Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa
File:                     dce2d640-0c72-4a73-be9b-14511c9175aa.roa (raw, json)
Hash identifier:          /bBshg6HSEzoLy13enZwBT+jE4pSk8aO4mQbdLXNFwU=
Subject key identifier:   B9:AB:00:D8:D5:95:44:A6:29:87:B4:9D:26:75:34:DF:77:AF:E1:30
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       48B5EA51D9BF0FAED9511CE071E2F7FF2AE3BCF7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa
Signing time:             Mon 30 Jun 2025 17:30:22 +0000
ROA not before:           Mon 30 Jun 2025 17:30:22 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.217.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:b5:ea:51:d9:bf:0f:ae:d9:51:1c:e0:71:e2:f7:ff:2a:e3:bc:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 17:30:22 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=3e848c2e22f50218928a6cd9b42b51cf30106111024db78e962f8340df224772, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ae:db:1b:39:f7:eb:25:95:7c:5e:a3:10:8b:
                    ff:29:e4:7d:69:55:e9:65:b1:a6:ab:53:2b:df:9d:
                    08:28:9a:a6:a5:d0:29:36:98:69:e2:0c:3d:43:b9:
                    ef:32:c8:3d:59:3d:db:b2:9c:a7:7b:98:09:4f:12:
                    bb:cb:c0:f2:c7:12:6b:33:13:0a:a8:a0:32:5a:0f:
                    08:2b:62:cd:5f:6a:d2:6c:df:8f:ac:2f:6b:85:17:
                    cb:6f:2c:70:5d:53:35:02:5a:af:76:e7:73:2e:bb:
                    b5:5a:1b:e1:54:ed:61:91:8a:31:e0:8c:ec:73:84:
                    6d:19:82:f2:2c:99:99:cb:df:e0:87:8a:e5:d1:58:
                    74:9a:f8:89:00:f2:88:c8:62:d0:25:2b:f8:89:da:
                    31:b1:e8:39:2a:5b:bb:9c:5d:3b:e0:04:3c:60:26:
                    0f:57:28:0f:d9:40:e0:13:fd:3e:05:9f:0a:db:01:
                    74:19:fe:24:c6:11:e0:7e:8d:2f:0e:a1:f2:5f:46:
                    aa:58:19:1f:52:ed:66:cd:e8:8a:48:d6:51:ea:29:
                    d8:72:27:8f:56:d3:f5:6b:97:5b:33:b8:79:70:42:
                    a9:72:d3:3b:2a:09:be:ed:53:ca:da:6c:d3:20:9e:
                    3c:a2:d0:e2:4b:6d:61:6a:5f:6c:88:64:da:46:5b:
                    0e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AB:00:D8:D5:95:44:A6:29:87:B4:9D:26:75:34:DF:77:AF:E1:30
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.217.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3f:15:7a:51:62:65:a7:e8:f0:1e:1d:74:dc:de:b1:4d:60:5f:
         93:e4:11:74:d1:26:f3:d0:36:4f:6e:3c:d7:43:80:a7:4f:96:
         46:e0:11:9c:2c:38:7c:d3:d4:0d:8f:32:4e:e1:45:62:12:fd:
         a6:1f:cb:5f:9c:8c:ea:11:25:bb:04:9b:c6:d2:72:99:0d:8c:
         de:92:3a:74:5c:4b:9a:1b:5a:fb:f3:fd:2b:96:82:ec:e4:d2:
         00:4f:18:af:ea:bd:24:8a:b6:70:9e:d2:10:9c:95:4d:3c:4c:
         fd:c6:0e:a6:d5:81:f1:ab:ef:3c:48:9f:d0:22:2d:04:b9:2d:
         f1:3f:9d:70:ac:e0:c5:ad:c1:69:b1:36:0e:63:5c:30:46:d7:
         bc:89:ba:b3:52:7a:c6:e5:86:b5:76:bd:d7:f3:e3:78:29:cc:
         b0:37:c3:9c:93:fd:f9:9e:e0:2c:4a:b0:f8:6e:66:db:93:b9:
         f2:b3:81:89:39:61:ca:09:96:44:43:05:b7:0a:35:c2:ec:7c:
         09:1b:bb:ec:5e:af:db:3d:ae:ec:53:21:ac:b9:02:ee:a1:2b:
         db:da:0d:db:45:73:0a:b2:4e:dd:91:60:e8:0b:82:88:0b:ab:
         52:9f:51:ab:4f:0b:84:a5:ac:cd:82:77:d7:8c:e9:f9:0e:16:
         ba:a3:c8:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSLXqUdm/D67ZURzgceL3/yrjvPcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTczMDIyWhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTg0OGMyZTIyZjUwMjE4OTI4YTZjZDliNDJiNTFjZjMw
MTA2MTExMDI0ZGI3OGU5NjJmODM0MGRmMjI0NzcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClrtsbOffrJZV8XqMQi/8p5H1pVellsaarUyvfnQgomqal
0Ck2mGniDD1Due8yyD1ZPduynKd7mAlPErvLwPLHEmszEwqooDJaDwgrYs1fatJs
34+sL2uFF8tvLHBdUzUCWq9253Muu7VaG+FU7WGRijHgjOxzhG0ZgvIsmZnL3+CH
iuXRWHSa+IkA8ojIYtAlK/iJ2jGx6DkqW7ucXTvgBDxgJg9XKA/ZQOAT/T4Fnwrb
AXQZ/iTGEeB+jS8OofJfRqpYGR9S7WbN6IpI1lHqKdhyJ49W0/Vrl1szuHlwQqly
0zsqCb7tU8rabNMgnjyi0OJLbWFqX2yIZNpGWw6TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuasA2NWVRKYph7SdJnU033ev4TAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RjZTJkNjQwLTBjNzItNGE3My1iZTliLTE0NTExYzkxNzVhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ22WAwDQYJKoZIhvcNAQELBQADggEBAD8VelFiZafo8B4ddNzesU1gX5Pk
EXTRJvPQNk9uPNdDgKdPlkbgEZwsOHzT1A2PMk7hRWIS/aYfy1+cjOoRJbsEm8bS
cpkNjN6SOnRcS5obWvvz/SuWguzk0gBPGK/qvSSKtnCe0hCclU08TP3GDqbVgfGr
7zxIn9AiLQS5LfE/nXCs4MWtwWmxNg5jXDBG17yJurNSesblhrV2vdfz43gpzLA3
w5yT/fme4CxKsPhuZtuTufKzgYk5YcoJlkRDBbcKNcLsfAkbu+xer9s9ruxTIay5
Au6hK9vaDdtFcwqyTt2RYOgLgogLq1KfUatPC4SlrM2Cd9eM6fkOFrqjyEY=
-----END CERTIFICATE-----