Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa
File:                     faf09f9b-9553-45e3-9665-600b79c92a3c.roa (raw, json)
Hash identifier:          4K4dJxL6S+vOuIL92tWH88LsyPKx5xCZIrM0O832ELo=
Subject key identifier:   52:E5:E9:74:90:C9:EC:D2:06:06:56:21:B6:5C:A9:DF:21:10:AF:1C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       606DD42F09B52194A777A91274BE9DECA28C8560
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa
Signing time:             Fri 18 Apr 2025 15:02:02 +0000
ROA not before:           Fri 18 Apr 2025 15:02:02 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.146.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:6d:d4:2f:09:b5:21:94:a7:77:a9:12:74:be:9d:ec:a2:8c:85:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 15:02:02 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=4fe6d7771fcbf46eaf7560092a34b867ef749783b44689d0e43472a58887fa67, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:26:c3:34:b1:b4:1c:e9:05:cd:dd:60:65:f5:
                    1b:e0:05:d7:8a:ad:96:17:43:41:20:47:af:7a:cd:
                    33:b8:b2:68:0c:f7:eb:80:bf:76:d7:54:7f:7f:3f:
                    53:6b:c7:75:74:74:33:75:d3:21:8b:7f:8e:3e:ee:
                    11:1d:89:89:ef:cd:9e:3f:c4:a7:8d:79:2b:35:4b:
                    a5:fa:e3:e5:89:df:b5:ca:11:6e:98:b3:41:f3:2e:
                    2e:02:ce:e0:73:a3:1c:e2:3a:e6:51:bf:76:90:9a:
                    05:d3:19:d5:52:61:d5:68:75:f0:0d:c7:ff:d6:d1:
                    50:6a:d8:34:73:3d:d8:49:4b:c5:c9:e0:46:8e:64:
                    9d:57:8c:c3:42:10:41:cb:df:98:57:d8:73:c1:c4:
                    92:fb:eb:f7:2e:d2:0e:e9:f0:a0:d4:db:7b:7d:77:
                    46:01:89:58:b0:00:79:10:bb:27:c6:5a:e4:d0:ec:
                    0e:7c:ee:6e:57:4d:83:88:3b:2d:63:24:4b:e1:f0:
                    0a:b3:f8:b9:10:32:56:ef:d8:76:c6:64:95:45:2d:
                    98:3f:e3:97:7e:25:46:e6:e0:3c:72:a2:31:d1:0c:
                    0c:a7:42:1a:36:a9:fa:1b:66:b2:55:44:6d:4a:2f:
                    65:68:8e:40:73:4c:12:a5:44:14:62:3f:c5:5f:b2:
                    46:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E5:E9:74:90:C9:EC:D2:06:06:56:21:B6:5C:A9:DF:21:10:AF:1C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.146.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         37:74:13:61:44:a1:49:d3:92:bb:d4:65:8d:32:3f:05:90:d7:
         10:50:aa:69:ec:e0:4b:35:64:d4:c8:5c:0f:ba:68:43:2a:e4:
         d9:44:5f:0b:e6:b9:98:27:8e:e5:b2:13:94:4c:58:95:76:a7:
         13:1c:b1:95:e6:c8:1b:f2:f2:e4:35:2a:5c:61:65:b7:33:e6:
         b5:87:3f:41:54:d5:7d:1e:29:54:ef:7a:75:0b:8f:aa:f1:3a:
         08:75:7e:e3:93:67:ae:8b:a2:4a:c6:b3:fe:8d:b0:05:ff:13:
         f1:da:7f:fc:2c:6a:66:22:ea:25:98:83:66:61:d5:1d:70:89:
         35:9e:85:8f:16:c2:18:5e:5a:2b:e9:b9:60:42:31:70:57:07:
         3b:32:e9:cd:9a:5e:e0:d7:50:d0:fd:1c:c8:f7:13:dd:d6:0b:
         4a:bb:9d:06:ac:3b:c4:a7:26:9c:11:f8:5e:74:20:ca:6e:11:
         fb:31:93:09:3b:53:af:53:bb:01:16:bc:51:14:7e:d6:53:45:
         28:eb:53:30:27:05:ab:4a:e0:4a:3f:da:8f:6d:ce:a8:1b:79:
         2f:38:83:42:3e:78:0c:9c:00:82:37:65:e0:02:7b:d6:71:c2:
         13:d0:4a:38:eb:7b:c0:63:11:9c:27:1d:9b:47:bc:1b:fc:8a:
         31:da:b8:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYG3ULwm1IZSnd6kSdL6d7KKMhWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTUwMjAyWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmU2ZDc3NzFmY2JmNDZlYWY3NTYwMDkyYTM0Yjg2N2Vm
NzQ5NzgzYjQ0Njg5ZDBlNDM0NzJhNTg4ODdmYTY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaJsM0sbQc6QXN3WBl9RvgBdeKrZYXQ0EgR696zTO4smgM
9+uAv3bXVH9/P1Nrx3V0dDN10yGLf44+7hEdiYnvzZ4/xKeNeSs1S6X64+WJ37XK
EW6Ys0HzLi4CzuBzoxziOuZRv3aQmgXTGdVSYdVodfANx//W0VBq2DRzPdhJS8XJ
4EaOZJ1XjMNCEEHL35hX2HPBxJL76/cu0g7p8KDU23t9d0YBiViwAHkQuyfGWuTQ
7A587m5XTYOIOy1jJEvh8Aqz+LkQMlbv2HbGZJVFLZg/45d+JUbm4DxyojHRDAyn
Qho2qfobZrJVRG1KL2VojkBzTBKlRBRiP8VfskYrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUuXpdJDJ7NIGBlYhtlyp3yEQrxwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhZjA5ZjliLTk1NTMtNDVlMy05NjY1LTYwMGI3OWM5MmEzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2kmAwDQYJKoZIhvcNAQELBQADggEBADd0E2FEoUnTkrvUZY0yPwWQ1xBQ
qmns4Es1ZNTIXA+6aEMq5NlEXwvmuZgnjuWyE5RMWJV2pxMcsZXmyBvy8uQ1Klxh
Zbcz5rWHP0FU1X0eKVTvenULj6rxOgh1fuOTZ66LokrGs/6NsAX/E/Haf/wsamYi
6iWYg2Zh1R1wiTWehY8WwhheWivpuWBCMXBXBzsy6c2aXuDXUND9HMj3E93WC0q7
nQasO8SnJpwR+F50IMpuEfsxkwk7U69TuwEWvFEUftZTRSjrUzAnBatK4Eo/2o9t
zqgbeS84g0I+eAycAII3ZeACe9ZxwhPQSjjre8BjEZwnHZtHvBv8ijHauCo=
-----END CERTIFICATE-----