Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/809b8de9-35a6-4f5e-b327-c96f51b0a969.roa
File:                     809b8de9-35a6-4f5e-b327-c96f51b0a969.roa (raw, json)
Hash identifier:          FhWl6NRedGYA4h08TIEAas3p8Yilg5MBuF0xd5v2u0s=
Subject key identifier:   16:F7:49:F4:32:84:23:59:35:F5:3F:45:A4:29:90:B0:E2:D8:49:9E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       291E5C60944232E3ADEC6135089D319955D5755C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/809b8de9-35a6-4f5e-b327-c96f51b0a969.roa
Signing time:             Fri 18 Apr 2025 15:30:30 +0000
ROA not before:           Fri 18 Apr 2025 15:30:30 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.157.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:1e:5c:60:94:42:32:e3:ad:ec:61:35:08:9d:31:99:55:d5:75:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 15:30:30 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=9962f6b7bf2a0cc237740b3ff1d5b2f21efc30d638232e8578a3bc31582fb711, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:12:a4:b4:aa:47:da:64:4a:d0:8d:11:69:ea:
                    95:d2:44:9b:0c:f2:8d:58:22:15:bc:47:71:54:66:
                    bd:e8:f9:16:7f:1b:4d:18:f1:11:99:ec:d3:fb:4f:
                    a5:11:20:14:ed:c8:71:f5:32:71:cb:ce:86:8a:3c:
                    1a:f0:32:e8:ef:65:6a:fd:d8:a6:fb:be:9a:b8:fa:
                    c7:0b:52:61:8d:7c:20:6e:85:46:05:32:21:b3:63:
                    a1:b5:00:3a:83:af:83:ef:d0:ea:4c:fe:17:81:92:
                    7f:1f:d6:77:09:af:25:88:df:47:0f:f2:70:c2:3f:
                    ee:75:1f:03:0e:75:ef:e6:c3:9b:21:0a:ad:89:1b:
                    80:8f:ef:1a:24:bf:98:e9:74:43:15:1a:f8:46:69:
                    97:36:01:1a:1f:82:a6:53:d9:d6:81:67:44:ab:2e:
                    b8:9a:7a:bc:30:97:d9:b7:88:5a:ec:87:c2:a9:33:
                    02:40:d2:8b:34:72:e6:84:c9:2e:1c:a3:87:7b:24:
                    6c:75:40:f8:24:94:57:a9:33:35:f8:51:88:d2:ae:
                    61:ae:3b:0e:60:5b:9c:8d:88:26:d0:30:dc:6f:42:
                    0d:ca:6c:8f:8d:10:d9:3c:3f:fb:9b:a9:6c:f0:37:
                    42:af:3f:62:c0:67:43:b4:5c:9d:ff:16:4f:cc:94:
                    b7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F7:49:F4:32:84:23:59:35:F5:3F:45:A4:29:90:B0:E2:D8:49:9E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/809b8de9-35a6-4f5e-b327-c96f51b0a969.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.157.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b0:36:b4:b9:c8:05:77:ae:32:43:c4:bf:00:52:ad:cd:6a:db:
         a3:82:61:cb:fe:f0:d7:86:1c:2b:72:f8:09:1a:ce:14:f3:48:
         9c:65:2b:35:13:5d:4a:60:19:45:f7:e0:ea:3a:b5:92:44:6d:
         7b:27:ea:f1:46:6c:5d:9e:be:6f:49:12:62:6a:83:8c:6f:90:
         42:0c:46:a3:14:67:31:c7:10:cf:df:95:68:95:91:dc:f9:81:
         2f:c1:4d:48:b0:0e:96:95:0c:84:66:3f:d2:1f:cc:aa:bc:92:
         4c:e1:31:36:6b:96:39:35:d0:83:8f:14:ba:66:0e:19:16:c6:
         63:26:6d:51:d3:11:76:b7:54:c6:be:4e:6e:04:c1:68:9a:16:
         9e:d1:a5:49:a5:dd:32:c9:fe:29:51:d1:c8:e0:a6:c7:75:a6:
         c1:30:7e:36:09:24:95:97:b5:0d:26:79:49:64:11:ce:6f:3c:
         67:8c:d4:f1:25:12:78:05:4b:7e:a2:97:96:49:45:b0:d6:41:
         25:3b:11:1a:a3:5f:24:65:d7:9e:2b:68:34:64:47:5d:b9:cf:
         54:5e:33:1c:a7:6a:1b:57:06:9d:fc:17:b7:f6:68:80:4c:28:
         fd:df:45:75:6d:24:f9:12:20:28:b5:b0:97:4a:40:97:b9:29:
         d7:01:99:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKR5cYJRCMuOt7GE1CJ0xmVXVdVwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTUzMDMwWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTYyZjZiN2JmMmEwY2MyMzc3NDBiM2ZmMWQ1YjJmMjFl
ZmMzMGQ2MzgyMzJlODU3OGEzYmMzMTU4MmZiNzExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDEqS0qkfaZErQjRFp6pXSRJsM8o1YIhW8R3FUZr3o+RZ/
G00Y8RGZ7NP7T6URIBTtyHH1MnHLzoaKPBrwMujvZWr92Kb7vpq4+scLUmGNfCBu
hUYFMiGzY6G1ADqDr4Pv0OpM/heBkn8f1ncJryWI30cP8nDCP+51HwMOde/mw5sh
Cq2JG4CP7xokv5jpdEMVGvhGaZc2ARofgqZT2daBZ0SrLriaerwwl9m3iFrsh8Kp
MwJA0os0cuaEyS4co4d7JGx1QPgklFepMzX4UYjSrmGuOw5gW5yNiCbQMNxvQg3K
bI+NENk8P/ubqWzwN0KvP2LAZ0O0XJ3/Fk/MlLenAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFvdJ9DKEI1k19T9FpCmQsOLYSZ4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgwOWI4ZGU5LTM1YTYtNGY1ZS1iMzI3LWM5NmY1MWIwYTk2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2ncAwDQYJKoZIhvcNAQELBQADggEBALA2tLnIBXeuMkPEvwBSrc1q26OC
Ycv+8NeGHCty+AkazhTzSJxlKzUTXUpgGUX34Oo6tZJEbXsn6vFGbF2evm9JEmJq
g4xvkEIMRqMUZzHHEM/flWiVkdz5gS/BTUiwDpaVDIRmP9IfzKq8kkzhMTZrljk1
0IOPFLpmDhkWxmMmbVHTEXa3VMa+Tm4EwWiaFp7RpUml3TLJ/ilR0cjgpsd1psEw
fjYJJJWXtQ0meUlkEc5vPGeM1PElEngFS36il5ZJRbDWQSU7ERqjXyRl154raDRk
R125z1ReMxynahtXBp38F7f2aIBMKP3fRXVtJPkSICi1sJdKQJe5KdcBmQY=
-----END CERTIFICATE-----