Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a977f118-c089-4c33-a7c5-85f3ed7a2f17.roa
File:                     a977f118-c089-4c33-a7c5-85f3ed7a2f17.roa (raw, json)
Hash identifier:          mbHa3g+Y2jg0dRT5cB/Ck4vMrjP3EHUX372wSLuY72c=
Subject key identifier:   01:97:94:02:A6:EC:C9:D4:6D:13:AB:63:6E:E5:7B:42:9B:79:98:F0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       135CC5168F8E07EB64E45CFF9C5B455567CF2A9C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a977f118-c089-4c33-a7c5-85f3ed7a2f17.roa
Signing time:             Fri 15 Nov 2024 00:00:00 +0000
ROA not before:           Fri 15 Nov 2024 00:00:00 +0000
ROA not after:            Fri 20 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        52.46.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 27 Nov 2024 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:5c:c5:16:8f:8e:07:eb:64:e4:5c:ff:9c:5b:45:55:67:cf:2a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov 15 00:00:00 2024 GMT
            Not After : Dec 20 23:59:59 2024 GMT
        Subject: serialNumber=f6b3fe867139b6665b4031b8a88827597c83c805c615d0eab164a70b0bb7a7b0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b2:c0:cf:dd:eb:7d:00:53:a7:2e:ba:27:f8:
                    1d:a2:73:75:4c:a0:59:67:cd:7c:13:0c:cc:9e:d3:
                    a6:f4:16:9b:7a:81:22:eb:89:61:7e:68:3e:15:8a:
                    5c:f3:49:91:c3:82:88:4c:24:5e:d6:a5:d8:08:ee:
                    4c:d0:4e:fc:a3:1c:bc:4c:fd:bf:22:cc:f1:1d:a8:
                    8c:34:1e:d7:93:82:35:a7:1d:06:cc:67:bc:1d:16:
                    28:04:82:a5:8a:89:db:ac:81:b0:fe:9a:45:0c:fa:
                    e5:23:0c:ca:80:3d:d3:b3:55:0a:8a:ec:60:0d:60:
                    8c:79:1a:df:dd:4d:be:c9:00:1a:37:36:a0:05:ca:
                    a5:f4:5e:7e:6f:47:c1:0c:1c:3b:d7:bc:9a:47:ae:
                    ca:36:12:2f:8b:ad:a3:0e:1f:17:95:30:1d:5b:e5:
                    9c:90:ef:1e:18:e0:3c:36:ad:54:f7:fc:ee:0d:2a:
                    d0:f3:37:da:2f:52:23:6e:d6:1a:af:34:15:16:37:
                    71:ef:0f:43:ee:13:37:0e:d8:f7:13:7d:ac:85:8b:
                    00:d8:58:78:2f:0f:63:44:41:ad:48:11:bb:21:c4:
                    25:41:58:c3:61:1e:1f:69:23:ae:fc:1d:ca:3d:40:
                    d2:d9:94:9d:a1:1f:f2:c6:3e:92:69:c3:28:b7:38:
                    de:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:97:94:02:A6:EC:C9:D4:6D:13:AB:63:6E:E5:7B:42:9B:79:98:F0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a977f118-c089-4c33-a7c5-85f3ed7a2f17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:59:4f:4e:4f:94:db:8b:d4:4c:98:bd:92:1a:6e:6a:e1:50:
         cf:61:7f:f3:70:d7:6d:49:f0:5b:1c:3d:94:83:bb:04:73:37:
         b5:54:a6:41:ce:f8:97:bf:eb:43:3d:8f:5a:73:ac:ca:96:69:
         64:da:c6:f2:2a:78:e7:fb:4f:a5:de:33:98:cc:ff:a7:a1:c3:
         0f:43:7b:21:67:8a:91:17:5f:8d:61:e7:3e:41:a7:9d:bb:5c:
         f5:a3:63:3a:35:00:20:54:f5:e7:8d:33:52:a9:bf:28:b3:ce:
         ec:33:32:25:9c:a1:ac:e8:a8:0f:86:68:67:88:f5:6b:f6:e0:
         d6:4d:11:5b:80:78:3c:9d:9c:04:3e:c2:67:21:21:32:c2:00:
         26:16:27:04:1c:d1:fd:17:b4:09:2c:30:be:39:c5:94:45:53:
         a5:a8:97:11:3b:24:bc:6b:73:99:13:18:bc:9b:10:de:61:a6:
         07:4c:ef:90:08:80:64:c1:5f:f9:b4:86:0e:8d:1e:1b:cd:4b:
         84:d0:67:0b:52:85:f7:36:92:c6:48:d9:94:11:2e:de:6b:65:
         a8:3e:c7:93:c8:34:8e:45:bd:f2:af:dd:7e:2c:d6:24:5f:c6:
         ea:66:72:2b:1f:df:ae:49:88:a8:e8:d6:a0:f5:35:d9:47:39:
         1b:05:19:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE1zFFo+OB+tk5Fz/nFtFVWfPKpwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMTE1MDAwMDAwWhcNMjQxMjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNmIzZmU4NjcxMzliNjY2NWI0MDMxYjhhODg4Mjc1OTdj
ODNjODA1YzYxNWQwZWFiMTY0YTcwYjBiYjdhN2IwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnssDP3et9AFOnLron+B2ic3VMoFlnzXwTDMye06b0Fpt6
gSLriWF+aD4VilzzSZHDgohMJF7WpdgI7kzQTvyjHLxM/b8izPEdqIw0HteTgjWn
HQbMZ7wdFigEgqWKidusgbD+mkUM+uUjDMqAPdOzVQqK7GANYIx5Gt/dTb7JABo3
NqAFyqX0Xn5vR8EMHDvXvJpHrso2Ei+LraMOHxeVMB1b5ZyQ7x4Y4Dw2rVT3/O4N
KtDzN9ovUiNu1hqvNBUWN3HvD0PuEzcO2PcTfayFiwDYWHgvD2NEQa1IEbshxCVB
WMNhHh9pI678Hco9QNLZlJ2hH/LGPpJpwyi3ON49AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAZeUAqbsydRtE6tjbuV7Qpt5mPAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E5NzdmMTE4LWMwODktNGMzMy1hN2M1LTg1ZjNlZDdhMmYxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0LtwwDQYJKoZIhvcNAQELBQADggEBAGZZT05PlNuL1EyYvZIabmrhUM9h
f/Nw121J8FscPZSDuwRzN7VUpkHO+Je/60M9j1pzrMqWaWTaxvIqeOf7T6XeM5jM
/6ehww9DeyFnipEXX41h5z5Bp527XPWjYzo1ACBU9eeNM1KpvyizzuwzMiWcoazo
qA+GaGeI9Wv24NZNEVuAeDydnAQ+wmchITLCACYWJwQc0f0XtAksML45xZRFU6Wo
lxE7JLxrc5kTGLybEN5hpgdM75AIgGTBX/m0hg6NHhvNS4TQZwtShfc2ksZI2ZQR
Lt5rZag+x5PINI5FvfKv3X4s1iRfxupmcisf365JiKjo1qD1NdlHORsFGf0=
-----END CERTIFICATE-----