Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa
File:                     29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa (raw, json)
Hash identifier:          5rhHukGVidZasCH0UTm7Hgf1xDf/qI1PLAUPOOmjxGo=
Subject key identifier:   8E:B2:54:32:90:48:9F:00:73:04:9B:52:77:D1:D4:1A:AC:C6:BE:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7035B6A887B863859226FB4BDD44D12B00D168BE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa
Signing time:             Fri 18 Apr 2025 18:11:05 +0000
ROA not before:           Fri 18 Apr 2025 18:11:05 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.248.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:35:b6:a8:87:b8:63:85:92:26:fb:4b:dd:44:d1:2b:00:d1:68:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:11:05 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=66cb4048c5e7315dc4c32f8cab92c4f04bb7c8c5bf6d8453e8258fcdc368236c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:34:f4:e7:0b:21:82:1d:2e:fb:73:50:16:64:
                    4a:42:e3:53:0f:c8:3e:0e:43:30:7a:85:70:72:f2:
                    ff:db:28:ee:71:22:f4:7e:50:dd:c1:c4:69:aa:f9:
                    69:99:94:60:5b:d5:49:da:de:e0:a6:7f:c9:21:85:
                    15:80:47:4e:0d:aa:5d:71:1b:74:b7:04:a5:38:61:
                    35:46:29:8b:43:21:5f:ad:a6:ea:35:38:96:09:9f:
                    7a:92:c0:3c:9c:a8:d6:83:ed:e4:7a:9f:36:9c:1b:
                    59:05:05:63:7c:e0:99:66:75:9a:62:d2:c0:cf:cc:
                    a4:48:2e:39:71:5f:b1:c9:ec:3f:f8:b8:f7:cb:85:
                    17:e9:2a:c4:a7:3a:66:43:fd:dd:15:f2:2b:a4:5e:
                    5f:53:84:bd:fd:bb:d4:71:e5:8b:9b:e9:98:a4:5d:
                    2e:94:9a:bc:3f:30:cb:60:71:55:a7:95:62:c1:da:
                    a0:56:99:8e:ef:81:ee:74:b5:f4:87:59:ef:13:d1:
                    06:ec:b4:04:9b:5b:01:fc:09:92:f8:23:7b:60:57:
                    7b:85:40:c2:23:c9:05:f1:a5:a1:d9:7f:c6:e3:de:
                    8a:6e:c7:8c:a2:f0:97:7b:08:2a:37:60:26:1e:28:
                    34:1a:b9:d2:83:bd:cf:d8:0b:3d:9e:7e:eb:82:2f:
                    b0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B2:54:32:90:48:9F:00:73:04:9B:52:77:D1:D4:1A:AC:C6:BE:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.248.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         55:86:e3:48:a6:75:d7:44:91:ab:68:22:a8:cb:d3:eb:b2:7e:
         e2:f6:13:04:ea:26:87:d3:3c:57:da:b1:6b:67:ff:b3:21:22:
         62:3b:45:98:e9:db:95:6d:c7:b7:d7:70:47:b5:0c:d4:f3:a6:
         7e:30:f0:22:15:6e:56:6c:2d:78:56:3f:cf:23:c6:36:30:9a:
         5f:56:39:6b:b3:41:76:8b:fc:6f:54:94:2b:7a:dc:9d:64:82:
         e5:c9:45:89:7b:eb:1c:02:81:4d:b4:eb:ff:f7:c5:2e:76:4d:
         45:0c:33:0e:fe:48:e4:92:5d:e9:fe:79:6b:87:58:ac:c5:03:
         e7:cb:b8:7d:d5:be:86:af:dd:db:3d:c0:51:12:38:f4:94:8b:
         fd:a2:e1:fe:a9:f5:3c:26:30:79:0a:7d:19:cf:57:9d:9f:e6:
         89:0d:6f:19:f1:a7:ba:06:0f:31:10:b9:bf:9a:c9:1d:2e:85:
         15:41:3c:57:bf:56:c4:b5:9a:0c:cb:79:c2:7b:47:11:16:cd:
         69:6c:15:9b:e7:18:52:fd:a3:ef:32:61:7e:b8:89:af:a9:c8:
         18:f4:63:39:04:d5:9e:4c:2e:65:8b:e5:94:7f:80:b7:b1:02:
         e9:53:68:3b:38:5c:16:95:c3:e7:ba:55:29:61:70:e5:f6:a5:
         22:48:f6:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcDW2qIe4Y4WSJvtL3UTRKwDRaL4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgxMTA1WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NmNiNDA0OGM1ZTczMTVkYzRjMzJmOGNhYjkyYzRmMDRi
YjdjOGM1YmY2ZDg0NTNlODI1OGZjZGMzNjgyMzZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqNPTnCyGCHS77c1AWZEpC41MPyD4OQzB6hXBy8v/bKO5x
IvR+UN3BxGmq+WmZlGBb1Una3uCmf8khhRWAR04Nql1xG3S3BKU4YTVGKYtDIV+t
puo1OJYJn3qSwDycqNaD7eR6nzacG1kFBWN84JlmdZpi0sDPzKRILjlxX7HJ7D/4
uPfLhRfpKsSnOmZD/d0V8iukXl9ThL39u9Rx5Yub6ZikXS6Umrw/MMtgcVWnlWLB
2qBWmY7vge50tfSHWe8T0QbstASbWwH8CZL4I3tgV3uFQMIjyQXxpaHZf8bj3opu
x4yi8Jd7CCo3YCYeKDQaudKDvc/YCz2efuuCL7DvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjrJUMpBInwBzBJtSd9HUGqzGvtEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5YzBmYWI1LTVjYTktNGQzYi05MGNjLTcxZmFlMDlmZGUzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2+OAwDQYJKoZIhvcNAQELBQADggEBAFWG40imdddEkatoIqjL0+uyfuL2
EwTqJofTPFfasWtn/7MhImI7RZjp25Vtx7fXcEe1DNTzpn4w8CIVblZsLXhWP88j
xjYwml9WOWuzQXaL/G9UlCt63J1kguXJRYl76xwCgU206//3xS52TUUMMw7+SOSS
Xen+eWuHWKzFA+fLuH3Vvoav3ds9wFESOPSUi/2i4f6p9TwmMHkKfRnPV52f5okN
bxnxp7oGDzEQub+ayR0uhRVBPFe/VsS1mgzLecJ7RxEWzWlsFZvnGFL9o+8yYX64
ia+pyBj0YzkE1Z5MLmWL5ZR/gLexAulTaDs4XBaVw+e6VSlhcOX2pSJI9us=
-----END CERTIFICATE-----