Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c0caee73-d612-4f2d-a944-989cb3ca78df.roa
File:                     c0caee73-d612-4f2d-a944-989cb3ca78df.roa (raw, json)
Hash identifier:          KRVR1vFMxumNRNavbYtD9CTjAQC+xDtChco1dup4Kx0=
Subject key identifier:   5C:31:83:6B:18:E0:42:66:E8:15:35:58:D9:CE:CE:8E:9F:DE:A8:B0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B69C02B610251B7B846C3C5DFCC6EA8CBD638F7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c0caee73-d612-4f2d-a944-989cb3ca78df.roa
Signing time:             Fri 09 May 2025 16:11:43 +0000
ROA not before:           Fri 09 May 2025 16:11:43 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.176.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:69:c0:2b:61:02:51:b7:b8:46:c3:c5:df:cc:6e:a8:cb:d6:38:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 16:11:43 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=96b98be00b8c741e66049be92293fa9aa8cd45012532a0601b9cf66bfa2edee5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e9:b1:21:8e:7e:b3:10:03:08:04:cc:ec:99:
                    fb:0d:0c:11:40:b6:85:11:dd:96:07:af:a1:db:fc:
                    eb:a3:55:ee:d8:4d:15:c7:12:f5:ff:af:61:69:ee:
                    54:eb:04:56:6b:ef:b8:07:e7:8d:01:79:9f:ed:16:
                    45:d4:fb:8b:7a:0a:db:a2:c6:69:5b:8f:96:fd:3d:
                    53:ae:43:6e:27:77:ea:ad:15:db:ac:c9:7e:1e:30:
                    36:3a:81:a3:7a:ed:88:e6:af:5d:d5:56:5a:9a:7c:
                    6a:a0:47:ce:12:cb:cf:79:72:ad:de:d0:b5:c1:51:
                    35:0a:a4:79:98:72:79:9f:01:8a:34:ab:1e:e8:94:
                    41:c0:a5:37:f0:87:35:43:c1:6a:cd:78:64:15:51:
                    86:a2:88:4b:1b:ae:4c:c7:f1:cf:ac:31:1f:26:e4:
                    74:a6:82:ad:b4:fa:c9:e9:3a:45:18:e8:b5:66:a5:
                    66:9d:b4:c8:e8:81:48:a3:4c:33:36:f3:ab:ca:a9:
                    f1:90:5f:0d:0d:73:c5:19:02:ed:99:f5:40:46:ab:
                    93:bc:72:10:2d:0e:b1:b9:2f:88:eb:91:b3:75:8d:
                    d3:bf:7e:22:b5:90:14:6b:4b:88:3c:5a:ce:ff:0a:
                    06:de:3d:e8:17:0a:0a:44:7f:33:5c:ed:b5:68:e4:
                    9d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:31:83:6B:18:E0:42:66:E8:15:35:58:D9:CE:CE:8E:9F:DE:A8:B0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c0caee73-d612-4f2d-a944-989cb3ca78df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.176.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         61:b8:21:1e:06:f1:a5:70:12:ad:fd:f6:16:d7:8c:8b:38:33:
         3c:24:87:6f:7e:91:68:42:a5:a8:13:09:2d:59:23:5a:46:2d:
         09:bb:44:4e:51:6b:cf:93:56:e0:2e:89:ba:f7:98:18:4f:22:
         a6:1e:3e:d1:0d:e6:2b:0e:ca:a7:88:b9:47:99:9d:92:99:1f:
         f7:67:ca:23:3d:e0:cc:05:19:27:66:83:bc:a6:7e:a3:82:90:
         84:b9:57:8b:95:70:f6:0a:bb:f6:92:3a:6a:6a:3b:aa:00:2b:
         30:10:9a:20:4c:73:32:8f:c2:66:3f:e5:8e:2e:5c:e0:9a:55:
         5c:51:55:a3:1b:12:f6:15:5b:af:43:48:c4:8b:2b:02:cc:11:
         e0:24:2c:75:24:0d:4e:77:6a:5a:ca:5b:99:a6:77:46:75:40:
         1f:b7:17:44:71:bf:5b:7c:72:04:7e:c6:cd:06:9f:86:bb:69:
         51:4d:b7:01:c0:86:e6:68:76:0c:2b:f8:27:20:a4:61:fc:bb:
         d1:96:13:7f:2a:5f:35:ee:78:fd:10:fa:fd:57:ae:8f:ea:b8:
         87:5e:cc:75:eb:d1:1a:2a:06:c4:50:88:cf:93:22:4c:5e:ba:
         d1:a1:9e:2b:4c:bc:22:de:33:c5:7c:89:b6:91:21:19:1d:ec:
         65:97:bd:ce
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUK2nAK2ECUbe4RsPF38xuqMvWOPcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MTYxMTQzWhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmI5OGJlMDBiOGM3NDFlNjYwNDliZTkyMjkzZmE5YWE4
Y2Q0NTAxMjUzMmEwNjAxYjljZjY2YmZhMmVkZWU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO6bEhjn6zEAMIBMzsmfsNDBFAtoUR3ZYHr6Hb/OujVe7Y
TRXHEvX/r2Fp7lTrBFZr77gH540BeZ/tFkXU+4t6Ctuixmlbj5b9PVOuQ24nd+qt
FdusyX4eMDY6gaN67Yjmr13VVlqafGqgR84Sy895cq3e0LXBUTUKpHmYcnmfAYo0
qx7olEHApTfwhzVDwWrNeGQVUYaiiEsbrkzH8c+sMR8m5HSmgq20+snpOkUY6LVm
pWadtMjogUijTDM286vKqfGQXw0Nc8UZAu2Z9UBGq5O8chAtDrG5L4jrkbN1jdO/
fiK1kBRrS4g8Ws7/CgbePegXCgpEfzNc7bVo5J1LAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXDGDaxjgQmboFTVY2c7Ojp/eqLAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MwY2FlZTczLWQ2MTItNGYyZC1hOTQ0LTk4OWNiM2NhNzhkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQ2sDANBgkqhkiG9w0BAQsFAAOCAQEAYbghHgbxpXASrf32FteMizgzPCSH
b36RaEKlqBMJLVkjWkYtCbtETlFrz5NW4C6JuveYGE8iph4+0Q3mKw7Kp4i5R5md
kpkf92fKIz3gzAUZJ2aDvKZ+o4KQhLlXi5Vw9gq79pI6amo7qgArMBCaIExzMo/C
Zj/lji5c4JpVXFFVoxsS9hVbr0NIxIsrAswR4CQsdSQNTndqWspbmaZ3RnVAH7cX
RHG/W3xyBH7GzQafhrtpUU23AcCG5mh2DCv4JyCkYfy70ZYTfypfNe54/RD6/Veu
j+q4h17MdevRGioGxFCIz5MiTF660aGeK0y8It4zxXyJtpEhGR3sZZe9zg==
-----END CERTIFICATE-----