Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6a59fb8b-76dd-478b-8633-7422730479a3.roa
File:                     6a59fb8b-76dd-478b-8633-7422730479a3.roa (raw, json)
Hash identifier:          /VemGmjF9wY6ZBmeGnPS589UezLiH6mWumD2PXlCc6o=
Subject key identifier:   6B:D5:AE:87:AD:A4:2E:A1:66:E5:11:C2:25:1E:C0:C2:CF:13:E1:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       38B16B213ACE9DAD4928D165B6554679CBA9A68E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6a59fb8b-76dd-478b-8633-7422730479a3.roa
Signing time:             Mon 19 May 2025 19:20:19 +0000
ROA not before:           Mon 19 May 2025 19:20:19 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b1:6b:21:3a:ce:9d:ad:49:28:d1:65:b6:55:46:79:cb:a9:a6:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 19:20:19 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=fab3cd63ae1527cffc36a547e21b086e47e5b5d94756b1834760a596589c0182, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:1a:88:0d:d6:e6:2b:33:8e:b7:24:57:02:58:
                    49:10:82:23:22:be:6a:ee:78:cc:18:f8:1b:a5:29:
                    bd:97:79:ff:6d:99:9e:1c:f5:75:b3:ed:9e:7d:6c:
                    a5:26:1a:dd:59:fb:69:20:25:a4:a7:4f:25:50:64:
                    35:f1:15:dd:bd:f5:0c:7c:04:e3:7e:da:df:91:57:
                    7c:ce:7d:9e:8c:2e:6a:6c:d7:65:6e:1a:24:ca:29:
                    1c:9a:1f:21:18:ee:33:6e:8f:e3:8d:08:78:43:9f:
                    98:ec:75:5e:1b:7f:de:16:5e:6d:c1:09:81:c4:b3:
                    f8:e4:fe:d3:75:73:b6:57:01:75:82:a1:b7:18:b4:
                    1d:ed:b6:20:63:f8:f3:d3:6d:b1:c7:30:94:1c:d7:
                    52:62:e9:cd:52:f2:0a:a6:62:66:d1:50:62:0e:85:
                    0e:3b:54:1b:0e:57:23:2d:ba:47:a4:5c:10:42:80:
                    c3:2d:f3:7c:7e:b6:cf:f8:2d:c0:1f:16:05:09:30:
                    67:03:9a:3b:d4:8d:b2:30:d9:fe:db:dc:b1:5d:cb:
                    2e:3e:d5:61:7c:bc:57:ed:cc:15:b3:e3:14:b2:2f:
                    43:47:2e:20:19:6f:9e:65:7e:38:36:8b:5e:a2:9c:
                    a4:29:f9:cd:4f:7f:58:e4:a0:75:dc:3b:ab:f4:0a:
                    1e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D5:AE:87:AD:A4:2E:A1:66:E5:11:C2:25:1E:C0:C2:CF:13:E1:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6a59fb8b-76dd-478b-8633-7422730479a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:62:80:da:3d:32:db:ac:f1:9f:ec:7f:98:94:46:06:e8:cb:
         fe:58:56:2c:50:1a:41:88:a7:7c:75:12:91:cd:07:b6:07:db:
         dd:55:18:cf:b8:81:9a:94:d3:13:72:9d:06:76:14:a9:fb:dc:
         61:26:6c:db:3f:6f:04:34:12:3f:41:3a:20:35:14:9a:28:49:
         01:64:87:d2:7e:e9:00:1b:d9:89:d3:20:82:10:ce:74:06:03:
         8e:b2:a2:d1:9e:6b:db:fb:e4:bf:63:85:09:cd:b1:e1:d4:a1:
         ba:1b:22:f5:98:66:ed:57:5c:98:d5:e7:1f:b6:70:80:4d:52:
         f5:aa:f2:60:91:4f:8c:1d:d9:ac:87:d5:88:52:42:cc:bf:86:
         51:83:5a:cd:01:87:88:5e:b8:0f:94:09:d3:9b:06:86:07:e6:
         a6:d9:e3:28:46:61:2d:54:09:6d:a2:6f:12:e5:72:2c:c4:00:
         e9:b7:7e:99:63:d6:64:2b:90:d9:ee:99:10:3e:12:fe:10:f9:
         31:9e:54:11:aa:0b:26:07:33:13:10:06:ec:47:4f:62:7f:a9:
         05:e8:1e:50:21:c9:f7:5d:24:71:51:f2:fa:c7:a6:35:ab:ba:
         2e:5f:58:3c:a3:d8:30:cb:15:f5:c7:4a:67:8d:94:9b:4c:f6:
         3a:6a:cc:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOLFrITrOna1JKNFltlVGecuppo4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTE5MTkyMDE5WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWIzY2Q2M2FlMTUyN2NmZmMzNmE1NDdlMjFiMDg2ZTQ3
ZTViNWQ5NDc1NmIxODM0NzYwYTU5NjU4OWMwMTgyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtGogN1uYrM463JFcCWEkQgiMivmrueMwY+BulKb2Xef9t
mZ4c9XWz7Z59bKUmGt1Z+2kgJaSnTyVQZDXxFd299Qx8BON+2t+RV3zOfZ6MLmps
12VuGiTKKRyaHyEY7jNuj+ONCHhDn5jsdV4bf94WXm3BCYHEs/jk/tN1c7ZXAXWC
obcYtB3ttiBj+PPTbbHHMJQc11Ji6c1S8gqmYmbRUGIOhQ47VBsOVyMtukekXBBC
gMMt83x+ts/4LcAfFgUJMGcDmjvUjbIw2f7b3LFdyy4+1WF8vFftzBWz4xSyL0NH
LiAZb55lfjg2i16inKQp+c1Pf1jkoHXcO6v0Ch6zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUa9Wuh62kLqFm5RHCJR7Aws8T4aIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZhNTlmYjhiLTc2ZGQtNDc4Yi04NjMzLTc0MjI3MzA0NzlhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X28wDQYJKoZIhvcNAQELBQADggEBAC5igNo9Mtus8Z/sf5iURgboy/5Y
VixQGkGIp3x1EpHNB7YH291VGM+4gZqU0xNynQZ2FKn73GEmbNs/bwQ0Ej9BOiA1
FJooSQFkh9J+6QAb2YnTIIIQznQGA46yotGea9v75L9jhQnNseHUobobIvWYZu1X
XJjV5x+2cIBNUvWq8mCRT4wd2ayH1YhSQsy/hlGDWs0Bh4heuA+UCdObBoYH5qbZ
4yhGYS1UCW2ibxLlcizEAOm3fplj1mQrkNnumRA+Ev4Q+TGeVBGqCyYHMxMQBuxH
T2J/qQXoHlAhyfddJHFR8vrHpjWrui5fWDyj2DDLFfXHSmeNlJtM9jpqzKE=
-----END CERTIFICATE-----