Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a0f322d1-3fa0-4ae3-976b-ca207ebba35a.roa
File:                     a0f322d1-3fa0-4ae3-976b-ca207ebba35a.roa (raw, json)
Hash identifier:          U61JlyWPsldkNfZJJN4NHZnkFNphZH4zfnV2OvGdGIQ=
Subject key identifier:   17:9F:57:32:59:A7:0E:D4:88:31:E2:E5:1C:2F:26:64:FE:3A:AF:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7398B6DF15ECFC2F05511FDCB2B95770A18934B8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a0f322d1-3fa0-4ae3-976b-ca207ebba35a.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:98:b6:df:15:ec:fc:2f:05:51:1f:dc:b2:b9:57:70:a1:89:34:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:93:98:fa:68:b3:f9:d2:c1:50:cf:5a:9f:91:
                    76:98:81:0c:19:7e:28:39:83:6b:fd:29:dc:0e:c3:
                    08:b6:23:03:32:a3:11:42:b6:75:09:09:e6:f8:05:
                    95:94:1a:df:38:a4:5b:66:ba:a7:66:b6:cb:c5:17:
                    41:46:71:73:9f:28:73:c1:23:b1:7c:46:69:6e:c6:
                    b5:7c:52:9b:44:39:6b:9f:ce:5d:77:5f:c4:e6:5e:
                    2e:ba:af:9a:bb:8d:1c:30:62:70:35:37:3b:d9:39:
                    2d:48:d6:97:88:10:cf:88:31:42:d5:5b:aa:61:21:
                    6f:71:41:a9:f5:be:32:2b:b1:43:62:b1:1f:d6:f3:
                    2f:6f:df:b3:31:21:70:03:8d:4d:cd:c4:14:4d:3a:
                    48:aa:18:cf:44:6d:72:41:82:af:b5:55:c8:91:75:
                    70:42:d0:4f:18:24:4d:cb:84:2a:20:10:e3:0d:84:
                    36:39:69:b1:f8:29:85:57:b0:a0:00:9c:3d:92:94:
                    e1:7a:61:5c:ad:e8:a3:ed:c6:41:ae:f5:a4:73:19:
                    b6:66:b4:ca:67:8d:d1:d2:00:3b:4a:77:33:8d:dd:
                    71:88:59:e9:e4:69:87:a2:b2:8d:f5:73:0e:f2:bf:
                    20:42:59:df:fc:68:f5:a1:81:ea:b0:5d:cc:8b:2e:
                    54:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:9F:57:32:59:A7:0E:D4:88:31:E2:E5:1C:2F:26:64:FE:3A:AF:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a0f322d1-3fa0-4ae3-976b-ca207ebba35a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:fa:a3:0e:55:77:31:91:2e:97:7f:35:91:d7:00:7d:de:6c:
         41:b5:86:22:aa:41:9d:73:58:f7:85:37:c2:a0:f3:33:2d:99:
         2d:77:f4:7a:98:4c:4c:8d:79:0a:47:63:07:ca:f8:9c:ec:09:
         c8:01:af:03:6a:4e:18:52:8e:94:c5:bd:b0:14:13:21:e3:2b:
         75:f6:9f:af:ef:72:62:b6:93:9f:a4:ea:de:19:76:43:de:0c:
         e8:d1:5f:32:46:2a:4e:96:40:94:f2:02:7c:c4:88:6a:f8:d5:
         21:52:8b:bd:e0:df:6a:e9:14:d4:91:3a:42:ec:50:aa:bf:e3:
         9b:49:17:ba:17:34:f9:3f:c6:e0:2e:11:01:57:c4:d2:0f:ae:
         4e:db:bf:a3:03:e8:c5:de:d5:c0:b8:9d:4a:65:e5:e1:7d:71:
         1a:67:97:cb:11:02:aa:40:52:2b:ed:45:d3:8f:a6:ec:7d:4d:
         a8:92:86:a6:91:40:4d:c4:4b:13:73:d8:c0:59:9f:66:9a:20:
         d4:2e:56:3e:e3:47:6a:cc:c2:d4:70:05:92:50:60:b2:78:37:
         be:a1:89:1c:19:c6:e1:42:91:fa:b3:0b:8e:b4:ec:a6:d4:53:
         9d:74:24:d5:aa:bb:68:11:66:c4:0b:06:a8:44:a3:1a:1b:7c:
         dd:74:c2:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc5i23xXs/C8FUR/csrlXcKGJNLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTIzYzlhMjRiNTg4MTY3NjViOWU0MjdkMTRmNGEzYjdh
Yzc5NDE3ZmM3OTNjYjkzZDJkMDM1N2U3N2FhZmNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDik5j6aLP50sFQz1qfkXaYgQwZfig5g2v9KdwOwwi2IwMy
oxFCtnUJCeb4BZWUGt84pFtmuqdmtsvFF0FGcXOfKHPBI7F8RmluxrV8UptEOWuf
zl13X8TmXi66r5q7jRwwYnA1NzvZOS1I1peIEM+IMULVW6phIW9xQan1vjIrsUNi
sR/W8y9v37MxIXADjU3NxBRNOkiqGM9EbXJBgq+1VciRdXBC0E8YJE3LhCogEOMN
hDY5abH4KYVXsKAAnD2SlOF6YVyt6KPtxkGu9aRzGbZmtMpnjdHSADtKdzON3XGI
WenkaYeiso31cw7yvyBCWd/8aPWhgeqwXcyLLlTlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUF59XMlmnDtSIMeLlHC8mZP46r4EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EwZjMyMmQxLTNmYTAtNGFlMy05NzZiLWNhMjA3ZWJiYTM1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0X2gwDQYJKoZIhvcNAQELBQADggEBAEj6ow5VdzGRLpd/NZHXAH3ebEG1
hiKqQZ1zWPeFN8Kg8zMtmS139HqYTEyNeQpHYwfK+JzsCcgBrwNqThhSjpTFvbAU
EyHjK3X2n6/vcmK2k5+k6t4ZdkPeDOjRXzJGKk6WQJTyAnzEiGr41SFSi73g32rp
FNSROkLsUKq/45tJF7oXNPk/xuAuEQFXxNIPrk7bv6MD6MXe1cC4nUpl5eF9cRpn
l8sRAqpAUivtRdOPpux9TaiShqaRQE3ESxNz2MBZn2aaINQuVj7jR2rMwtRwBZJQ
YLJ4N76hiRwZxuFCkfqzC4607KbUU510JNWqu2gRZsQLBqhEoxobfN10wuM=
-----END CERTIFICATE-----