Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9732be5b-f635-413e-8ed2-e85dd993d785.roa
File:                     9732be5b-f635-413e-8ed2-e85dd993d785.roa (raw, json)
Hash identifier:          BfZCEaoYHojUf2pHtTJhbLL/Tp/szHHWYq6ryNBr+DA=
Subject key identifier:   8F:55:8E:EA:AC:D7:26:82:D1:24:55:F7:22:90:BD:C3:FA:26:B2:6B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28F1C5774646B74281D621359E616F4596CD7F3D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9732be5b-f635-413e-8ed2-e85dd993d785.roa
Signing time:             Mon 14 Apr 2025 17:11:22 +0000
ROA not before:           Mon 14 Apr 2025 17:11:22 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.214.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:f1:c5:77:46:46:b7:42:81:d6:21:35:9e:61:6f:45:96:cd:7f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 17:11:22 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=b88fe3e1d32f100671be27639f19be1b375acf72b5d2134016cb3c6355ec715e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:eb:1c:00:3d:09:c4:0c:4d:7f:fe:d8:fa:20:
                    0d:6e:2f:8a:37:7c:50:9b:e6:6f:dc:b4:76:0c:b0:
                    17:e8:2a:20:1b:07:a2:63:67:fc:b1:e8:88:34:10:
                    83:c3:6f:1d:68:d9:11:80:fb:2c:8d:39:88:79:6a:
                    0a:0c:c7:68:c5:8f:b1:27:91:d3:8b:76:54:de:31:
                    25:b4:50:f0:c8:60:d1:7b:10:58:d1:75:4c:42:40:
                    91:b2:d9:9e:eb:4d:5d:71:b7:80:e7:91:00:b2:97:
                    81:19:5c:43:f2:49:7c:17:9c:0f:81:e7:3e:fb:e6:
                    3f:44:cd:72:36:08:2c:20:7b:a9:14:f8:83:f6:a2:
                    74:54:b0:fe:2a:ed:0f:bb:7f:bc:da:1d:d8:13:33:
                    62:19:02:09:91:54:ca:2c:24:d7:16:da:57:ab:13:
                    b8:b3:02:25:89:bd:ca:2b:55:df:89:b2:31:6f:8e:
                    7b:06:5f:02:40:2a:06:20:0a:32:b7:7d:59:f8:ff:
                    99:8a:89:25:61:09:14:a0:38:f6:02:9c:79:61:b8:
                    3b:4c:2b:ca:29:d3:59:1e:06:c7:81:a7:2c:9a:01:
                    39:55:c6:de:9e:eb:3c:ba:2b:b7:3b:fd:b9:cd:8f:
                    fb:cb:94:af:ff:1d:a3:f2:5e:11:a3:d0:31:f9:e9:
                    bd:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:55:8E:EA:AC:D7:26:82:D1:24:55:F7:22:90:BD:C3:FA:26:B2:6B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9732be5b-f635-413e-8ed2-e85dd993d785.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.214.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         52:e2:c0:45:eb:d5:9d:11:88:50:8e:55:1b:60:d8:7d:be:6d:
         8d:12:3b:72:8b:24:d8:01:06:07:d5:21:a5:51:09:ef:70:dc:
         db:14:cf:8b:e5:c8:f9:fc:ae:16:48:70:53:1e:e6:7d:e3:a0:
         48:b0:52:59:c1:7c:6b:18:a0:ac:58:68:94:ba:c2:c0:04:74:
         13:e6:2c:ae:d0:0b:b3:57:43:23:4b:d7:fc:47:c4:04:de:05:
         17:92:24:ef:da:a8:9e:89:a4:65:2a:78:39:df:93:be:31:77:
         91:cc:9f:75:25:27:d9:b2:ea:8e:d2:71:e8:3d:c4:6a:c5:c2:
         6a:74:90:19:4f:05:8b:47:41:47:9c:50:ba:7e:21:5a:62:47:
         c9:a2:cd:80:60:f8:05:33:c6:8e:d9:b4:2f:13:aa:c9:25:3a:
         7e:73:93:f9:d2:8e:ca:5a:31:6c:42:73:c8:57:ce:f2:9f:77:
         7f:28:14:a9:a3:78:1c:a6:2b:4f:9e:9f:cd:4c:c4:36:0a:ac:
         4d:03:2e:c6:76:63:37:05:01:d9:02:5e:8b:fc:c4:8c:cd:00:
         1b:e0:26:ea:bf:69:de:3b:5b:18:4a:2a:01:9a:d7:e0:6a:d5:
         0a:82:41:73:13:e7:34:1a:5a:06:cf:be:d6:8b:a4:75:df:15:
         58:67:8e:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKPHFd0ZGt0KB1iE1nmFvRZbNfz0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTcxMTIyWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODhmZTNlMWQzMmYxMDA2NzFiZTI3NjM5ZjE5YmUxYjM3
NWFjZjcyYjVkMjEzNDAxNmNiM2M2MzU1ZWM3MTVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ6xwAPQnEDE1//tj6IA1uL4o3fFCb5m/ctHYMsBfoKiAb
B6JjZ/yx6Ig0EIPDbx1o2RGA+yyNOYh5agoMx2jFj7EnkdOLdlTeMSW0UPDIYNF7
EFjRdUxCQJGy2Z7rTV1xt4DnkQCyl4EZXEPySXwXnA+B5z775j9EzXI2CCwge6kU
+IP2onRUsP4q7Q+7f7zaHdgTM2IZAgmRVMosJNcW2lerE7izAiWJvcorVd+JsjFv
jnsGXwJAKgYgCjK3fVn4/5mKiSVhCRSgOPYCnHlhuDtMK8op01keBseBpyyaATlV
xt6e6zy6K7c7/bnNj/vLlK//HaPyXhGj0DH56b1tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUj1WO6qzXJoLRJFX3IpC9w/omsmswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk3MzJiZTViLWY2MzUtNDEzZS04ZWQyLWU4NWRkOTkzZDc4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY21oAwDQYJKoZIhvcNAQELBQADggEBAFLiwEXr1Z0RiFCOVRtg2H2+bY0S
O3KLJNgBBgfVIaVRCe9w3NsUz4vlyPn8rhZIcFMe5n3joEiwUlnBfGsYoKxYaJS6
wsAEdBPmLK7QC7NXQyNL1/xHxATeBReSJO/aqJ6JpGUqeDnfk74xd5HMn3UlJ9my
6o7Sceg9xGrFwmp0kBlPBYtHQUecULp+IVpiR8mizYBg+AUzxo7ZtC8TqsklOn5z
k/nSjspaMWxCc8hXzvKfd38oFKmjeBymK0+en81MxDYKrE0DLsZ2YzcFAdkCXov8
xIzNABvgJuq/ad47WxhKKgGa1+Bq1QqCQXMT5zQaWgbPvtaLpHXfFVhnjjA=
-----END CERTIFICATE-----