Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa
File:                     dce2d640-0c72-4a73-be9b-14511c9175aa.roa (raw, json)
Hash identifier:          r8rM6xibK8jrUqSBoC4MrvCe3lfjUkyhsmaJ4wYqiuY=
Subject key identifier:   68:6D:E6:47:16:16:72:14:92:88:18:69:5D:31:9E:72:B4:35:4E:0B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68D4FB100308E9839503127514002E6844ECB75A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.217.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:d4:fb:10:03:08:e9:83:95:03:12:75:14:00:2e:68:44:ec:b7:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:07:a0:9a:22:a6:23:4d:5a:4b:6b:cb:64:1d:
                    8d:80:3e:79:4a:1b:d5:06:f6:57:da:c9:7a:7b:24:
                    ff:bc:30:57:6b:d7:f3:7b:17:16:d1:db:9b:97:39:
                    ad:21:14:64:6d:c6:77:60:c1:f1:5f:6a:24:14:8e:
                    3a:ac:3e:6f:7c:92:2b:c2:7c:ae:92:87:91:56:e1:
                    9b:a4:94:5b:aa:93:c5:c0:a9:fa:77:ae:b7:94:dc:
                    f9:c9:37:c0:44:fe:cc:01:72:10:15:a6:bf:c0:2e:
                    de:4a:77:19:89:09:02:b0:9d:a3:68:ac:21:90:fd:
                    89:e6:96:fe:bd:17:37:1b:bf:cc:01:81:94:a5:ad:
                    2d:00:85:82:02:8f:06:47:3f:e6:6c:88:ab:f6:b8:
                    b3:3f:eb:d0:8a:79:13:f3:a5:7d:a1:f7:39:e4:20:
                    33:3c:05:45:cf:ab:59:91:19:85:4a:9a:81:57:5a:
                    d9:7a:54:20:a2:f3:06:be:a7:e8:d4:d5:27:d3:59:
                    30:b1:12:f2:9d:ad:06:8e:e9:53:5d:23:08:41:f6:
                    7b:8a:fa:ed:5d:25:15:83:6d:d9:42:15:d0:d0:36:
                    e1:b9:bf:37:51:0c:6e:bf:99:80:47:2d:46:15:c4:
                    e2:89:c6:97:21:fc:33:35:72:87:d9:32:00:37:58:
                    18:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6D:E6:47:16:16:72:14:92:88:18:69:5D:31:9E:72:B4:35:4E:0B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.217.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:a3:e5:14:05:58:fb:31:3c:f5:64:3d:c9:29:ab:dc:0a:46:
         ec:63:cf:b9:18:27:bd:4a:34:17:0f:34:52:0c:47:43:07:c6:
         20:c6:29:61:ed:9e:26:a1:94:9e:9d:02:76:87:83:76:e0:d6:
         e2:c4:ee:1c:00:25:82:31:a5:90:a6:12:6e:43:3e:47:33:cd:
         78:af:2b:8a:83:aa:c0:ba:c3:9b:17:98:95:09:48:bd:43:7f:
         79:d4:92:21:31:a9:a8:4a:b3:e1:aa:f2:12:45:07:b6:be:de:
         ac:f2:eb:7b:ec:44:01:ab:c0:73:7c:6d:1d:d6:e7:4d:eb:26:
         1f:2d:a6:d7:2c:7d:8b:c0:87:cf:13:08:91:b4:e2:37:a1:9f:
         cd:cd:97:17:df:1a:92:f3:97:ad:c8:21:0f:6d:9e:19:31:19:
         3b:1f:04:1e:15:71:1f:95:de:16:a3:da:b2:e0:3b:2b:15:b8:
         65:4a:d0:07:4d:d1:aa:27:6d:72:2f:e4:6f:44:5c:d2:20:86:
         f2:7b:34:a8:6b:4c:b9:26:3d:09:c0:9e:e8:cc:6e:d4:08:9b:
         5b:3e:73:9b:8a:b9:a9:3d:ae:6e:ce:2c:52:8f:5d:a3:1e:dd:
         a1:62:37:9d:f0:a9:64:66:bd:92:7d:8b:d2:d3:7b:60:90:18:
         de:c7:12:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaNT7EAMI6YOVAxJ1FAAuaETst1owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjA3NmM2YjAwZTQ5YzIzMWYxMTdiZTQyMzA4ZmFiYTk3
OTA2Zjg3NDljMjFlMDkxYTFiNjg2ZmUzM2M4MzkxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPB6CaIqYjTVpLa8tkHY2APnlKG9UG9lfayXp7JP+8MFdr
1/N7FxbR25uXOa0hFGRtxndgwfFfaiQUjjqsPm98kivCfK6Sh5FW4ZuklFuqk8XA
qfp3rreU3PnJN8BE/swBchAVpr/ALt5KdxmJCQKwnaNorCGQ/Ynmlv69Fzcbv8wB
gZSlrS0AhYICjwZHP+ZsiKv2uLM/69CKeRPzpX2h9znkIDM8BUXPq1mRGYVKmoFX
Wtl6VCCi8wa+p+jU1SfTWTCxEvKdrQaO6VNdIwhB9nuK+u1dJRWDbdlCFdDQNuG5
vzdRDG6/mYBHLUYVxOKJxpch/DM1cofZMgA3WBg3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaG3mRxYWchSSiBhpXTGecrQ1TgswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RjZTJkNjQwLTBjNzItNGE3My1iZTliLTE0NTExYzkxNzVhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ22WAwDQYJKoZIhvcNAQELBQADggEBABCj5RQFWPsxPPVkPckpq9wKRuxj
z7kYJ71KNBcPNFIMR0MHxiDGKWHtniahlJ6dAnaHg3bg1uLE7hwAJYIxpZCmEm5D
PkczzXivK4qDqsC6w5sXmJUJSL1Df3nUkiExqahKs+Gq8hJFB7a+3qzy63vsRAGr
wHN8bR3W503rJh8tptcsfYvAh88TCJG04jehn83NlxffGpLzl63IIQ9tnhkxGTsf
BB4VcR+V3haj2rLgOysVuGVK0AdN0aonbXIv5G9EXNIghvJ7NKhrTLkmPQnAnujM
btQIm1s+c5uKuak9rm7OLFKPXaMe3aFiN53wqWRmvZJ9i9LTe2CQGN7HEmQ=
-----END CERTIFICATE-----