Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f8bf5cbc-4970-45b0-8a9d-2e191dbb50a9.roa
File:                     f8bf5cbc-4970-45b0-8a9d-2e191dbb50a9.roa (raw, json)
Hash identifier:          n613agyUxzhDQwqV1hhkbbsopAurkBgCaHrsC54DiBI=
Subject key identifier:   77:02:06:4E:49:6E:65:4C:68:49:DF:F7:86:8B:F3:D9:69:9C:F9:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02975E5BF2F6F615CDB825F1A01B18906E919285
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f8bf5cbc-4970-45b0-8a9d-2e191dbb50a9.roa
Signing time:             Mon 19 May 2025 19:20:18 +0000
ROA not before:           Mon 19 May 2025 19:20:18 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Jun 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:97:5e:5b:f2:f6:f6:15:cd:b8:25:f1:a0:1b:18:90:6e:91:92:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 19:20:18 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=065a10d673a46301923bfb032a2084451cbe416093bd2f37196539d0524e2daf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e4:15:1f:b4:78:b2:20:e2:06:ef:e6:df:bc:
                    b8:d6:13:28:7b:d5:b8:c0:0a:45:40:3c:b1:d7:9d:
                    d8:b2:b9:cd:ff:87:9a:a2:7a:70:a5:a3:d4:c7:c2:
                    e8:7b:38:a2:ce:2f:2f:64:68:28:de:85:b1:6d:40:
                    7d:f2:7f:2c:40:70:b9:15:d7:e0:02:db:f1:39:f5:
                    8b:d9:0d:05:00:cb:82:ca:18:48:de:e7:d8:3a:5f:
                    69:c8:06:26:67:0b:b2:7c:a3:55:7e:cc:d4:56:c1:
                    e8:cf:0b:39:f4:c8:e7:0c:fa:b2:76:bf:8c:5b:97:
                    8b:7d:4e:4d:b7:1d:4d:ac:8c:53:cc:33:ea:c4:e1:
                    6e:b6:f4:20:21:51:21:a4:69:74:c0:e5:10:98:70:
                    71:7f:89:c6:15:f4:a8:8c:27:66:6d:09:42:1a:15:
                    63:5c:46:41:80:91:da:92:10:aa:4d:1f:f8:7a:eb:
                    cd:af:ed:bd:ee:4d:c8:d7:89:e5:94:f2:ae:82:e9:
                    ac:b7:c1:fa:4a:f7:0e:bb:58:d4:f8:0d:70:6e:4f:
                    8a:8b:74:68:7c:5d:ed:3e:aa:1a:a5:0e:e9:83:ab:
                    9b:19:ef:4f:ab:19:bd:75:e9:87:e2:44:1b:51:8e:
                    0e:c3:ca:0c:9c:d4:5a:15:39:50:06:b7:81:ff:e4:
                    2e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:02:06:4E:49:6E:65:4C:68:49:DF:F7:86:8B:F3:D9:69:9C:F9:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f8bf5cbc-4970-45b0-8a9d-2e191dbb50a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:31:e0:61:3a:fc:f3:c9:44:d7:73:03:56:de:1e:af:42:41:
         1f:2c:97:d7:5d:be:7b:fc:33:e6:c3:c2:cb:76:35:56:42:f7:
         35:cd:3c:dd:38:5e:8e:69:36:50:f8:1f:e5:bd:0b:a4:c3:b0:
         7d:f2:54:79:dd:f1:c2:80:ce:fc:15:92:14:74:ca:d6:23:fd:
         f7:a6:54:ac:74:3c:3e:4b:8e:cb:eb:07:05:fd:86:4d:e5:35:
         07:1b:e8:c2:c2:75:16:c3:66:7d:d7:d7:30:43:c0:18:b2:11:
         96:08:ba:4a:30:f3:1f:a3:b2:d3:e1:f5:39:bb:f2:3c:e1:08:
         3a:b6:12:99:76:88:90:ed:68:5c:5a:ac:d0:03:0d:8f:1a:66:
         d5:a7:58:2c:ab:44:c1:f0:65:8e:7a:bf:2b:86:16:26:12:a2:
         de:92:a7:e7:33:62:05:ee:5e:32:3e:20:b6:77:74:b4:49:48:
         4e:ce:36:0f:ea:d8:e0:38:e1:f3:0f:45:a1:21:79:5d:f9:31:
         93:c7:e7:42:d9:15:7b:bf:7e:51:64:e1:ed:1f:db:1e:8b:44:
         09:0f:aa:b0:b5:97:70:19:c8:d5:51:45:cb:ea:24:de:51:61:
         fb:c6:5e:f7:a7:1c:60:74:92:0b:9b:dc:7a:99:0d:f4:41:b8:
         89:13:76:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUApdeW/L29hXNuCXxoBsYkG6RkoUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTE5MTkyMDE4WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjVhMTBkNjczYTQ2MzAxOTIzYmZiMDMyYTIwODQ0NTFj
YmU0MTYwOTNiZDJmMzcxOTY1MzlkMDUyNGUyZGFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDa5BUftHiyIOIG7+bfvLjWEyh71bjACkVAPLHXndiyuc3/
h5qienClo9THwuh7OKLOLy9kaCjehbFtQH3yfyxAcLkV1+AC2/E59YvZDQUAy4LK
GEje59g6X2nIBiZnC7J8o1V+zNRWwejPCzn0yOcM+rJ2v4xbl4t9Tk23HU2sjFPM
M+rE4W629CAhUSGkaXTA5RCYcHF/icYV9KiMJ2ZtCUIaFWNcRkGAkdqSEKpNH/h6
682v7b3uTcjXieWU8q6C6ay3wfpK9w67WNT4DXBuT4qLdGh8Xe0+qhqlDumDq5sZ
70+rGb116YfiRBtRjg7Dygyc1FoVOVAGt4H/5C7HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdwIGTkluZUxoSd/3hovz2Wmc+YEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y4YmY1Y2JjLTQ5NzAtNDViMC04YTlkLTJlMTkxZGJiNTBhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X+8wDQYJKoZIhvcNAQELBQADggEBAA0x4GE6/PPJRNdzA1beHq9CQR8s
l9ddvnv8M+bDwst2NVZC9zXNPN04Xo5pNlD4H+W9C6TDsH3yVHnd8cKAzvwVkhR0
ytYj/femVKx0PD5LjsvrBwX9hk3lNQcb6MLCdRbDZn3X1zBDwBiyEZYIukow8x+j
stPh9Tm78jzhCDq2Epl2iJDtaFxarNADDY8aZtWnWCyrRMHwZY56vyuGFiYSot6S
p+czYgXuXjI+ILZ3dLRJSE7ONg/q2OA44fMPRaEheV35MZPH50LZFXu/flFk4e0f
2x6LRAkPqrC1l3AZyNVRRcvqJN5RYfvGXvenHGB0kgub3HqZDfRBuIkTdrQ=
-----END CERTIFICATE-----