Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/edda0fbf-7394-490b-b1cd-94f4fb230aee.roa
File:                     edda0fbf-7394-490b-b1cd-94f4fb230aee.roa (raw, json)
Hash identifier:          ia/jmOINGC+uKJaBm37a8I36omY7beAXcA4rOf1Zz/Y=
Subject key identifier:   AB:CC:35:88:01:A9:29:35:4B:40:67:D6:F4:5F:2A:94:30:B8:14:BC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       46AAC5EA609741F9C54BA6547091908BA7D0F3D1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/edda0fbf-7394-490b-b1cd-94f4fb230aee.roa
Signing time:             Fri 18 Apr 2025 18:20:10 +0000
ROA not before:           Fri 18 Apr 2025 18:20:10 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 08 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:aa:c5:ea:60:97:41:f9:c5:4b:a6:54:70:91:90:8b:a7:d0:f3:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 18 18:20:10 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=a40a2c3ed84e1763349d557ce23930172a482ff66a7ad7e7458048da0f26c5e4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:93:9f:f2:11:37:cd:6b:78:a5:f5:4a:c4:1a:
                    ac:d8:dd:c5:15:20:5e:d5:1c:e0:3c:bd:6b:83:47:
                    5c:0c:a6:20:28:a1:84:9d:1a:91:0d:df:f1:92:9a:
                    1d:47:19:50:41:34:da:87:46:be:2e:2a:08:2b:aa:
                    c0:56:c7:56:cc:2a:42:c7:82:46:c1:b8:ca:3e:2c:
                    09:d5:b8:83:fa:d7:2f:0b:35:a4:27:0c:09:58:e1:
                    72:42:ea:6b:6f:b7:af:1c:72:48:77:10:96:93:3b:
                    e3:c8:61:62:ef:e5:8c:80:12:6f:dc:ae:77:79:ea:
                    9c:f9:1c:53:63:a7:64:b1:fd:fe:b2:12:b5:d2:d0:
                    93:22:49:22:7f:30:2f:d5:54:58:58:cb:86:d3:79:
                    b7:1e:a2:da:4a:8c:a1:2f:bc:63:da:ef:70:ec:93:
                    94:1d:0b:5e:cb:81:8b:65:05:50:86:49:30:d3:46:
                    44:36:ef:cc:d4:36:43:19:c7:fa:6e:6b:33:76:fd:
                    6e:2a:f4:8a:48:1d:d3:63:09:e7:0c:e6:1b:23:fa:
                    55:fb:e6:50:76:cd:51:dd:df:3d:8c:4a:3b:c8:a0:
                    38:a6:65:be:b6:ae:19:85:1d:a8:de:c4:4b:f7:5b:
                    e2:2b:60:9f:f2:82:e2:54:83:a9:5f:74:0e:36:45:
                    6f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:CC:35:88:01:A9:29:35:4B:40:67:D6:F4:5F:2A:94:30:B8:14:BC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/edda0fbf-7394-490b-b1cd-94f4fb230aee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ae:c3:2f:12:e0:92:2a:2d:14:5c:4e:b7:9b:fb:45:79:59:fc:
         0d:24:1e:d0:ee:91:9b:c0:43:44:a6:68:83:02:11:b2:3a:cc:
         2e:fb:d2:a7:96:b8:92:f5:b8:ee:62:62:ef:7f:f0:fd:b3:1e:
         de:5c:4a:29:0f:df:76:df:fa:6d:da:44:da:dc:73:41:5b:9f:
         b6:5c:07:6e:a9:46:c5:75:c9:a1:a5:fa:22:e1:65:2a:4b:1f:
         9e:1e:26:a4:d9:2b:53:f6:80:dd:0a:c7:54:ce:5e:c0:d6:ab:
         fc:e5:51:af:37:20:1e:f9:70:06:f7:e6:ea:58:e2:f9:8a:a0:
         f3:ae:0b:b7:4d:a1:a1:81:f9:a9:d5:ce:e9:57:06:6a:5c:75:
         6b:15:a0:8a:bd:32:09:6d:f3:6d:d6:24:7f:4d:27:f2:91:b4:
         0a:85:d0:52:12:ae:65:9a:fe:ec:db:97:dc:b5:c3:37:a5:85:
         c5:69:7f:c5:6d:28:25:44:9a:b7:5d:e7:87:0b:be:c6:00:03:
         53:eb:bd:0e:95:36:79:49:a2:8b:84:4e:39:a8:76:c6:0c:32:
         85:90:b7:64:aa:0f:3b:04:34:a6:5c:fe:80:20:ea:b4:7c:84:
         48:f4:cc:b8:71:a4:4b:e9:c0:14:0a:51:00:73:63:17:22:95:
         0b:78:7a:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURqrF6mCXQfnFS6ZUcJGQi6fQ89EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE4MTgyMDEwWhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNDBhMmMzZWQ4NGUxNzYzMzQ5ZDU1N2NlMjM5MzAxNzJh
NDgyZmY2NmE3YWQ3ZTc0NTgwNDhkYTBmMjZjNWU0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUk5/yETfNa3il9UrEGqzY3cUVIF7VHOA8vWuDR1wMpiAo
oYSdGpEN3/GSmh1HGVBBNNqHRr4uKggrqsBWx1bMKkLHgkbBuMo+LAnVuIP61y8L
NaQnDAlY4XJC6mtvt68cckh3EJaTO+PIYWLv5YyAEm/crnd56pz5HFNjp2Sx/f6y
ErXS0JMiSSJ/MC/VVFhYy4bTebceotpKjKEvvGPa73Dsk5QdC17LgYtlBVCGSTDT
RkQ278zUNkMZx/puazN2/W4q9IpIHdNjCecM5hsj+lX75lB2zVHd3z2MSjvIoDim
Zb62rhmFHajexEv3W+IrYJ/yguJUg6lfdA42RW/LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq8w1iAGpKTVLQGfW9F8qlDC4FLwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VkZGEwZmJmLTczOTQtNDkwYi1iMWNkLTk0ZjRmYjIzMGFlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY29QAwDQYJKoZIhvcNAQELBQADggEBAK7DLxLgkiotFFxOt5v7RXlZ/A0k
HtDukZvAQ0SmaIMCEbI6zC770qeWuJL1uO5iYu9/8P2zHt5cSikP33bf+m3aRNrc
c0Fbn7ZcB26pRsV1yaGl+iLhZSpLH54eJqTZK1P2gN0Kx1TOXsDWq/zlUa83IB75
cAb35upY4vmKoPOuC7dNoaGB+anVzulXBmpcdWsVoIq9Mglt823WJH9NJ/KRtAqF
0FISrmWa/uzbl9y1wzelhcVpf8VtKCVEmrdd54cLvsYAA1PrvQ6VNnlJoouETjmo
dsYMMoWQt2SqDzsENKZc/oAg6rR8hEj0zLhxpEvpwBQKUQBzYxcilQt4eoM=
-----END CERTIFICATE-----