Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bd9c9636-a7d9-4ac0-ba83-f9e4e92e04a0.roa
File:                     bd9c9636-a7d9-4ac0-ba83-f9e4e92e04a0.roa (raw, json)
Hash identifier:          0yE2fAqcehoDRyePX+pG7jvY95L2fe7xZh/Tu8C2hvI=
Subject key identifier:   45:6F:AA:75:C1:E0:C7:EE:83:8E:D9:C1:54:03:65:C0:3A:49:8F:11
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2C43153D06206B33DE433E58D69B23D202FFC6C9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bd9c9636-a7d9-4ac0-ba83-f9e4e92e04a0.roa
Signing time:             Tue 13 May 2025 00:50:17 +0000
ROA not before:           Tue 13 May 2025 00:50:17 +0000
ROA not after:            Tue 17 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Jun 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:43:15:3d:06:20:6b:33:de:43:3e:58:d6:9b:23:d2:02:ff:c6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 13 00:50:17 2025 GMT
            Not After : Jun 17 23:59:59 2025 GMT
        Subject: serialNumber=ed970aaff3a8e3e09466b40b550739a8a730b082ffdb68512f2a2cbab4341b6f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6e:62:bd:8b:40:e3:79:ea:6a:11:c8:f6:29:
                    6a:ac:e5:5b:3c:22:69:88:99:e6:51:8d:97:42:58:
                    15:5d:4e:f8:30:2a:15:f6:95:a4:33:0d:46:b7:4f:
                    f6:12:f5:8e:94:7f:bf:a6:57:9d:bf:01:2b:51:de:
                    23:36:09:f7:03:63:26:ca:8c:2d:de:07:85:30:1b:
                    eb:f9:76:7d:36:80:44:56:fb:b8:14:95:a3:cf:31:
                    c5:ed:43:53:38:7f:ee:1b:5a:07:c6:56:86:16:63:
                    32:dd:41:e1:7d:60:bd:44:7b:58:e1:ba:34:23:3d:
                    5f:17:00:c0:d6:75:e4:86:a3:19:d4:82:73:7e:6d:
                    48:44:3f:ec:72:69:83:37:a6:f5:5a:4a:83:11:80:
                    19:ca:ea:f3:f1:7d:fb:11:74:2b:c2:76:3f:67:ee:
                    78:30:84:8f:38:5d:16:5c:84:56:89:5f:c1:d5:83:
                    2c:9f:a5:93:ae:73:69:0d:73:50:94:c4:1a:69:6a:
                    b2:4c:a1:80:3b:16:c1:de:1e:6d:a3:9d:8d:3a:e4:
                    c9:07:f2:58:ec:c1:e9:d5:3c:ee:93:55:b2:f2:df:
                    dc:26:57:f4:7e:cf:f5:d2:67:8c:c8:f9:ff:b2:b9:
                    4b:a2:89:6d:ca:64:5f:3e:b7:32:c5:90:be:63:85:
                    76:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:6F:AA:75:C1:E0:C7:EE:83:8E:D9:C1:54:03:65:C0:3A:49:8F:11
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bd9c9636-a7d9-4ac0-ba83-f9e4e92e04a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:e7:38:eb:68:2a:42:75:f5:54:c2:fd:58:01:27:5d:c6:5d:
         4b:d2:1e:2e:2b:fb:25:5c:4b:14:82:8a:39:62:cc:ee:ae:5d:
         a0:da:ed:6a:49:56:56:83:51:d9:2c:b9:95:ce:18:52:b2:f8:
         6b:e4:a0:d1:b5:0a:65:d4:df:a2:c1:60:23:e1:ba:6d:41:dc:
         4c:d9:bc:eb:05:7a:c5:ae:07:20:5e:aa:17:10:ca:b4:6b:69:
         6e:45:db:1d:c2:eb:aa:76:7a:18:de:be:80:2a:3a:1d:32:23:
         bf:e8:bc:e2:cd:dc:e1:6c:30:65:ae:45:27:93:32:48:d2:95:
         30:95:56:2c:73:a4:1e:85:18:7d:ea:9f:7c:1d:4e:8e:01:63:
         b5:5c:1b:b3:f2:5b:36:b1:a9:4d:f1:3b:92:17:34:bc:7b:f7:
         2f:d8:36:38:fc:97:cb:fe:18:9c:56:cb:32:ff:0a:5d:0b:da:
         0e:54:07:1a:b3:9d:01:14:32:aa:30:bf:56:01:54:84:75:63:
         14:89:9d:88:56:07:e1:3e:dd:94:53:70:8f:41:78:ba:c5:89:
         be:a6:50:17:59:b6:dc:e5:34:aa:66:60:c4:ad:d6:2f:dd:d4:
         04:12:a1:44:dd:fa:29:21:e5:c3:f3:5b:d8:a4:84:96:b2:e4:
         73:1b:cf:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULEMVPQYgazPeQz5Y1psj0gL/xskwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTEzMDA1MDE3WhcNMjUwNjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDk3MGFhZmYzYThlM2UwOTQ2NmI0MGI1NTA3MzlhOGE3
MzBiMDgyZmZkYjY4NTEyZjJhMmNiYWI0MzQxYjZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0bmK9i0DjeepqEcj2KWqs5Vs8ImmImeZRjZdCWBVdTvgw
KhX2laQzDUa3T/YS9Y6Uf7+mV52/AStR3iM2CfcDYybKjC3eB4UwG+v5dn02gERW
+7gUlaPPMcXtQ1M4f+4bWgfGVoYWYzLdQeF9YL1Ee1jhujQjPV8XAMDWdeSGoxnU
gnN+bUhEP+xyaYM3pvVaSoMRgBnK6vPxffsRdCvCdj9n7ngwhI84XRZchFaJX8HV
gyyfpZOuc2kNc1CUxBpparJMoYA7FsHeHm2jnY065MkH8ljswenVPO6TVbLy39wm
V/R+z/XSZ4zI+f+yuUuiiW3KZF8+tzLFkL5jhXavAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURW+qdcHgx+6DjtnBVANlwDpJjxEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JkOWM5NjM2LWE3ZDktNGFjMC1iYTgzLWY5ZTRlOTJlMDRhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XUwwDQYJKoZIhvcNAQELBQADggEBADDnOOtoKkJ19VTC/VgBJ13GXUvS
Hi4r+yVcSxSCijlizO6uXaDa7WpJVlaDUdksuZXOGFKy+GvkoNG1CmXU36LBYCPh
um1B3EzZvOsFesWuByBeqhcQyrRraW5F2x3C66p2ehjevoAqOh0yI7/ovOLN3OFs
MGWuRSeTMkjSlTCVVixzpB6FGH3qn3wdTo4BY7VcG7PyWzaxqU3xO5IXNLx79y/Y
Njj8l8v+GJxWyzL/Cl0L2g5UBxqznQEUMqowv1YBVIR1YxSJnYhWB+E+3ZRTcI9B
eLrFib6mUBdZttzlNKpmYMSt1i/d1AQSoUTd+ikh5cPzW9ikhJay5HMbzwA=
-----END CERTIFICATE-----