Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c20a63f1-f1c7-44fa-b1ea-4432da4a911f.roa
File:                     c20a63f1-f1c7-44fa-b1ea-4432da4a911f.roa (raw, json)
Hash identifier:          LTE596ehDBY9mf3aTHPvFz+u1aPWuYDnDcEgdVxqW08=
Subject key identifier:   08:DE:3D:E3:CB:A2:9A:42:31:DA:44:61:50:35:39:88:68:5E:98:1E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7D2333A809A8AA7A8BFE01BF3FBBEE37FC87B011
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c20a63f1-f1c7-44fa-b1ea-4432da4a911f.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.224.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:23:33:a8:09:a8:aa:7a:8b:fe:01:bf:3f:bb:ee:37:fc:87:b0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:da:18:58:fe:70:b0:25:46:aa:8a:0e:83:55:
                    85:85:1e:9c:35:82:94:14:c2:33:ce:d9:9e:be:51:
                    2f:0d:9b:27:70:0d:93:e8:5a:9a:09:09:72:24:b5:
                    25:9d:4d:87:b4:b2:ac:bb:0e:54:fc:5b:47:86:64:
                    47:cb:89:bf:20:73:d5:6a:ec:d6:1a:cd:70:48:89:
                    45:09:ce:c2:a6:d0:4d:bd:92:be:a4:84:58:16:db:
                    9b:89:b6:e9:74:0a:3a:be:ca:76:90:8f:d4:c0:ed:
                    ff:46:2b:b6:51:a1:b7:16:65:85:dd:3a:71:22:e5:
                    50:6b:0f:38:94:bb:7d:19:fc:aa:10:3f:67:73:d5:
                    1a:19:73:f9:a0:d9:0d:c6:00:37:0e:f6:ce:c4:14:
                    10:23:14:cd:b0:07:3d:04:43:26:6f:8d:66:04:e6:
                    e1:63:2e:19:00:95:47:6e:7f:7a:86:4a:e4:c5:60:
                    47:89:39:0d:1f:d8:92:54:ac:6e:d2:90:3d:44:20:
                    e7:1f:aa:6a:21:2e:39:32:ca:11:0f:ce:9a:3c:0a:
                    cc:de:95:8c:5e:25:40:aa:49:d6:30:77:62:84:cc:
                    a9:49:b1:a8:06:22:4f:57:e7:9c:0c:bf:38:6e:58:
                    38:a8:d3:a3:03:4b:c1:4f:3e:8e:48:99:be:2e:87:
                    0a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:DE:3D:E3:CB:A2:9A:42:31:DA:44:61:50:35:39:88:68:5E:98:1E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c20a63f1-f1c7-44fa-b1ea-4432da4a911f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.224.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         a6:b5:20:f8:79:d7:54:bc:b9:88:fd:95:79:39:6c:31:03:55:
         9c:de:a2:53:5a:b8:7c:d3:64:ff:06:d2:9a:96:5e:26:05:8d:
         1d:e9:fe:fd:0a:85:39:2d:c8:9d:6d:2a:b3:9a:f1:e1:ea:0f:
         3f:e1:28:c0:25:71:6a:43:2b:ad:57:64:85:3e:f5:c2:ba:38:
         99:f7:96:38:e2:96:ee:ef:d3:a6:d5:c4:6d:d8:2d:fc:b9:3e:
         e9:91:d4:d0:23:25:d5:8a:22:5c:b5:c5:12:33:f9:b9:d9:b0:
         4c:85:cf:62:77:59:59:39:e4:61:10:1a:12:44:c7:e6:56:2a:
         aa:04:da:62:d2:3d:9b:f3:54:43:7f:e6:e4:52:a0:78:69:98:
         84:05:1a:d7:74:c4:87:4e:71:d2:30:9e:f4:5a:16:c5:9f:51:
         ce:ef:70:ab:9c:95:d5:75:25:a5:c1:70:bf:ef:99:0c:c4:b5:
         d5:13:a3:0c:20:49:c2:58:de:fb:29:53:11:80:11:80:5e:34:
         f6:e2:8c:f3:8d:91:49:38:42:f9:27:01:34:94:1a:33:5b:14:
         73:ba:4f:e3:53:9f:a2:d5:09:df:4c:a5:73:67:b5:67:51:9a:
         a1:9a:aa:3d:fa:c4:d7:20:4e:0b:69:81:8f:95:ec:e2:69:3e:
         55:8d:73:25
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfSMzqAmoqnqL/gG/P7vuN/yHsBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzUwN2MzMWI4YWYzZmYwYTQ4NDAwZTU1ZmQxNWExODQz
ZWFkYjllMjczZGM4OTM5MzMzMGM4MTcwNTFhMjc1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK2hhY/nCwJUaqig6DVYWFHpw1gpQUwjPO2Z6+US8Nmydw
DZPoWpoJCXIktSWdTYe0sqy7DlT8W0eGZEfLib8gc9Vq7NYazXBIiUUJzsKm0E29
kr6khFgW25uJtul0Cjq+ynaQj9TA7f9GK7ZRobcWZYXdOnEi5VBrDziUu30Z/KoQ
P2dz1RoZc/mg2Q3GADcO9s7EFBAjFM2wBz0EQyZvjWYE5uFjLhkAlUduf3qGSuTF
YEeJOQ0f2JJUrG7SkD1EIOcfqmohLjkyyhEPzpo8CszelYxeJUCqSdYwd2KEzKlJ
sagGIk9X55wMvzhuWDio06MDS8FPPo5Imb4uhwpzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCN4948uimkIx2kRhUDU5iGhemB4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MyMGE2M2YxLWYxYzctNDRmYS1iMWVhLTQ0MzJkYTRhOTExZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE24DANBgkqhkiG9w0BAQsFAAOCAQEAprUg+HnXVLy5iP2VeTlsMQNVnN6i
U1q4fNNk/wbSmpZeJgWNHen+/QqFOS3InW0qs5rx4eoPP+EowCVxakMrrVdkhT71
wro4mfeWOOKW7u/TptXEbdgt/Lk+6ZHU0CMl1YoiXLXFEjP5udmwTIXPYndZWTnk
YRAaEkTH5lYqqgTaYtI9m/NUQ3/m5FKgeGmYhAUa13TEh05x0jCe9FoWxZ9Rzu9w
q5yV1XUlpcFwv++ZDMS11ROjDCBJwlje+ylTEYARgF409uKM842RSThC+ScBNJQa
M1sUc7pP41OfotUJ30ylc2e1Z1GaoZqqPfrE1yBOC2mBj5Xs4mk+VY1zJQ==
-----END CERTIFICATE-----