Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d10ec203-44c7-4617-a578-ca38aeff57f9.roa
File:                     d10ec203-44c7-4617-a578-ca38aeff57f9.roa (raw, json)
Hash identifier:          lDp98OJNDEHUTzUdA2xzyu9Cwwbz3Vsul/W0Ipnw/eg=
Subject key identifier:   C7:8F:8E:96:E9:DA:BB:65:91:A5:CD:44:CB:6D:27:32:A1:73:91:A8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       45061355F33392A57D3D69E7FC1BDF296307B132
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d10ec203-44c7-4617-a578-ca38aeff57f9.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.156.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:06:13:55:f3:33:92:a5:7d:3d:69:e7:fc:1b:df:29:63:07:b1:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a1:8a:58:10:5e:a9:07:5a:5b:76:66:68:3b:
                    a6:68:06:2d:74:37:99:ac:c5:8f:ba:a0:61:32:74:
                    c7:82:33:47:b9:de:2e:e6:d3:53:96:f9:2b:2e:cf:
                    53:99:b3:64:e0:d8:31:4b:2f:23:54:eb:24:b7:e6:
                    4e:90:f2:c6:30:09:9c:d8:29:30:9e:a3:19:05:4e:
                    25:fb:4b:85:89:dd:2c:4d:a2:ae:14:8f:3b:99:e4:
                    e3:63:33:89:09:19:3b:65:ea:59:4c:a2:0e:8d:7c:
                    2d:e8:aa:6f:39:f0:ad:56:fd:32:b4:0c:fe:bb:60:
                    40:3e:05:ec:2f:74:c3:27:3c:0f:f2:33:82:ea:a3:
                    85:0c:d2:21:fc:f0:8d:c5:58:ff:5c:f0:ff:35:11:
                    94:47:87:f7:0e:1b:72:e7:7e:09:06:18:17:c3:fb:
                    54:81:3d:ea:06:39:e4:62:c4:b7:44:f8:3a:81:8b:
                    5d:cb:c1:21:4b:6c:f9:cf:02:6a:32:7f:11:cd:a2:
                    e6:90:7e:29:0e:c9:1d:4f:6f:de:12:35:30:c2:2b:
                    88:3a:dc:2c:72:3b:4d:32:7b:16:54:5c:d2:6f:7c:
                    46:88:e0:9c:34:51:80:17:c5:b3:6a:47:15:89:87:
                    3f:54:b3:5c:66:8f:f8:bb:0e:89:2c:2f:f0:0d:31:
                    ce:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8F:8E:96:E9:DA:BB:65:91:A5:CD:44:CB:6D:27:32:A1:73:91:A8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d10ec203-44c7-4617-a578-ca38aeff57f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.156.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:2d:1f:a3:6d:09:e7:d3:89:75:56:02:0e:8a:18:ff:2f:ec:
         42:00:61:49:67:2d:0d:9d:9d:31:77:53:75:83:9e:27:be:71:
         fb:24:59:1b:d0:52:da:fc:ff:da:ba:b8:a1:a2:02:34:24:44:
         cf:74:90:1f:9d:20:90:cd:f0:f7:63:29:24:34:4b:83:1f:95:
         4d:41:28:82:c9:8c:10:12:ff:75:9e:d8:3e:96:06:2d:2b:e1:
         73:84:c7:f6:c2:77:5b:14:f6:ec:37:b1:53:be:6f:bf:f4:24:
         a1:79:a8:e8:07:78:62:b8:33:fa:0c:c3:c9:86:ab:47:d7:59:
         1a:51:73:52:95:69:0f:14:33:4c:cf:23:76:59:34:bf:85:aa:
         6a:72:0b:c0:e3:93:01:e2:f9:fc:e4:8d:20:bc:78:64:9b:77:
         2d:aa:63:72:ab:de:d6:3a:c3:fd:e8:f9:6a:97:f0:ad:1b:45:
         67:52:5b:1d:ee:ca:f5:af:8b:c7:fa:a4:93:dc:5a:93:8c:61:
         cf:3e:05:f5:81:a4:cd:d7:d9:f8:2b:ef:ef:3d:40:62:7a:6e:
         15:56:18:a2:9b:99:59:20:08:e3:a9:87:2f:41:6d:c1:63:f2:
         81:11:c4:ca:f8:a0:ad:f5:30:ba:b5:13:e6:9d:ea:31:ca:45:
         4a:7c:aa:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURQYTVfMzkqV9PWnn/BvfKWMHsTIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzM2QwY2MyOWNjMTRiZmNlZWQ3OWU0MWQzMDJlNWMxMjFi
OTkxYTk4ZjIwMmVjYWUwMjI1YWVkZTFmMmQ0NGM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXoYpYEF6pB1pbdmZoO6ZoBi10N5msxY+6oGEydMeCM0e5
3i7m01OW+Ssuz1OZs2Tg2DFLLyNU6yS35k6Q8sYwCZzYKTCeoxkFTiX7S4WJ3SxN
oq4UjzuZ5ONjM4kJGTtl6llMog6NfC3oqm858K1W/TK0DP67YEA+BewvdMMnPA/y
M4Lqo4UM0iH88I3FWP9c8P81EZRHh/cOG3LnfgkGGBfD+1SBPeoGOeRixLdE+DqB
i13LwSFLbPnPAmoyfxHNouaQfikOyR1Pb94SNTDCK4g63CxyO00yexZUXNJvfEaI
4Jw0UYAXxbNqRxWJhz9Us1xmj/i7DoksL/ANMc5hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUx4+Olunau2WRpc1Ey20nMqFzkagwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QxMGVjMjAzLTQ0YzctNDYxNy1hNTc4LWNhMzhhZWZmNTdmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2nAgwDQYJKoZIhvcNAQELBQADggEBAIgtH6NtCefTiXVWAg6KGP8v7EIA
YUlnLQ2dnTF3U3WDnie+cfskWRvQUtr8/9q6uKGiAjQkRM90kB+dIJDN8PdjKSQ0
S4MflU1BKILJjBAS/3We2D6WBi0r4XOEx/bCd1sU9uw3sVO+b7/0JKF5qOgHeGK4
M/oMw8mGq0fXWRpRc1KVaQ8UM0zPI3ZZNL+FqmpyC8DjkwHi+fzkjSC8eGSbdy2q
Y3Kr3tY6w/3o+WqX8K0bRWdSWx3uyvWvi8f6pJPcWpOMYc8+BfWBpM3X2fgr7+89
QGJ6bhVWGKKbmVkgCOOphy9BbcFj8oERxMr4oK31MLq1E+ad6jHKRUp8qk0=
-----END CERTIFICATE-----