Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa
File:                     caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa (raw, json)
Hash identifier:          NDA0Luz+7xSI/AHixbwSxLM6P1HR+zqIati4WDkMgZE=
Subject key identifier:   00:75:62:B2:30:0A:D8:13:3A:73:F4:00:2A:17:D0:46:BF:D1:6C:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7A88639B923C75A6C52354D1524910F58D64BAA9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.160.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:88:63:9b:92:3c:75:a6:c5:23:54:d1:52:49:10:f5:8d:64:ba:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2d:c4:d2:17:c9:6b:6d:55:f6:56:25:b2:02:
                    6f:82:d0:77:0f:d9:48:35:46:01:13:ff:df:77:5d:
                    2e:b4:0e:40:45:69:25:f6:a1:28:ad:36:bc:be:38:
                    af:71:b5:19:83:95:2a:74:f5:20:12:ae:8f:37:c6:
                    7b:d5:7e:bb:70:11:bd:4d:53:99:a5:1d:1c:3b:2a:
                    4b:40:e1:59:7d:bb:11:2d:14:29:ff:da:dd:24:80:
                    95:7e:a5:2c:b6:6f:dd:0f:d8:61:60:31:b7:2e:fa:
                    ba:4f:33:a4:1a:60:42:24:a2:b9:61:8d:96:1e:64:
                    08:5d:d4:b0:91:a6:a0:b4:4e:bb:46:d8:0a:43:1f:
                    78:e4:4d:06:b5:0a:c7:72:32:56:62:95:20:b1:d1:
                    7e:a3:9f:ba:38:ab:3d:83:07:42:08:86:23:51:ad:
                    0e:e6:07:13:57:4a:72:5e:d4:2e:05:a4:40:65:69:
                    db:22:b6:d5:d1:0b:55:f2:c6:51:75:ac:a5:d3:dd:
                    a4:be:b4:b2:22:0a:34:06:7d:37:6e:c8:09:64:57:
                    91:e3:14:ba:46:2c:c3:0b:70:b2:3d:f3:90:11:26:
                    a5:72:84:86:79:5e:a0:58:f3:d8:73:6e:51:a1:02:
                    76:72:c1:a2:83:eb:85:5c:72:d4:e8:2f:e5:24:a9:
                    6d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:75:62:B2:30:0A:D8:13:3A:73:F4:00:2A:17:D0:46:BF:D1:6C:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.160.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         57:9e:2d:93:d3:35:52:b2:d6:23:ba:ae:3c:f8:af:b7:0c:86:
         82:37:c3:22:c3:ae:af:c6:b3:80:0c:45:32:6a:13:24:61:02:
         1b:27:ae:a4:3b:77:60:0f:96:84:7b:b6:40:68:71:6e:b6:70:
         03:65:db:ec:f9:de:49:5c:e7:15:8d:5b:24:83:d0:d8:ce:e1:
         94:9f:6c:5c:4b:60:82:8d:dc:d3:b1:62:61:37:a0:37:e5:72:
         d5:be:29:45:23:72:0b:c0:90:3e:c5:54:dc:1c:36:13:9d:46:
         66:ed:d9:0e:4b:d6:ac:a8:40:4a:14:5d:38:39:69:a5:4e:1a:
         cd:9d:57:54:cf:85:b9:63:18:ff:cf:06:c6:de:a0:67:6b:57:
         06:36:81:42:8e:33:28:cd:94:08:fa:d9:8a:dd:19:6e:34:00:
         84:5c:4e:c7:63:d7:55:fe:95:34:16:a0:64:81:12:bf:3c:59:
         f8:1d:c8:4c:34:94:6e:49:85:45:a7:96:f9:27:b7:b2:32:ac:
         78:1f:d8:ce:49:56:d8:54:2c:42:6f:a1:c8:23:a2:66:a1:ac:
         bd:0b:0e:65:b0:e2:f5:1f:03:12:73:30:57:98:52:02:d3:15:
         76:b5:74:91:ba:8a:26:14:88:5b:eb:5c:30:de:26:dc:55:a0:
         df:d3:cb:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeohjm5I8dabFI1TRUkkQ9Y1kuqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZmUzNmI1N2RmMWUxOWYwNzlmNjJlYjgxODM2YzEwZmZj
Yjg2NjE4ZjlkMmE1NjFkNzRiZjBlZWU5MmQ0Y2QzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiLcTSF8lrbVX2ViWyAm+C0HcP2Ug1RgET/993XS60DkBF
aSX2oSitNry+OK9xtRmDlSp09SASro83xnvVfrtwEb1NU5mlHRw7KktA4Vl9uxEt
FCn/2t0kgJV+pSy2b90P2GFgMbcu+rpPM6QaYEIkorlhjZYeZAhd1LCRpqC0TrtG
2ApDH3jkTQa1CsdyMlZilSCx0X6jn7o4qz2DB0IIhiNRrQ7mBxNXSnJe1C4FpEBl
adsittXRC1XyxlF1rKXT3aS+tLIiCjQGfTduyAlkV5HjFLpGLMMLcLI985ARJqVy
hIZ5XqBY89hzblGhAnZywaKD64VcctToL+UkqW2XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAHVisjAK2BM6c/QAKhfQRr/RbHcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NhZjg0NTJkLWJjMDEtNDViNy1hMWE2LWRkMDQxMDBlZjhkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2oIAwDQYJKoZIhvcNAQELBQADggEBAFeeLZPTNVKy1iO6rjz4r7cMhoI3
wyLDrq/Gs4AMRTJqEyRhAhsnrqQ7d2APloR7tkBocW62cANl2+z53klc5xWNWySD
0NjO4ZSfbFxLYIKN3NOxYmE3oDflctW+KUUjcgvAkD7FVNwcNhOdRmbt2Q5L1qyo
QEoUXTg5aaVOGs2dV1TPhbljGP/PBsbeoGdrVwY2gUKOMyjNlAj62YrdGW40AIRc
Tsdj11X+lTQWoGSBEr88WfgdyEw0lG5JhUWnlvknt7IyrHgf2M5JVthULEJvocgj
omahrL0LDmWw4vUfAxJzMFeYUgLTFXa1dJG6iiYUiFvrXDDeJtxVoN/Ty0Q=
-----END CERTIFICATE-----