Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa
File:                     faf09f9b-9553-45e3-9665-600b79c92a3c.roa (raw, json)
Hash identifier:          6tvAz7KrJiBItmfW4qr5VeM7VymYA4Y2ksUqpryxopU=
Subject key identifier:   1B:46:B3:78:50:1C:2C:8B:37:14:3A:E5:6B:AE:88:54:1F:B1:50:AC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       634EFBFF8D3CDCF345559425F526D90E89967627
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.146.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:4e:fb:ff:8d:3c:dc:f3:45:55:94:25:f5:26:d9:0e:89:96:76:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:dd:50:e1:b3:af:e9:6e:7f:53:51:52:ee:93:
                    e4:41:29:19:0a:52:19:e9:e0:45:e9:59:3b:17:3e:
                    a2:83:1a:d6:12:dd:21:45:f6:21:e0:d7:06:5a:25:
                    cf:88:98:98:46:3f:c5:2d:f1:77:b9:76:b2:05:41:
                    f6:b2:cf:85:69:d1:ee:4e:aa:19:4e:45:87:03:bc:
                    be:11:f4:3e:03:38:20:b8:df:1d:2d:61:ca:fe:fd:
                    8b:6f:a8:c3:aa:02:ae:d9:d0:ff:d1:18:0d:69:82:
                    26:5f:41:2d:ff:a7:e4:be:bd:5f:1e:bc:c7:16:39:
                    07:78:31:39:d7:01:51:41:4e:9e:d4:a4:85:aa:c0:
                    94:09:70:21:3f:76:7d:4c:82:37:78:a4:32:f6:4c:
                    2a:53:d5:3f:49:d8:58:3d:d8:0f:35:74:10:df:ac:
                    db:0a:ca:03:8a:db:96:29:b5:9b:0f:98:d7:c8:83:
                    be:b4:b8:d1:62:de:ac:36:1f:6e:b2:bc:23:53:82:
                    af:05:29:5c:3e:67:cd:bf:24:60:b6:8b:d3:cc:45:
                    e2:b3:2c:46:c0:d8:68:bb:66:5f:c9:f5:13:f5:c2:
                    35:41:76:8c:aa:9a:fc:7d:80:fc:43:88:47:b9:77:
                    ba:a2:e1:2d:5c:b8:90:d2:e7:7b:9e:94:71:d9:40:
                    61:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:46:B3:78:50:1C:2C:8B:37:14:3A:E5:6B:AE:88:54:1F:B1:50:AC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.146.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9e:ff:b7:f2:b7:d4:e9:29:5e:91:56:bd:20:50:de:37:06:f0:
         a4:4b:67:a4:fd:e9:36:eb:db:a8:25:52:94:48:7a:5f:df:23:
         72:93:da:71:e3:7e:e8:9d:02:3d:9d:a1:94:7f:7d:71:64:c1:
         2c:5b:cd:a9:0b:5a:3f:03:10:ab:6f:d1:4b:b0:9a:ba:5d:9f:
         e5:b1:37:d3:d7:8b:5f:73:99:fb:1f:9f:0a:22:c2:8e:6b:1a:
         e0:d7:9b:ff:00:ea:b1:2b:85:f9:8c:eb:aa:63:14:db:2a:08:
         47:1f:6d:05:46:d2:b5:5d:af:f3:ef:4b:35:6e:3c:f1:35:4d:
         ce:44:82:d5:8f:85:cd:b6:44:19:d6:45:9b:3b:d9:83:3b:bb:
         f8:15:8c:68:0e:2f:51:3e:10:18:01:ff:ba:80:0a:e1:65:40:
         04:ed:d0:73:e5:70:ad:f2:f6:b3:96:a6:55:be:ef:d8:92:59:
         ca:b8:a6:4b:db:df:b5:81:de:6f:c7:ed:04:e4:38:1f:2f:d1:
         77:1c:73:d5:bf:54:f7:c2:71:ed:b9:df:7a:fc:47:f1:32:68:
         58:08:c2:8f:88:ce:ed:2c:e6:f7:79:e4:ab:9c:5a:ae:35:27:
         b7:ec:7f:6e:31:91:7e:8d:7d:67:09:c3:bb:c3:1b:bf:58:dc:
         96:f8:11:c2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY077/4083PNFVZQl9SbZDomWdicwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNWQ4ZGZjMzIzYzRlMDBiZDM2ZGFiZGQzMGFjNGNiNTUy
YjAxODM5N2E4YjE4NjA3MDY4NDU3Yjk4YTBhNDc1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW3VDhs6/pbn9TUVLuk+RBKRkKUhnp4EXpWTsXPqKDGtYS
3SFF9iHg1wZaJc+ImJhGP8Ut8Xe5drIFQfayz4Vp0e5OqhlORYcDvL4R9D4DOCC4
3x0tYcr+/YtvqMOqAq7Z0P/RGA1pgiZfQS3/p+S+vV8evMcWOQd4MTnXAVFBTp7U
pIWqwJQJcCE/dn1Mgjd4pDL2TCpT1T9J2Fg92A81dBDfrNsKygOK25YptZsPmNfI
g760uNFi3qw2H26yvCNTgq8FKVw+Z82/JGC2i9PMReKzLEbA2Gi7Zl/J9RP1wjVB
doyqmvx9gPxDiEe5d7qi4S1cuJDS53uelHHZQGHLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUG0azeFAcLIs3FDrla66IVB+xUKwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhZjA5ZjliLTk1NTMtNDVlMy05NjY1LTYwMGI3OWM5MmEzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2kmAwDQYJKoZIhvcNAQELBQADggEBAJ7/t/K31OkpXpFWvSBQ3jcG8KRL
Z6T96Tbr26glUpRIel/fI3KT2nHjfuidAj2doZR/fXFkwSxbzakLWj8DEKtv0Uuw
mrpdn+WxN9PXi19zmfsfnwoiwo5rGuDXm/8A6rErhfmM66pjFNsqCEcfbQVG0rVd
r/PvSzVuPPE1Tc5EgtWPhc22RBnWRZs72YM7u/gVjGgOL1E+EBgB/7qACuFlQATt
0HPlcK3y9rOWplW+79iSWcq4pkvb37WB3m/H7QTkOB8v0Xccc9W/VPfCce2533r8
R/EyaFgIwo+Izu0s5vd55KucWq41J7fsf24xkX6NfWcJw7vDG79Y3Jb4EcI=
-----END CERTIFICATE-----