Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71e05456-0513-46be-a3c2-1659862be511.roa
File:                     71e05456-0513-46be-a3c2-1659862be511.roa (raw, json)
Hash identifier:          eHp1aDmuhZhg3+9cCwEiSeQAADWiixsE1fkdHajprwk=
Subject key identifier:   98:C9:75:A0:46:BE:B7:42:A7:2A:D5:80:7A:07:6F:D0:60:BB:45:27
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       291A6A6D99109BABEC2E8CD672154AB1953D33B2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71e05456-0513-46be-a3c2-1659862be511.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.243.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:1a:6a:6d:99:10:9b:ab:ec:2e:8c:d6:72:15:4a:b1:95:3d:33:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a7:0c:fd:01:f9:61:eb:00:b7:99:06:84:10:
                    87:65:cf:50:b3:c4:7c:58:14:6d:8b:6b:77:6f:30:
                    02:ae:a7:f8:5c:49:ea:07:cb:2e:e8:d4:3c:05:24:
                    46:38:f4:a8:14:dd:aa:b5:2e:4f:db:e7:ce:86:e9:
                    f7:b0:93:ea:67:8a:2e:cf:3c:95:b2:7d:6d:29:34:
                    b7:86:00:64:cf:8c:f1:9e:88:7e:6e:3f:24:45:66:
                    d4:86:1e:1c:2c:61:c3:42:a9:fb:e6:85:95:67:e8:
                    92:63:c6:dc:98:a7:cc:de:42:1f:8b:f5:8f:fa:a5:
                    45:95:95:c7:aa:83:87:b2:e9:59:33:ef:8c:74:b0:
                    d3:ae:21:1e:d0:2f:e4:c5:b5:a3:61:69:23:4f:d2:
                    41:88:ff:e1:e3:86:a2:63:da:25:da:6c:47:bb:83:
                    f8:7f:15:bd:30:c6:9c:c6:7c:c4:da:c6:1d:02:1f:
                    59:5c:90:99:5f:31:7e:fd:01:63:87:89:10:71:e9:
                    69:31:6b:75:7d:96:f0:ff:8b:a8:d0:75:e0:80:01:
                    56:0c:25:6f:7e:69:68:14:3b:6e:05:f2:81:65:fd:
                    f2:07:be:cc:22:6a:54:d4:ae:66:e3:19:43:00:f8:
                    a8:2c:78:bb:e3:87:3a:7e:4d:3b:51:af:9c:c8:bf:
                    ef:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:C9:75:A0:46:BE:B7:42:A7:2A:D5:80:7A:07:6F:D0:60:BB:45:27
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71e05456-0513-46be-a3c2-1659862be511.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.243.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6f:d5:8b:34:40:d5:3b:55:cd:08:68:3f:00:6b:c4:87:61:5e:
         7e:32:7f:44:c2:88:a6:8a:15:f8:f5:76:52:08:47:49:17:1c:
         58:ea:9e:b4:9e:89:12:30:c0:a5:12:39:b9:31:43:dc:b7:e1:
         39:fb:b1:39:41:72:9e:e8:98:a5:50:75:a1:5f:58:35:56:81:
         71:69:98:39:50:45:4a:c2:4c:46:80:25:30:e4:03:4b:06:c8:
         53:28:32:7f:db:2c:83:d9:48:43:24:39:b1:fa:ce:20:e4:bf:
         22:99:c1:57:f8:cc:44:cf:26:6d:7a:86:bd:99:55:87:f7:a5:
         09:af:10:b1:79:8d:41:e8:f1:da:e6:41:c1:71:69:bb:68:22:
         8d:8f:1f:1a:c9:0e:78:dc:a5:ba:59:97:46:40:4d:a2:d9:34:
         f4:fc:58:a4:15:0d:21:56:c8:07:12:4f:0e:fb:8c:64:25:47:
         88:61:dd:07:0f:59:75:00:c4:ef:87:84:ca:a4:ae:ff:7a:81:
         68:b4:ff:23:41:e6:1d:32:b1:e9:e1:d2:8d:a6:6c:d4:5a:6d:
         fc:74:8e:4a:84:66:68:61:05:7e:38:c0:c9:39:45:21:70:15:
         d2:42:da:37:83:a5:9f:16:f6:3c:ae:63:94:1e:af:0c:d4:ac:
         11:ef:cb:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKRpqbZkQm6vsLozWchVKsZU9M7IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MmVhMWQ4N2I0YmI4ZTk5ZmQ4ZTVhZTIyMTUwYTM5MDQ5
ODMzN2YwYjQxM2NhMTZhMmRiYTAyNzAwNjBlMDA3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcpwz9Aflh6wC3mQaEEIdlz1CzxHxYFG2La3dvMAKup/hc
SeoHyy7o1DwFJEY49KgU3aq1Lk/b586G6fewk+pnii7PPJWyfW0pNLeGAGTPjPGe
iH5uPyRFZtSGHhwsYcNCqfvmhZVn6JJjxtyYp8zeQh+L9Y/6pUWVlceqg4ey6Vkz
74x0sNOuIR7QL+TFtaNhaSNP0kGI/+HjhqJj2iXabEe7g/h/Fb0wxpzGfMTaxh0C
H1lckJlfMX79AWOHiRBx6Wkxa3V9lvD/i6jQdeCAAVYMJW9+aWgUO24F8oFl/fIH
vswialTUrmbjGUMA+KgseLvjhzp+TTtRr5zIv+8rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmMl1oEa+t0KnKtWAegdv0GC7RScwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxZTA1NDU2LTA1MTMtNDZiZS1hM2MyLTE2NTk4NjJiZTUxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU28yAwDQYJKoZIhvcNAQELBQADggEBAG/VizRA1TtVzQhoPwBrxIdhXn4y
f0TCiKaKFfj1dlIIR0kXHFjqnrSeiRIwwKUSObkxQ9y34Tn7sTlBcp7omKVQdaFf
WDVWgXFpmDlQRUrCTEaAJTDkA0sGyFMoMn/bLIPZSEMkObH6ziDkvyKZwVf4zETP
Jm16hr2ZVYf3pQmvELF5jUHo8drmQcFxabtoIo2PHxrJDnjcpbpZl0ZATaLZNPT8
WKQVDSFWyAcSTw77jGQlR4hh3QcPWXUAxO+HhMqkrv96gWi0/yNB5h0ysenh0o2m
bNRabfx0jkqEZmhhBX44wMk5RSFwFdJC2jeDpZ8W9jyuY5QerwzUrBHvy8Q=
-----END CERTIFICATE-----