Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aece8515-e789-4b5a-a009-b6f2e14eb0e2.roa
File:                     aece8515-e789-4b5a-a009-b6f2e14eb0e2.roa (raw, json)
Hash identifier:          uv2YX/6deFF3GigZeXux0F4K6mQnH9FJT7TdkniqWEg=
Subject key identifier:   E9:31:7B:3A:70:25:BB:F3:9C:50:97:A3:15:74:32:A1:B3:C7:53:BB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3502F8ABFFEC3A5A6683341A178C2C2C94833227
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aece8515-e789-4b5a-a009-b6f2e14eb0e2.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.251.128.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:02:f8:ab:ff:ec:3a:5a:66:83:34:1a:17:8c:2c:2c:94:83:32:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2d:31:30:7a:a5:41:ab:28:ab:bc:58:d8:65:
                    20:60:fd:cc:8f:ac:0c:6b:3b:80:05:d6:fa:11:03:
                    01:ec:07:de:7f:53:10:21:fd:df:e3:eb:fe:58:0e:
                    f2:f3:d7:b2:07:44:93:4b:d1:1b:71:84:12:ca:15:
                    20:fd:ed:a2:4b:bc:5d:e3:9f:d5:ab:fe:43:75:23:
                    1f:cc:61:fa:f3:c6:35:1a:8b:29:f2:a6:29:20:6a:
                    86:6f:23:ad:35:d4:76:a8:84:57:6f:89:eb:b4:22:
                    7f:31:43:6d:57:1f:f7:8c:25:eb:fd:d3:9c:82:24:
                    94:53:62:94:aa:62:a9:5b:ed:98:af:43:c8:2e:55:
                    8a:7c:b0:f2:f9:a2:05:3a:9a:af:53:87:95:d2:16:
                    99:06:b8:fd:95:c4:1c:51:71:68:39:a3:a6:d8:d2:
                    c2:fd:64:b1:7c:59:94:fb:06:5d:03:11:f8:fc:38:
                    b6:f5:ba:06:c9:30:e0:14:22:65:61:3f:9f:ea:64:
                    e0:18:17:67:14:4f:93:6f:5c:7d:ba:5a:85:24:69:
                    95:8c:54:98:dc:a3:ab:d3:b8:6a:1e:77:d4:47:7f:
                    6a:56:61:ca:bc:08:48:02:b0:76:61:87:e8:51:0e:
                    3a:fc:51:a5:33:f9:60:0f:ee:2a:6c:08:d5:f5:f6:
                    94:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:31:7B:3A:70:25:BB:F3:9C:50:97:A3:15:74:32:A1:B3:C7:53:BB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aece8515-e789-4b5a-a009-b6f2e14eb0e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.251.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         75:7c:88:f0:be:63:e9:cc:88:b1:db:5b:16:a4:5e:c4:a5:dc:
         af:4b:bb:28:61:65:b1:4e:e0:53:1d:5f:fa:77:eb:3b:49:35:
         14:a9:68:5c:26:a8:95:cf:43:b8:03:3c:6d:51:90:18:42:cf:
         3d:da:f9:45:e2:4b:b1:30:bf:bc:ca:12:58:e5:e9:02:fa:e5:
         eb:89:13:58:de:91:48:5f:85:55:ef:09:76:0a:c8:a7:be:ec:
         df:40:6b:b3:de:59:a0:1c:92:ff:f0:82:52:80:86:29:0d:4a:
         58:db:9d:41:e9:87:45:50:d2:08:6d:58:ff:d4:21:23:e9:ed:
         27:64:02:ac:14:8e:39:e0:89:2f:e3:d6:e4:54:ed:c5:fa:e3:
         97:35:4a:33:41:c7:94:83:5c:81:b1:86:00:0f:bd:86:5a:d8:
         76:a0:ec:70:b2:a9:80:06:01:5b:3b:f7:6c:71:4a:9b:8e:e6:
         97:12:54:87:00:95:d1:b7:88:ba:57:41:78:71:4b:ad:45:42:
         a9:6f:df:37:6b:98:57:af:b9:f0:c1:29:0c:bf:6a:3e:f2:aa:
         08:73:ff:32:82:ea:9e:10:a1:05:15:24:e1:15:9e:71:5f:17:
         23:01:d0:7d:eb:a5:7e:f0:c8:e1:af:3a:3d:fe:69:e9:e1:bd:
         91:c2:8b:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNQL4q//sOlpmgzQaF4wsLJSDMicwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTNmYTY1MzE3OWJhNWYxM2ExOWU2MzZkNDJmNzg4MjBm
ZDY0MDc4NDgwOWRhYTk0Yjk2Y2E3NTA4MjRlMThjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJLTEweqVBqyirvFjYZSBg/cyPrAxrO4AF1voRAwHsB95/
UxAh/d/j6/5YDvLz17IHRJNL0RtxhBLKFSD97aJLvF3jn9Wr/kN1Ix/MYfrzxjUa
iynypikgaoZvI6011HaohFdvieu0In8xQ21XH/eMJev905yCJJRTYpSqYqlb7Ziv
Q8guVYp8sPL5ogU6mq9Th5XSFpkGuP2VxBxRcWg5o6bY0sL9ZLF8WZT7Bl0DEfj8
OLb1ugbJMOAUImVhP5/qZOAYF2cUT5NvXH26WoUkaZWMVJjco6vTuGoed9RHf2pW
Ycq8CEgCsHZhh+hRDjr8UaUz+WAP7ipsCNX19pSvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6TF7OnAlu/OcUJejFXQyobPHU7swHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FlY2U4NTE1LWU3ODktNGI1YS1hMDA5LWI2ZjJlMTRlYjBlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ2+4AwDQYJKoZIhvcNAQELBQADggEBAHV8iPC+Y+nMiLHbWxakXsSl3K9L
uyhhZbFO4FMdX/p36ztJNRSpaFwmqJXPQ7gDPG1RkBhCzz3a+UXiS7Ewv7zKEljl
6QL65euJE1jekUhfhVXvCXYKyKe+7N9Aa7PeWaAckv/wglKAhikNSljbnUHph0VQ
0ghtWP/UISPp7SdkAqwUjjngiS/j1uRU7cX645c1SjNBx5SDXIGxhgAPvYZa2Hag
7HCyqYAGAVs792xxSpuO5pcSVIcAldG3iLpXQXhxS61FQqlv3zdrmFevufDBKQy/
aj7yqghz/zKC6p4QoQUVJOEVnnFfFyMB0H3rpX7wyOGvOj3+aenhvZHCi5k=
-----END CERTIFICATE-----