Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f36589a-6a75-4fe3-a497-53f76c6f6368.roa
File:                     9f36589a-6a75-4fe3-a497-53f76c6f6368.roa (raw, json)
Hash identifier:          frGNcOCslMcH7QQmn3oEQIbdetzPzGXJSK+uQcMRTIo=
Subject key identifier:   6D:7D:B7:1D:83:56:79:12:94:AE:59:0F:49:F2:2B:AF:96:FA:05:A4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E219BD227BBD46AF8ECBA41A95CF85CCC839622
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f36589a-6a75-4fe3-a497-53f76c6f6368.roa
Signing time:             Tue 22 Apr 2025 18:01:39 +0000
ROA not before:           Tue 22 Apr 2025 18:01:39 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.206.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:21:9b:d2:27:bb:d4:6a:f8:ec:ba:41:a9:5c:f8:5c:cc:83:96:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 22 18:01:39 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=69873b78be91bc761e5cdeaa0efebfdfec7faac3927b44257dd1a5c127e341ea, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a8:41:4b:e0:ad:ba:62:c0:c3:0e:90:a7:30:
                    4b:91:7a:01:95:f9:6a:31:65:2d:ae:06:d2:fd:50:
                    04:58:90:2d:bb:59:a4:a7:ad:ae:db:ce:b2:1b:90:
                    af:2d:b4:8d:db:2a:f8:90:b0:30:aa:2a:0f:55:5f:
                    4e:5b:3e:05:c4:61:79:71:39:96:45:56:a0:86:37:
                    4a:e3:44:08:cb:d7:e0:07:c6:15:ab:31:78:ab:91:
                    7c:38:6f:10:20:42:ad:4a:18:de:25:e7:ce:3b:98:
                    1c:26:6a:3d:7f:ed:89:85:0d:da:fd:c7:37:98:28:
                    f2:e3:2f:6a:00:d1:f5:34:10:3f:e1:c3:9e:cc:f1:
                    f4:b9:e4:96:10:36:db:8b:cf:01:58:9f:56:a9:1c:
                    2f:77:f5:86:58:27:90:d2:1a:d9:be:fb:a0:ec:53:
                    8f:52:07:3b:c7:eb:27:49:09:ab:bb:5c:58:e0:8e:
                    0a:ec:b0:f7:c8:76:a4:8e:7a:84:93:b9:7d:ba:42:
                    27:82:c4:8c:06:73:7a:1e:1d:a8:5c:ae:15:85:4d:
                    67:83:33:1a:b6:17:e7:19:fa:ff:2e:77:a8:77:da:
                    58:7b:b9:0f:a4:00:29:cf:5a:17:29:f6:2a:f1:a8:
                    63:12:54:9b:a8:79:bc:f6:91:2c:ee:c0:98:01:64:
                    01:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7D:B7:1D:83:56:79:12:94:AE:59:0F:49:F2:2B:AF:96:FA:05:A4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f36589a-6a75-4fe3-a497-53f76c6f6368.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:d6:4e:f2:40:62:58:ac:2f:56:ee:c8:26:fa:b7:77:65:ae:
         be:b3:b7:1e:09:3f:65:b3:a6:8a:dc:cd:93:37:70:b9:81:5c:
         ea:72:3b:e4:ef:06:b0:09:89:df:b4:f9:26:af:7a:64:a7:2c:
         2b:ab:98:1d:b7:15:d6:3c:50:93:cf:81:42:73:e9:62:f8:98:
         9a:36:16:b5:d1:31:d1:98:e9:6a:87:6a:91:a6:22:cd:56:dd:
         0a:2b:75:28:99:c3:7b:b0:d0:87:60:bf:b4:bf:58:c9:3c:5e:
         33:ab:17:b9:0d:0f:ee:cd:00:a3:97:78:41:ad:80:87:69:60:
         51:de:51:a3:d3:dc:34:23:47:80:77:62:e7:96:31:f5:82:ee:
         39:2f:75:24:4a:64:6b:fc:61:70:00:8f:c7:9d:f0:45:c5:37:
         7d:b9:63:90:2f:b2:2f:8c:fb:11:b1:74:6e:65:23:98:99:5f:
         6b:7f:29:70:b3:ea:b0:83:b8:68:9b:86:b8:0a:73:08:39:1b:
         4b:13:5a:9b:c0:02:45:73:02:1c:db:3d:4d:e7:38:e1:81:7a:
         d4:f8:4a:74:7f:7d:41:6b:b0:5a:d8:bd:ca:b5:41:db:ec:99:
         1d:0f:50:89:91:0a:b7:b9:43:4d:9e:88:26:2f:f3:c7:91:2c:
         64:bf:b1:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXiGb0ie71Gr47LpBqVz4XMyDliIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDIyMTgwMTM5WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTg3M2I3OGJlOTFiYzc2MWU1Y2RlYWEwZWZlYmZkZmVj
N2ZhYWMzOTI3YjQ0MjU3ZGQxYTVjMTI3ZTM0MWVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSqEFL4K26YsDDDpCnMEuRegGV+WoxZS2uBtL9UARYkC27
WaSnra7bzrIbkK8ttI3bKviQsDCqKg9VX05bPgXEYXlxOZZFVqCGN0rjRAjL1+AH
xhWrMXirkXw4bxAgQq1KGN4l5847mBwmaj1/7YmFDdr9xzeYKPLjL2oA0fU0ED/h
w57M8fS55JYQNtuLzwFYn1apHC939YZYJ5DSGtm++6DsU49SBzvH6ydJCau7XFjg
jgrssPfIdqSOeoSTuX26QieCxIwGc3oeHahcrhWFTWeDMxq2F+cZ+v8ud6h32lh7
uQ+kACnPWhcp9irxqGMSVJuoebz2kSzuwJgBZAHRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbX23HYNWeRKUrlkPSfIrr5b6BaQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlmMzY1ODlhLTZhNzUtNGZlMy1hNDk3LTUzZjc2YzZmNjM2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0d84wDQYJKoZIhvcNAQELBQADggEBAHDWTvJAYlisL1buyCb6t3dlrr6z
tx4JP2WzporczZM3cLmBXOpyO+TvBrAJid+0+SavemSnLCurmB23FdY8UJPPgUJz
6WL4mJo2FrXRMdGY6WqHapGmIs1W3QordSiZw3uw0Idgv7S/WMk8XjOrF7kND+7N
AKOXeEGtgIdpYFHeUaPT3DQjR4B3YueWMfWC7jkvdSRKZGv8YXAAj8ed8EXFN325
Y5Avsi+M+xGxdG5lI5iZX2t/KXCz6rCDuGibhrgKcwg5G0sTWpvAAkVzAhzbPU3n
OOGBetT4SnR/fUFrsFrYvcq1QdvsmR0PUImRCre5Q02eiCYv88eRLGS/sSY=
-----END CERTIFICATE-----
Generated at Mon May 5 05:59:43 2025 by rpki-client