Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676769b4-85c5-472b-a02c-f8796041f509.roa
File:                     676769b4-85c5-472b-a02c-f8796041f509.roa (raw, json)
Hash identifier:          aZ4QyG+ANnhbFmL8KdJ+wdewMEjnWrXwcR2gk8pSTmI=
Subject key identifier:   60:26:A4:28:34:B9:E8:3B:64:49:21:B6:34:4A:CA:5E:64:47:08:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       352DF455D9BC58CC856C04CC36C094DA323457CC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676769b4-85c5-472b-a02c-f8796041f509.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.147.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:2d:f4:55:d9:bc:58:cc:85:6c:04:cc:36:c0:94:da:32:34:57:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:94:e3:d2:e1:bd:44:72:03:0f:46:8c:dc:b0:
                    ec:41:f2:3d:1d:b2:41:19:6f:b9:ba:85:14:f0:dc:
                    06:66:74:12:29:a9:b6:07:b2:68:e0:84:7b:7c:a6:
                    80:02:50:1c:ce:85:b7:ac:fa:75:b3:f4:6f:f2:23:
                    d1:95:38:b3:82:34:c0:7f:98:16:cf:df:74:9c:f8:
                    4c:9b:db:42:bf:3a:f0:5f:48:c7:ae:be:5e:02:5c:
                    b2:0f:48:80:10:50:d3:c3:3d:1f:18:81:f0:78:8f:
                    fd:e2:5c:43:28:b2:fd:08:08:a4:29:70:68:dc:b3:
                    58:7b:03:35:f3:7e:86:06:16:e8:a2:2f:b1:c8:a4:
                    64:0a:e8:74:1c:62:b8:22:68:ff:11:84:c4:20:cf:
                    d0:7b:79:c0:f2:ce:21:94:d5:d4:02:be:9e:5a:4d:
                    1a:5d:b7:10:0a:9b:a1:90:a1:38:24:82:a6:0f:8e:
                    f6:56:5a:70:85:cf:4c:ad:29:8d:5d:43:25:1b:14:
                    40:de:a3:6a:7a:30:2b:a3:78:71:07:48:b3:91:9e:
                    79:55:46:e7:00:68:42:bd:f1:2d:59:f4:ee:33:39:
                    b1:01:3e:a1:9b:d5:ff:1e:11:66:05:5c:b9:ad:c2:
                    0f:46:14:3a:36:cc:94:69:22:b2:0d:1b:69:d0:48:
                    c7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:26:A4:28:34:B9:E8:3B:64:49:21:B6:34:4A:CA:5E:64:47:08:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676769b4-85c5-472b-a02c-f8796041f509.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.147.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         01:7c:4c:d7:ef:57:fc:36:3d:80:6f:9b:03:e0:53:66:f0:19:
         92:29:6d:8e:22:06:03:fd:d8:d3:f7:03:7e:a9:63:e8:d2:4c:
         65:db:1f:3e:6c:d6:2c:c6:ab:cc:30:25:c1:1a:1b:3f:e3:9c:
         df:77:3a:cf:67:c9:35:9f:d9:15:55:3d:fe:d0:29:78:b4:32:
         cc:30:2e:27:1c:e6:8b:e0:ef:11:e9:c2:e0:72:fa:c3:78:57:
         cf:9a:5f:2d:84:7d:e0:81:8a:cc:57:5f:f1:2b:bd:4f:71:24:
         8c:08:15:d0:fe:1e:38:6e:11:c0:8a:91:16:54:71:22:c7:fb:
         79:60:0e:5d:ae:25:c2:60:99:08:1f:49:dd:bc:b2:5b:ad:73:
         51:1d:6d:5a:4d:9e:ba:5c:10:ea:0d:df:b9:66:33:32:f2:14:
         28:48:8f:da:2c:c6:26:fb:77:60:9f:1a:25:dc:92:f2:11:cd:
         ef:e6:dd:79:01:06:ca:50:ef:8a:4c:bb:a7:56:32:61:e2:81:
         1d:bc:a7:7e:0b:c8:3f:df:e8:33:10:c1:c2:5e:0d:7a:b3:b3:
         b0:24:96:48:d7:90:67:b8:79:a4:d7:de:31:6f:46:1e:03:e6:
         c7:00:a5:14:d0:4b:02:51:b7:c1:78:3e:dd:5b:65:1d:00:e7:
         11:31:ad:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNS30Vdm8WMyFbATMNsCU2jI0V8wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjEwYzVmOTk4ZTlhZDE2ZDU3YzI1OThjMTYzZTMyNDVi
NzhmMDhlMjU1MmNjOTVhZDU4OWU5ZWJjNDg3MWM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVlOPS4b1EcgMPRozcsOxB8j0dskEZb7m6hRTw3AZmdBIp
qbYHsmjghHt8poACUBzOhbes+nWz9G/yI9GVOLOCNMB/mBbP33Sc+Eyb20K/OvBf
SMeuvl4CXLIPSIAQUNPDPR8YgfB4j/3iXEMosv0ICKQpcGjcs1h7AzXzfoYGFuii
L7HIpGQK6HQcYrgiaP8RhMQgz9B7ecDyziGU1dQCvp5aTRpdtxAKm6GQoTgkgqYP
jvZWWnCFz0ytKY1dQyUbFEDeo2p6MCujeHEHSLORnnlVRucAaEK98S1Z9O4zObEB
PqGb1f8eEWYFXLmtwg9GFDo2zJRpIrING2nQSMdVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYCakKDS56DtkSSG2NErKXmRHCIAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY3Njc2OWI0LTg1YzUtNDcyYi1hMDJjLWY4Nzk2MDQxZjUwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2k8AwDQYJKoZIhvcNAQELBQADggEBAAF8TNfvV/w2PYBvmwPgU2bwGZIp
bY4iBgP92NP3A36pY+jSTGXbHz5s1izGq8wwJcEaGz/jnN93Os9nyTWf2RVVPf7Q
KXi0MswwLicc5ovg7xHpwuBy+sN4V8+aXy2EfeCBisxXX/ErvU9xJIwIFdD+Hjhu
EcCKkRZUcSLH+3lgDl2uJcJgmQgfSd28slutc1EdbVpNnrpcEOoN37lmMzLyFChI
j9osxib7d2CfGiXckvIRze/m3XkBBspQ74pMu6dWMmHigR28p34LyD/f6DMQwcJe
DXqzs7AklkjXkGe4eaTX3jFvRh4D5scApRTQSwJRt8F4Pt1bZR0A5xExrW8=
-----END CERTIFICATE-----