Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/baed7e3a-e49f-4c63-889b-d1361ad54e4b.roa
File:                     baed7e3a-e49f-4c63-889b-d1361ad54e4b.roa (raw, json)
Hash identifier:          D8RlWwnNJTKkWuN6Wtu8ThDhaglyOesVDFkLd41q7z4=
Subject key identifier:   56:3A:6B:7F:8E:3C:AA:BD:7D:32:9A:F1:C7:AA:79:85:E9:0A:2B:E7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       212098BA31C3B973C68637E19BA70F77AADBB888
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/baed7e3a-e49f-4c63-889b-d1361ad54e4b.roa
Signing time:             Wed 25 Jun 2025 00:21:06 +0000
ROA not before:           Wed 25 Jun 2025 00:21:06 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 01 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:20:98:ba:31:c3:b9:73:c6:86:37:e1:9b:a7:0f:77:aa:db:b8:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 25 00:21:06 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=c57ba4abed72d8badca92e2afede63cce82cebbaa1e412dd95030c10f92ad99d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:8d:50:da:bb:4e:7d:b8:44:a8:f0:67:25:
                    96:83:a6:56:ff:db:31:5a:83:03:80:0f:ab:c3:11:
                    c1:19:59:bc:1e:f2:35:a5:3a:bb:b6:95:09:68:4c:
                    4e:ca:55:45:9c:fa:19:93:34:76:9f:bb:8e:95:43:
                    8c:73:26:a7:ed:fb:ca:87:59:1f:69:38:19:1a:12:
                    48:14:4c:bb:52:52:b4:fb:80:09:ef:7a:78:7f:3e:
                    20:db:75:ae:b4:4c:73:b9:27:57:99:10:7e:33:ad:
                    04:dd:46:57:e6:5d:ed:62:b5:65:c0:c4:07:f8:50:
                    45:8c:0b:0f:5e:c2:8b:3e:50:09:73:cb:45:a7:ba:
                    79:62:16:3b:b9:00:07:f5:cc:2c:e9:b9:33:26:15:
                    14:e9:e9:90:ea:b4:21:a1:f3:1b:5c:72:56:16:09:
                    d7:cf:e4:49:eb:29:65:64:e5:33:11:e2:db:1e:2b:
                    af:e5:c8:0c:b9:b7:09:4a:83:be:25:f5:44:80:0a:
                    37:94:cf:23:db:ad:6e:67:41:51:2b:d4:18:db:af:
                    f0:00:c8:b9:4e:97:44:df:f0:60:23:31:56:b7:99:
                    aa:0a:c7:84:d0:61:4b:f7:0d:01:55:f0:69:f2:21:
                    f1:ab:e1:59:33:48:8e:e2:7c:67:16:2a:35:76:a0:
                    7f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:3A:6B:7F:8E:3C:AA:BD:7D:32:9A:F1:C7:AA:79:85:E9:0A:2B:E7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/baed7e3a-e49f-4c63-889b-d1361ad54e4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         97:5b:0e:78:67:41:cf:e9:f5:1d:99:a1:1c:90:94:c0:d2:84:
         92:22:bf:7d:9e:86:53:3d:06:85:b2:63:f3:c5:d4:11:43:4a:
         60:e9:af:bd:6d:cc:88:64:37:3b:9f:2e:79:f1:eb:04:82:12:
         0d:a6:fd:04:a6:31:20:ae:4f:13:59:69:be:5f:93:33:88:b5:
         01:b3:19:8b:7b:67:3f:75:8a:72:c4:6d:63:46:fc:43:1b:4f:
         88:d2:80:2f:fa:0a:9f:8b:37:fd:80:77:fa:82:ad:89:34:e6:
         7f:07:42:45:e0:31:15:26:bb:48:3d:c1:a7:fb:e9:14:07:fa:
         a3:49:21:96:85:cd:6f:54:80:f4:f2:37:57:78:fa:88:c0:08:
         3e:e3:ef:6e:80:f7:6c:53:b1:47:49:7b:98:12:4e:f2:2b:d9:
         f6:19:10:a0:3f:e8:f9:cf:47:e1:89:37:01:ee:db:8f:f9:a9:
         84:5a:cc:d5:38:6e:72:0e:6e:9f:60:92:8b:8c:10:72:4f:06:
         b4:e7:1b:c7:d9:4a:5b:6e:89:62:e0:a6:2d:ce:2c:7a:aa:30:
         ab:dd:df:0d:57:cd:ab:22:9a:8c:92:d6:0d:cd:e6:cb:c9:18:
         fa:2c:2a:15:fb:43:00:39:92:19:08:e3:64:29:7f:e9:7b:ee:
         08:fe:1f:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUISCYujHDuXPGhjfhm6cPd6rbuIgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjI1MDAyMTA2WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNTdiYTRhYmVkNzJkOGJhZGNhOTJlMmFmZWRlNjNjY2U4
MmNlYmJhYTFlNDEyZGQ5NTAzMGMxMGY5MmFkOTlkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ao1Q2rtOfbhEqPBnJZaDplb/2zFagwOAD6vDEcEZWbwe
8jWlOru2lQloTE7KVUWc+hmTNHafu46VQ4xzJqft+8qHWR9pOBkaEkgUTLtSUrT7
gAnvenh/PiDbda60THO5J1eZEH4zrQTdRlfmXe1itWXAxAf4UEWMCw9ewos+UAlz
y0WnunliFju5AAf1zCzpuTMmFRTp6ZDqtCGh8xtcclYWCdfP5EnrKWVk5TMR4tse
K6/lyAy5twlKg74l9USACjeUzyPbrW5nQVEr1Bjbr/AAyLlOl0Tf8GAjMVa3maoK
x4TQYUv3DQFV8GnyIfGr4VkzSI7ifGcWKjV2oH8nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVjprf448qr19Mprxx6p5hekKK+cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JhZWQ3ZTNhLWU0OWYtNGM2My04ODliLWQxMzYxYWQ1NGU0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM0XRgwDQYJKoZIhvcNAQELBQADggEBAJdbDnhnQc/p9R2ZoRyQlMDShJIi
v32ehlM9BoWyY/PF1BFDSmDpr71tzIhkNzufLnnx6wSCEg2m/QSmMSCuTxNZab5f
kzOItQGzGYt7Zz91inLEbWNG/EMbT4jSgC/6Cp+LN/2Ad/qCrYk05n8HQkXgMRUm
u0g9waf76RQH+qNJIZaFzW9UgPTyN1d4+ojACD7j726A92xTsUdJe5gSTvIr2fYZ
EKA/6PnPR+GJNwHu24/5qYRazNU4bnIObp9gkouMEHJPBrTnG8fZSltuiWLgpi3O
LHqqMKvd3w1XzasimoyS1g3N5svJGPosKhX7QwA5khkI42Qpf+l77gj+HzQ=
-----END CERTIFICATE-----