Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9c0738ab-0d59-4e7b-afb6-d15789d094de.roa
File:                     9c0738ab-0d59-4e7b-afb6-d15789d094de.roa (raw, json)
Hash identifier:          aTK4TiC8JokyHL04XIpbbmZlQ8Rn//oZljkDNKtN9lg=
Subject key identifier:   08:B0:4C:13:A3:62:C2:DD:F8:0A:96:27:2A:54:0D:55:75:1D:11:69
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6D365678B0B6C4E2F5589D056A3D0B4BF5E08814
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9c0738ab-0d59-4e7b-afb6-d15789d094de.roa
Signing time:             Mon 30 Jun 2025 17:21:18 +0000
ROA not before:           Mon 30 Jun 2025 17:21:18 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.214.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:36:56:78:b0:b6:c4:e2:f5:58:9d:05:6a:3d:0b:4b:f5:e0:88:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 17:21:18 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=a909a0bb6d174a94da8472331b2408e4d5762728e2e286add37419317c8a7e2c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cc:48:c7:b1:b5:e1:60:8b:93:c2:3a:fd:e8:
                    96:5f:a1:5a:ba:fe:34:a7:33:06:91:3f:16:8a:c1:
                    4e:ec:f0:75:a5:e2:75:c4:4a:41:b9:b9:88:83:78:
                    07:50:f1:29:8f:be:18:e6:1b:7d:df:6a:05:30:a0:
                    d6:a6:07:a5:ec:cc:c3:f2:9c:93:05:84:c1:30:54:
                    e1:65:e7:90:fd:f6:c8:a7:a0:0a:c9:f5:ab:0c:82:
                    49:70:78:d6:6d:a2:c4:c1:5f:cb:5d:45:a1:40:3c:
                    ca:de:90:7c:8a:42:7a:05:dc:a6:5a:a8:67:26:cd:
                    59:42:56:58:85:52:62:14:07:4d:3b:cd:ad:9a:75:
                    d1:1a:91:14:fc:3a:6d:44:f0:2e:04:19:b1:19:30:
                    ec:63:81:cf:2b:a9:d7:7d:fe:af:d9:fc:d7:d5:90:
                    b0:2b:86:fa:8f:3b:bf:bc:cb:e8:b4:34:a3:63:b1:
                    61:4a:0a:bf:72:7e:76:cc:78:02:7a:d3:87:81:23:
                    0f:99:72:dd:92:92:8b:7d:8e:fe:f5:a2:48:ce:bc:
                    1a:b3:ab:53:c2:4e:27:e6:24:5b:f0:f5:79:c2:ea:
                    27:c8:a3:bf:51:96:c9:d8:77:55:81:1d:54:f3:58:
                    af:0d:f6:d9:2b:8e:79:63:85:c7:19:1b:ba:37:8f:
                    61:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B0:4C:13:A3:62:C2:DD:F8:0A:96:27:2A:54:0D:55:75:1D:11:69
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9c0738ab-0d59-4e7b-afb6-d15789d094de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.214.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         92:0d:c5:b3:88:57:bc:f9:78:ab:cb:b5:fa:b2:b4:2e:7a:17:
         29:c5:b0:dd:ed:e6:29:16:22:ba:01:5c:bc:a9:29:34:16:cf:
         bc:92:da:5a:ed:24:a7:00:47:e2:0d:3d:46:d8:e6:52:48:b0:
         cc:7d:7e:85:38:fb:3c:1c:d0:a5:2b:1b:9c:e7:cf:4a:75:15:
         da:93:8a:ac:2c:d8:b9:89:25:e6:4a:92:84:03:52:88:a8:85:
         44:cb:1d:5d:56:0b:e3:05:60:b1:bf:07:db:0f:19:c9:ca:82:
         5a:f6:8b:0c:9e:3a:a2:c5:0e:ea:ba:41:93:cf:47:09:f0:9e:
         d6:d2:ca:c3:a5:a1:0c:47:88:52:85:7c:7e:fe:ef:0d:38:89:
         ce:50:f5:fd:4b:4b:1c:ce:a8:63:a6:0b:9c:e5:94:f7:b2:c6:
         d5:48:48:9d:23:6d:ce:f7:a6:65:30:d1:33:a8:d5:af:f6:93:
         66:52:b7:61:a0:59:9a:4b:10:24:50:25:0b:5f:f1:e1:ee:de:
         f9:27:22:de:e4:bb:8d:0b:d4:bd:f8:f1:c4:f2:88:11:75:4f:
         05:ca:05:c8:32:6f:7b:a2:36:0b:d3:ee:d5:97:10:5e:d8:ee:
         9e:0d:87:17:62:19:06:32:6d:f2:81:ea:f0:11:a9:f0:5b:ac:
         5f:f4:38:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbTZWeLC2xOL1WJ0Faj0LS/XgiBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTcyMTE4WhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTA5YTBiYjZkMTc0YTk0ZGE4NDcyMzMxYjI0MDhlNGQ1
NzYyNzI4ZTJlMjg2YWRkMzc0MTkzMTdjOGE3ZTJjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDazEjHsbXhYIuTwjr96JZfoVq6/jSnMwaRPxaKwU7s8HWl
4nXESkG5uYiDeAdQ8SmPvhjmG33fagUwoNamB6XszMPynJMFhMEwVOFl55D99sin
oArJ9asMgklweNZtosTBX8tdRaFAPMrekHyKQnoF3KZaqGcmzVlCVliFUmIUB007
za2addEakRT8Om1E8C4EGbEZMOxjgc8rqdd9/q/Z/NfVkLArhvqPO7+8y+i0NKNj
sWFKCr9yfnbMeAJ604eBIw+Zct2Skot9jv71okjOvBqzq1PCTifmJFvw9XnC6ifI
o79RlsnYd1WBHVTzWK8N9tkrjnljhccZG7o3j2GhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCLBME6Niwt34CpYnKlQNVXUdEWkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzljMDczOGFiLTBkNTktNGU3Yi1hZmI2LWQxNTc4OWQwOTRkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM21uAwDQYJKoZIhvcNAQELBQADggEBAJINxbOIV7z5eKvLtfqytC56FynF
sN3t5ikWIroBXLypKTQWz7yS2lrtJKcAR+INPUbY5lJIsMx9foU4+zwc0KUrG5zn
z0p1FdqTiqws2LmJJeZKkoQDUoiohUTLHV1WC+MFYLG/B9sPGcnKglr2iwyeOqLF
Duq6QZPPRwnwntbSysOloQxHiFKFfH7+7w04ic5Q9f1LSxzOqGOmC5zllPeyxtVI
SJ0jbc73pmUw0TOo1a/2k2ZSt2GgWZpLECRQJQtf8eHu3vknIt7ku40L1L348cTy
iBF1TwXKBcgyb3uiNgvT7tWXEF7Y7p4NhxdiGQYybfKB6vARqfBbrF/0OAg=
-----END CERTIFICATE-----