Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e607366-a5b9-469d-96bc-19db7f27a9fe.roa
File:                     6e607366-a5b9-469d-96bc-19db7f27a9fe.roa (raw, json)
Hash identifier:          UxCe9BwYaj76rhhFiSRFxzddDQWSA+CnNynkKmHhmZM=
Subject key identifier:   F2:EE:DB:C4:21:5F:38:2E:EB:C9:19:4D:C4:10:0E:B7:37:89:4B:0B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1B3705BDE5034DDB58D1FF03823DCB8100214976
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e607366-a5b9-469d-96bc-19db7f27a9fe.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.95.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:37:05:bd:e5:03:4d:db:58:d1:ff:03:82:3d:cb:81:00:21:49:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e8:61:e6:90:61:ca:79:be:54:46:64:d2:d4:
                    a2:89:80:f4:75:04:f7:71:d8:fa:b6:90:09:37:f7:
                    19:f7:2f:64:64:f4:ca:7f:05:28:8b:59:81:6e:c9:
                    b4:fa:ef:aa:c3:7c:9f:a6:4d:62:7d:3d:79:8d:b2:
                    dd:07:b0:a8:4d:66:e4:b5:1a:c1:7d:3d:a8:74:da:
                    2e:7f:9f:62:bb:02:8f:a7:5c:46:35:82:56:51:92:
                    62:bf:93:b0:63:04:b5:ce:be:12:4d:47:2d:8e:c3:
                    39:77:cd:db:bd:a6:32:91:2e:e7:a3:62:8f:63:e3:
                    c9:ce:2e:fc:2f:24:31:0c:fe:b5:f7:7f:49:39:2a:
                    f5:68:3a:79:e8:8b:f0:a5:a0:f3:d5:07:e0:3e:e4:
                    6e:e2:fc:99:67:c1:ec:f9:bc:1e:f4:be:dd:23:32:
                    6c:4f:ac:47:cd:50:83:d4:73:c7:4f:42:fb:8f:17:
                    45:74:26:e7:24:30:08:af:19:13:4b:75:9b:ce:b8:
                    87:12:cb:44:f9:53:3a:07:44:c9:70:2f:c2:a8:cd:
                    a2:01:c2:ad:2a:20:ae:a3:8b:02:67:d8:5b:10:2d:
                    93:35:df:29:11:3a:9d:5f:b8:9a:24:37:f4:c8:d7:
                    6e:29:86:77:ba:53:e5:2f:97:71:74:f3:6b:00:f2:
                    72:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:EE:DB:C4:21:5F:38:2E:EB:C9:19:4D:C4:10:0E:B7:37:89:4B:0B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e607366-a5b9-469d-96bc-19db7f27a9fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.95.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         06:c9:20:f1:f0:76:83:f9:56:57:e0:a5:b7:61:e7:e5:2f:97:
         53:36:76:a8:b2:4e:ed:9e:c1:38:58:02:7d:98:a8:6f:04:bb:
         d2:0a:7b:6b:8c:2e:1c:e0:05:db:be:0a:f3:61:b7:fb:bd:91:
         26:43:c4:33:c8:64:a9:18:ba:6b:3b:c5:4d:0d:77:1b:6a:03:
         74:07:59:30:f3:ea:5f:34:f8:9d:a3:40:44:1f:4b:29:16:9c:
         69:fa:8e:99:f0:00:1a:d1:96:05:f9:47:4b:93:3f:e0:81:8e:
         8e:63:eb:7f:6d:b1:05:5e:15:da:47:0a:d5:b0:8e:f2:a8:74:
         37:14:f6:92:c6:52:18:c3:4b:99:05:56:93:6f:54:6e:e9:50:
         f9:e4:fc:3c:16:1d:d5:a2:b1:38:79:92:80:98:20:fb:3e:39:
         f0:67:26:97:6b:25:d0:24:58:32:c3:83:69:57:bb:16:b0:59:
         c5:9e:f4:19:29:f3:b3:d9:5e:54:ec:71:41:6e:6c:64:bc:dc:
         c8:80:ea:0b:81:55:96:07:f2:27:e1:85:f3:23:2d:80:6e:f4:
         72:99:4b:03:c4:75:e9:e2:73:67:19:a4:51:56:9e:ee:6b:ce:
         73:1f:c3:5d:88:4b:61:84:9c:e8:1f:c4:8c:e2:e6:67:64:58:
         f5:c7:c8:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGzcFveUDTdtY0f8Dgj3LgQAhSXYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA1MDAwMDAwWhcNMjUwMzEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjU3YmE5YmVlYjA4ZWE4ZDM5ZGJkNDhjM2EwNWZmNzY3
M2RkMjIxZDIwMzYyMDhiOTAzNDY3NjM0ODZmMDRlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC96GHmkGHKeb5URmTS1KKJgPR1BPdx2Pq2kAk39xn3L2Rk
9Mp/BSiLWYFuybT676rDfJ+mTWJ9PXmNst0HsKhNZuS1GsF9Pah02i5/n2K7Ao+n
XEY1glZRkmK/k7BjBLXOvhJNRy2Owzl3zdu9pjKRLuejYo9j48nOLvwvJDEM/rX3
f0k5KvVoOnnoi/CloPPVB+A+5G7i/Jlnwez5vB70vt0jMmxPrEfNUIPUc8dPQvuP
F0V0JuckMAivGRNLdZvOuIcSy0T5UzoHRMlwL8KozaIBwq0qIK6jiwJn2FsQLZM1
3ykROp1fuJokN/TI124phne6U+Uvl3F082sA8nLBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8u7bxCFfOC7ryRlNxBAOtzeJSwswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZlNjA3MzY2LWE1YjktNDY5ZC05NmJjLTE5ZGI3ZjI3YTlmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2X4AwDQYJKoZIhvcNAQELBQADggEBAAbJIPHwdoP5Vlfgpbdh5+Uvl1M2
dqiyTu2ewThYAn2YqG8Eu9IKe2uMLhzgBdu+CvNht/u9kSZDxDPIZKkYums7xU0N
dxtqA3QHWTDz6l80+J2jQEQfSykWnGn6jpnwABrRlgX5R0uTP+CBjo5j639tsQVe
FdpHCtWwjvKodDcU9pLGUhjDS5kFVpNvVG7pUPnk/DwWHdWisTh5koCYIPs+OfBn
JpdrJdAkWDLDg2lXuxawWcWe9Bkp87PZXlTscUFubGS83MiA6guBVZYH8ifhhfMj
LYBu9HKZSwPEdenic2cZpFFWnu5rznMfw12IS2GEnOgfxIzi5mdkWPXHyOI=
-----END CERTIFICATE-----