Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74efe89a-3988-4164-98dd-bb1f690379cf.roa
File:                     74efe89a-3988-4164-98dd-bb1f690379cf.roa (raw, json)
Hash identifier:          mnn/64W1KSJw+hQx5euo29Jt65rkV647V1RWEcnKc4M=
Subject key identifier:   7E:92:D0:1E:B2:36:7A:09:C6:7A:CF:34:B4:4C:52:FF:F5:A9:A0:9A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3DA4BC3640F1FA01F714D580F616DFFB3AFCC037
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74efe89a-3988-4164-98dd-bb1f690379cf.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.94.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:a4:bc:36:40:f1:fa:01:f7:14:d5:80:f6:16:df:fb:3a:fc:c0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1a:0e:3c:7c:77:d5:a4:1d:e3:83:93:07:7b:
                    5f:c3:24:ec:e7:ac:b5:95:ba:5a:7a:24:ce:7c:eb:
                    ea:22:ab:d8:11:0c:93:ee:c5:80:99:68:a1:91:9b:
                    9c:62:d5:3f:8c:72:7d:b8:9e:d1:ce:c1:70:16:71:
                    24:bf:e0:5c:e9:2a:b6:b6:51:8c:aa:00:10:1d:bf:
                    d8:96:98:af:90:8e:7a:7d:cc:3d:9a:4e:4f:98:08:
                    e2:aa:60:01:88:40:9d:1d:c2:32:1c:cd:cd:01:c1:
                    fa:53:64:0f:52:ca:00:f0:37:ed:d3:4c:15:6a:fb:
                    ea:91:4c:a3:6e:07:5e:af:3b:08:55:97:97:66:4b:
                    53:ef:d5:c3:12:41:3d:1e:0c:8a:e0:87:79:90:63:
                    0a:9d:15:f3:f1:c3:bd:8b:98:43:57:d1:15:18:86:
                    30:83:26:8d:92:c6:3c:2a:24:3f:b0:24:b5:f4:6d:
                    c2:ed:ed:1f:e3:c3:68:31:ad:a2:67:e0:2e:25:14:
                    7b:fc:de:85:7a:35:dd:6c:f7:21:97:b2:e8:ec:64:
                    d7:a5:5e:6a:1d:73:29:3c:70:f4:65:b0:1e:25:96:
                    fa:2d:04:0a:c7:16:51:3a:38:7e:9e:73:b8:6a:91:
                    95:1a:e9:1f:8d:06:75:aa:23:64:3d:16:fa:79:10:
                    8c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:92:D0:1E:B2:36:7A:09:C6:7A:CF:34:B4:4C:52:FF:F5:A9:A0:9A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74efe89a-3988-4164-98dd-bb1f690379cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.94.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:81:7a:93:75:0d:1d:a0:1b:67:f6:e7:47:c5:7a:f9:3f:c2:
         ce:25:45:97:5b:87:99:d1:b8:f3:fe:45:e6:a1:05:82:f3:b5:
         bc:a3:6f:c8:99:11:f8:a5:5c:2f:f7:f1:ef:1a:40:1b:b9:a6:
         8c:16:22:2b:be:4a:81:da:9c:f3:3e:3c:71:cc:c6:b1:1e:96:
         c1:a4:2e:e3:d2:6c:93:75:18:e5:62:4a:4e:c3:c8:bf:17:33:
         0e:af:5a:be:1a:fa:05:94:af:ac:0d:f9:6d:49:98:a3:52:d4:
         c5:60:96:79:4a:04:1c:79:a1:92:37:5f:5a:a3:2c:05:04:be:
         37:12:d7:25:af:87:d4:e3:a0:6d:d4:48:bd:49:e8:60:9c:da:
         24:9e:78:b6:0e:8e:09:54:79:1d:db:3e:c7:b6:41:4e:66:23:
         f2:cd:8f:9a:1b:c2:46:10:37:2b:28:70:f1:82:a7:c2:e8:7c:
         9e:ad:cd:4f:58:6e:d8:c9:b4:a5:e7:5c:67:b2:8a:04:0b:d2:
         41:77:8a:cb:c5:71:9d:51:ea:99:36:0c:34:ed:f4:db:14:cf:
         e5:1b:e8:86:be:6a:c6:7f:fc:21:72:76:e1:c7:54:94:0d:bd:
         25:a9:e8:2c:ff:95:7e:99:14:50:16:f0:3f:31:08:dd:ff:72:
         56:81:7d:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPaS8NkDx+gH3FNWA9hbf+zr8wDcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwOWI0M2YxZWY0MmU4MjQxZDMzOWJlNTc4ZGZiNjNiOGZm
NTdiMTk1Mjc1MzZlODdmZTQ4ZTA3YjM1MGZkNGVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClGg48fHfVpB3jg5MHe1/DJOznrLWVulp6JM586+oiq9gR
DJPuxYCZaKGRm5xi1T+Mcn24ntHOwXAWcSS/4FzpKra2UYyqABAdv9iWmK+Qjnp9
zD2aTk+YCOKqYAGIQJ0dwjIczc0BwfpTZA9SygDwN+3TTBVq++qRTKNuB16vOwhV
l5dmS1Pv1cMSQT0eDIrgh3mQYwqdFfPxw72LmENX0RUYhjCDJo2SxjwqJD+wJLX0
bcLt7R/jw2gxraJn4C4lFHv83oV6Nd1s9yGXsujsZNelXmodcyk8cPRlsB4llvot
BArHFlE6OH6ec7hqkZUa6R+NBnWqI2Q9Fvp5EIxnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfpLQHrI2egnGes80tExS//WpoJowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0ZWZlODlhLTM5ODgtNDE2NC05OGRkLWJiMWY2OTAzNzljZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2XmgwDQYJKoZIhvcNAQELBQADggEBAD2BepN1DR2gG2f250fFevk/ws4l
RZdbh5nRuPP+ReahBYLztbyjb8iZEfilXC/38e8aQBu5powWIiu+SoHanPM+PHHM
xrEelsGkLuPSbJN1GOViSk7DyL8XMw6vWr4a+gWUr6wN+W1JmKNS1MVglnlKBBx5
oZI3X1qjLAUEvjcS1yWvh9TjoG3USL1J6GCc2iSeeLYOjglUeR3bPse2QU5mI/LN
j5obwkYQNysocPGCp8LofJ6tzU9YbtjJtKXnXGeyigQL0kF3isvFcZ1R6pk2DDTt
9NsUz+Ub6Ia+asZ//CFyduHHVJQNvSWp6Cz/lX6ZFFAW8D8xCN3/claBfVo=
-----END CERTIFICATE-----