Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1466c713-abfa-4fa8-86b5-f65fdc7f9e7b.roa
File:                     1466c713-abfa-4fa8-86b5-f65fdc7f9e7b.roa (raw, json)
Hash identifier:          9EVoA7waJEontvwfOU0SolAMoaYMpKWoYEMGFU56GcY=
Subject key identifier:   D5:A2:BB:93:3B:F3:EA:08:30:92:EF:6E:97:9C:92:5C:03:3F:C5:E9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0FD16863DC93EC290AE09A00DE2BC2C1AA3A21A1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1466c713-abfa-4fa8-86b5-f65fdc7f9e7b.roa
Signing time:             Sat 26 Apr 2025 00:31:55 +0000
ROA not before:           Sat 26 Apr 2025 00:31:55 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        52.94.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 08 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d1:68:63:dc:93:ec:29:0a:e0:9a:00:de:2b:c2:c1:aa:3a:21:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 26 00:31:55 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=47c1e80d94a08e2098b62a231b5811b9b2429e0b4b8dbe9d4dbd9e5a17756930, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:21:d0:78:0e:c2:f1:ff:7c:45:4b:ec:4d:36:
                    5c:09:fa:cb:d3:cc:f3:50:31:26:20:e1:a9:bc:e8:
                    f6:d0:98:98:76:91:84:bb:1c:81:7f:6b:00:14:88:
                    06:47:ff:90:45:25:e9:48:0c:f7:80:6e:7a:c3:14:
                    c5:d6:65:b7:70:82:5f:3f:f1:a1:28:09:da:f5:1c:
                    09:cf:c3:af:07:96:09:53:0e:03:25:b2:62:d3:39:
                    0c:00:e5:72:a5:a5:c6:52:2c:5c:f3:76:2a:5f:fc:
                    0e:ee:32:25:65:93:51:c6:0d:70:44:f6:5e:32:41:
                    6a:a9:4b:a7:b8:01:25:57:e2:6e:30:b5:2a:0b:f2:
                    26:59:cb:2f:1b:53:7d:ed:f5:c3:97:18:9a:ce:71:
                    83:a0:9d:02:88:c2:08:f7:56:a1:21:3d:2d:6a:7d:
                    0a:9c:21:8b:ae:9f:bf:76:50:af:80:38:dd:75:d6:
                    da:07:a5:2e:44:26:67:ac:c6:3e:51:c6:91:14:1a:
                    81:a2:8a:51:58:2b:3b:35:bd:55:6c:bb:7f:5c:02:
                    c9:20:81:d9:55:92:61:b1:b1:93:56:f2:f7:12:75:
                    ec:be:3b:4b:6b:d5:9d:86:3f:de:2b:f7:ce:07:91:
                    f0:52:79:b3:84:89:e8:55:09:93:d4:3d:16:5e:09:
                    7a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A2:BB:93:3B:F3:EA:08:30:92:EF:6E:97:9C:92:5C:03:3F:C5:E9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1466c713-abfa-4fa8-86b5-f65fdc7f9e7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:fc:14:19:dc:14:56:9a:1d:26:ae:10:23:00:f5:3d:40:35:
         b0:6b:21:33:ca:fe:9d:9b:c4:d4:51:f3:3d:33:20:6e:1b:4c:
         7c:9a:56:b5:26:08:bf:c0:f6:c3:4f:2b:fa:26:87:37:19:e2:
         ed:d7:94:c5:08:6a:c9:a2:59:6f:2b:26:b0:5f:f5:43:a4:1c:
         0f:1f:da:f5:bd:a1:06:61:ae:ce:1f:da:ae:47:8e:89:55:1f:
         f1:ff:6b:5e:4d:7f:a4:ac:85:39:8d:ea:93:3a:19:f4:50:2f:
         32:26:9e:7a:dd:40:98:e6:ab:12:ba:26:1d:da:c5:ae:0b:cb:
         fa:d3:17:ab:e0:5e:a4:13:00:7e:c3:c2:64:f4:f4:9d:4a:ff:
         02:07:d3:b9:d9:a0:78:23:ff:87:70:86:87:25:2f:e6:53:e2:
         31:02:f5:e9:19:30:9c:79:ff:a7:4a:c4:e9:1b:ef:5f:9e:82:
         d0:61:ae:b6:3b:9b:bd:bc:14:07:bd:f5:9d:01:42:cd:ef:55:
         d2:17:ee:c1:be:3a:87:ea:9b:11:02:7c:9a:c6:20:76:34:56:
         2a:6e:74:9f:58:e6:63:74:2d:de:d1:6d:2f:1d:dd:db:cd:5a:
         62:91:2c:20:a0:13:36:d0:01:84:04:65:27:c2:62:d6:07:cd:
         7d:1a:a4:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD9FoY9yT7CkK4JoA3ivCwao6IaEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI2MDAzMTU1WhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0N2MxZTgwZDk0YTA4ZTIwOThiNjJhMjMxYjU4MTFiOWIy
NDI5ZTBiNGI4ZGJlOWQ0ZGJkOWU1YTE3NzU2OTMwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVIdB4DsLx/3xFS+xNNlwJ+svTzPNQMSYg4am86PbQmJh2
kYS7HIF/awAUiAZH/5BFJelIDPeAbnrDFMXWZbdwgl8/8aEoCdr1HAnPw68HlglT
DgMlsmLTOQwA5XKlpcZSLFzzdipf/A7uMiVlk1HGDXBE9l4yQWqpS6e4ASVX4m4w
tSoL8iZZyy8bU33t9cOXGJrOcYOgnQKIwgj3VqEhPS1qfQqcIYuun792UK+AON11
1toHpS5EJmesxj5RxpEUGoGiilFYKzs1vVVsu39cAskggdlVkmGxsZNW8vcSdey+
O0tr1Z2GP94r984HkfBSebOEiehVCZPUPRZeCXqRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1aK7kzvz6ggwku9ul5ySXAM/xekwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE0NjZjNzEzLWFiZmEtNGZhOC04NmI1LWY2NWZkYzdmOWU3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XhYwDQYJKoZIhvcNAQELBQADggEBAFT8FBncFFaaHSauECMA9T1ANbBr
ITPK/p2bxNRR8z0zIG4bTHyaVrUmCL/A9sNPK/omhzcZ4u3XlMUIasmiWW8rJrBf
9UOkHA8f2vW9oQZhrs4f2q5HjolVH/H/a15Nf6SshTmN6pM6GfRQLzImnnrdQJjm
qxK6Jh3axa4Ly/rTF6vgXqQTAH7DwmT09J1K/wIH07nZoHgj/4dwhoclL+ZT4jEC
9ekZMJx5/6dKxOkb71+egtBhrrY7m728FAe99Z0BQs3vVdIX7sG+OofqmxECfJrG
IHY0VipudJ9Y5mN0Ld7RbS8d3dvNWmKRLCCgEzbQAYQEZSfCYtYHzX0apFY=
-----END CERTIFICATE-----