Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/0c66d033-4f84-4120-847f-54fc99d88509.roa
File:                     0c66d033-4f84-4120-847f-54fc99d88509.roa (raw, json)
Hash identifier:          avvbDbg5tr9MsPq3fUO3KKUA8/IQ9Sn/uLwxnpplkWY=
Subject key identifier:   6A:20:28:5B:C3:AB:C4:84:67:2D:D9:B2:82:91:15:88:40:DC:5C:EB
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       1BE5ABB927CA6B46C8A08EC955E9B8CF73520826
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/0c66d033-4f84-4120-847f-54fc99d88509.roa
Signing time:             Thu 18 Sep 2025 19:54:38 +0000
ROA not before:           Thu 18 Sep 2025 19:54:38 +0000
ROA not after:            Thu 23 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.251.208.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 20 Sep 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:e5:ab:b9:27:ca:6b:46:c8:a0:8e:c9:55:e9:b8:cf:73:52:08:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Sep 18 19:54:38 2025 GMT
            Not After : Oct 23 23:59:59 2025 GMT
        Subject: serialNumber=7d7e3863afd83756a097c8337517c57caf6183847ef2755a27da24369f5c11e7, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0a:da:05:da:7d:23:f9:7f:53:08:e8:a3:09:
                    2d:ee:44:ca:51:70:f6:fe:b1:28:42:3a:e5:f2:30:
                    04:4d:e5:16:59:f0:ce:a7:4c:97:1d:dd:87:15:a1:
                    e0:8a:a7:a5:29:82:c3:04:cb:eb:0a:04:07:f4:6a:
                    48:53:15:7f:ef:99:a7:0c:44:f8:80:d4:cb:4c:31:
                    71:46:63:0a:8e:54:7a:9e:62:7f:cf:ed:a1:d2:d6:
                    81:a2:ac:2e:3c:00:ec:17:15:2b:01:31:1a:dc:47:
                    e3:a4:0a:de:93:a7:1a:ee:89:80:19:22:c7:6f:05:
                    9b:68:75:ac:bb:12:3a:03:98:19:77:c8:22:89:f1:
                    31:b0:33:1e:d7:46:74:10:1a:35:b7:0b:e4:78:2d:
                    51:16:59:e8:41:af:5f:83:68:76:22:46:64:17:b2:
                    58:ad:56:2a:e5:3d:ba:16:46:31:6f:73:6f:1e:4c:
                    2f:ab:33:97:33:c6:ef:92:5b:8a:b9:4b:e8:12:81:
                    5b:71:17:32:c8:bb:1a:a3:8a:95:0d:45:7c:2f:66:
                    c1:fb:1a:4d:9b:8d:6c:57:c6:72:6c:2d:24:76:72:
                    34:e1:07:66:7a:df:3a:8d:8f:52:6c:01:fd:e6:be:
                    be:ab:0c:d6:e2:b6:f4:7a:52:e8:e7:3c:84:25:28:
                    09:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:20:28:5B:C3:AB:C4:84:67:2D:D9:B2:82:91:15:88:40:DC:5C:EB
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/0c66d033-4f84-4120-847f-54fc99d88509.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.251.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2d:a5:d1:f7:27:c9:2b:3b:bb:95:16:b7:b2:b0:b3:f5:31:5d:
         42:97:7e:23:ad:0c:af:0b:8f:9a:52:c2:47:40:56:3b:7c:71:
         15:fb:c2:a3:27:2d:22:2c:83:8c:87:09:00:29:2f:5d:bb:3e:
         27:3d:47:96:79:c2:76:66:48:94:62:6c:fc:87:ea:d5:62:1c:
         72:23:7e:e0:be:2d:1a:74:4c:c5:41:51:65:40:25:91:58:3b:
         57:b4:47:62:cb:0c:88:d5:97:4c:1e:62:4a:6e:e9:a3:15:1c:
         e0:c6:51:f6:47:f7:9c:8a:96:39:73:7d:65:15:d8:61:a2:86:
         03:12:02:60:ec:72:57:5a:d1:18:46:1c:4a:4d:fc:2e:82:58:
         9a:5d:da:7c:95:bb:f1:c9:b0:f5:c2:9d:38:52:67:f9:da:84:
         bd:df:f5:e2:ac:14:40:75:82:05:d1:80:2a:2a:0e:84:65:aa:
         99:4f:73:c4:ad:7c:93:61:56:51:08:af:35:9c:1c:7a:43:7c:
         c7:be:59:cc:cd:92:8e:bc:7c:31:a3:0f:c0:b6:e4:17:3c:c8:
         81:6c:94:fb:eb:b0:c0:22:f1:50:8b:79:b5:18:e1:be:3a:62:
         da:02:23:df:bd:b7:7e:44:8a:0d:1a:fa:52:af:16:6b:f0:72:
         ee:4d:f1:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG+WruSfKa0bIoI7JVem4z3NSCCYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwOTE4MTk1NDM4WhcNMjUxMDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDdlMzg2M2FmZDgzNzU2YTA5N2M4MzM3NTE3YzU3Y2Fm
NjE4Mzg0N2VmMjc1NWEyN2RhMjQzNjlmNWMxMWU3MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVCtoF2n0j+X9TCOijCS3uRMpRcPb+sShCOuXyMARN5RZZ
8M6nTJcd3YcVoeCKp6UpgsMEy+sKBAf0akhTFX/vmacMRPiA1MtMMXFGYwqOVHqe
Yn/P7aHS1oGirC48AOwXFSsBMRrcR+OkCt6TpxruiYAZIsdvBZtoday7EjoDmBl3
yCKJ8TGwMx7XRnQQGjW3C+R4LVEWWehBr1+DaHYiRmQXslitVirlPboWRjFvc28e
TC+rM5czxu+SW4q5S+gSgVtxFzLIuxqjipUNRXwvZsH7Gk2bjWxXxnJsLSR2cjTh
B2Z63zqNj1JsAf3mvr6rDNbitvR6UujnPIQlKAl3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaiAoW8OrxIRnLdmygpEViEDcXOswHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzBjNjZkMDMzLTRmODQtNDEyMC04NDdmLTU0ZmM5OWQ4ODUwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPN+9AwDQYJKoZIhvcNAQELBQADggEBAC2l0fcnySs7u5UWt7Kws/UxXUKX
fiOtDK8Lj5pSwkdAVjt8cRX7wqMnLSIsg4yHCQApL127Pic9R5Z5wnZmSJRibPyH
6tViHHIjfuC+LRp0TMVBUWVAJZFYO1e0R2LLDIjVl0weYkpu6aMVHODGUfZH95yK
ljlzfWUV2GGihgMSAmDsclda0RhGHEpN/C6CWJpd2nyVu/HJsPXCnThSZ/nahL3f
9eKsFEB1ggXRgCoqDoRlqplPc8StfJNhVlEIrzWcHHpDfMe+WczNko68fDGjD8C2
5Bc8yIFslPvrsMAi8VCLebUY4b46YtoCI9+9t35Eig0a+lKvFmvwcu5N8es=
-----END CERTIFICATE-----