Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7002c10b-e3be-4037-abbe-615f92891bff.roa
File:                     7002c10b-e3be-4037-abbe-615f92891bff.roa (raw, json)
Hash identifier:          iFY6juUbNhUl49C0O0k/S6ilRwo7cLEhed4CAbBtxt0=
Subject key identifier:   55:AD:C6:0E:FD:1E:BD:80:5A:B2:A2:16:1A:EF:A0:FE:88:48:95:7A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       797037190B504A241D07D1821889F0D30BA3F0F5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7002c10b-e3be-4037-abbe-615f92891bff.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.94.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:70:37:19:0b:50:4a:24:1d:07:d1:82:18:89:f0:d3:0b:a3:f0:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cd:ab:b7:d8:a2:07:59:08:e9:e6:ee:33:1b:
                    ef:8c:a7:95:ed:16:15:e2:96:37:2b:4b:31:37:e9:
                    7b:ea:ce:58:64:91:ef:57:b7:c9:43:a1:71:07:99:
                    06:92:64:aa:47:90:68:50:f8:a0:fd:3d:12:55:83:
                    7e:8b:85:cb:56:ac:78:12:40:ce:6c:e3:c2:54:d2:
                    69:a9:16:ed:4a:0e:bf:ff:30:48:35:10:41:ee:d8:
                    d1:b8:6c:ae:b1:23:36:59:30:38:cc:2b:7f:e6:b5:
                    b3:07:1e:8c:4c:c3:b4:06:93:e1:d7:71:c0:31:df:
                    c1:32:46:86:41:11:62:fa:90:e7:d7:9a:85:2a:5b:
                    18:55:41:2b:68:fd:29:82:eb:56:95:94:e0:ca:a8:
                    37:a1:0d:f0:dd:40:39:79:94:1d:ad:ef:6d:34:8f:
                    10:a5:12:4a:94:09:67:30:d8:6b:83:db:80:6a:ad:
                    2f:b9:c1:49:4c:c2:cc:f0:83:5f:f5:58:9b:7a:c3:
                    ac:15:6d:b5:a3:76:b2:bf:7c:09:bc:ee:6f:39:00:
                    7d:e1:ca:76:41:87:94:b2:fe:34:0a:68:ce:17:0e:
                    3f:a5:71:46:a1:03:63:11:52:cb:e2:e5:24:a1:ed:
                    78:f3:35:af:66:c0:0a:b7:11:36:61:38:97:29:80:
                    8f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:AD:C6:0E:FD:1E:BD:80:5A:B2:A2:16:1A:EF:A0:FE:88:48:95:7A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7002c10b-e3be-4037-abbe-615f92891bff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:05:f0:7e:f9:78:f8:fd:8a:8a:06:7c:d2:1e:87:2f:a1:e8:
         48:66:ee:2d:e4:ba:73:bd:1b:16:35:35:f0:9c:60:76:73:dd:
         15:cd:e6:63:94:c0:3c:93:a9:b9:77:85:d0:9b:2f:9c:6f:b3:
         3c:c1:f4:51:67:01:50:62:35:c0:0a:ef:5d:66:d7:93:e9:9b:
         33:7d:cd:fe:69:59:aa:77:79:c6:2f:7b:69:18:93:a5:28:f4:
         93:bf:ed:05:6b:32:05:44:87:57:3a:2b:79:fe:45:5b:8c:65:
         ee:b3:ea:df:15:b9:9a:3a:05:f5:3d:6a:cb:13:fc:b3:e8:6f:
         f0:07:42:48:be:80:26:0e:59:e2:aa:6b:fc:b2:9a:b2:1c:92:
         e0:d8:11:d7:9a:a2:e4:62:d3:1f:0a:ea:6a:52:44:d7:c1:9b:
         07:52:f8:a6:36:a8:0a:01:d9:49:55:af:54:a4:98:24:df:2c:
         1b:45:88:38:70:17:17:16:ab:38:03:a5:e1:4f:76:52:d0:f3:
         1d:69:0c:69:43:6d:d2:c9:a0:55:74:2e:24:dc:d8:9d:96:88:
         07:7c:35:b6:29:43:07:98:d1:c2:c7:cb:88:64:31:b6:ac:b8:
         49:81:ac:e5:6f:14:e4:97:29:a1:56:44:10:b1:39:22:dc:37:
         98:ad:fd:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeXA3GQtQSiQdB9GCGInw0wuj8PUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZWRhYjRmMmQyZjUxOTI3MzFlM2ZlMzlmZWRlNGYxM2U4
Mjk0NjY0MmMzOWYyNjY4ODAwY2QyNDg2YWZhYjY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkzau32KIHWQjp5u4zG++Mp5XtFhXiljcrSzE36Xvqzlhk
ke9Xt8lDoXEHmQaSZKpHkGhQ+KD9PRJVg36LhctWrHgSQM5s48JU0mmpFu1KDr//
MEg1EEHu2NG4bK6xIzZZMDjMK3/mtbMHHoxMw7QGk+HXccAx38EyRoZBEWL6kOfX
moUqWxhVQSto/SmC61aVlODKqDehDfDdQDl5lB2t7200jxClEkqUCWcw2GuD24Bq
rS+5wUlMwszwg1/1WJt6w6wVbbWjdrK/fAm87m85AH3hynZBh5Sy/jQKaM4XDj+l
cUahA2MRUsvi5SSh7XjzNa9mwAq3ETZhOJcpgI9lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVa3GDv0evYBasqIWGu+g/ohIlXowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcwMDJjMTBiLWUzYmUtNDAzNy1hYmJlLTYxNWY5Mjg5MWJmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0XoQwDQYJKoZIhvcNAQELBQADggEBAKgF8H75ePj9iooGfNIehy+h6Ehm
7i3kunO9GxY1NfCcYHZz3RXN5mOUwDyTqbl3hdCbL5xvszzB9FFnAVBiNcAK711m
15PpmzN9zf5pWap3ecYve2kYk6Uo9JO/7QVrMgVEh1c6K3n+RVuMZe6z6t8VuZo6
BfU9assT/LPob/AHQki+gCYOWeKqa/yymrIckuDYEdeaouRi0x8K6mpSRNfBmwdS
+KY2qAoB2UlVr1SkmCTfLBtFiDhwFxcWqzgDpeFPdlLQ8x1pDGlDbdLJoFV0LiTc
2J2WiAd8NbYpQweY0cLHy4hkMbasuEmBrOVvFOSXKaFWRBCxOSLcN5it/WQ=
-----END CERTIFICATE-----