmQwLWJjZWZmYTJjMTg2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM0XtAwDQYJKoZIhvcNAQELBQADggEBAIbUL4WZg0DhQYgLSPDCWC69+qQ9
t4jyi/O8CCPSXrIjMze7taGpzruWSnGPj5YPyox6VNMagl2nOpFHLUKzgGufLoXe
MtIwKHjrF0vi4VexTmepkVOnWSBuI4IaWlOx8ceDyOIzuan03DrSVHwU+nPayZII
PmnnaT1O8JTtYjpg58czkoeUmsxRKw3R7L2UnBMX43wuhhzxyCf6fNA9xMCDVA/v
CU7H6w3s5FK5Lq8sKOWpOK1ACsEJZVMVNwXlpAXahtjuy1cQ74RFFVeomqcMwLy6
iv9GVXFt+ZbFE9swNbndxUZ4iKglrUIOxzjLQaqOHS2P8YV0i5wxQtxY1Hs=
-----END CERTIFICATE-----