Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5906168-6c33-4fc8-9f36-f065815f1ed4.roa
File:                     b5906168-6c33-4fc8-9f36-f065815f1ed4.roa (raw, json)
Hash identifier:          404MGPybWmomiGUb8tWq674k6y9f6I6IdnrE9OJIaz4=
Subject key identifier:   DD:B0:67:3D:54:A3:CC:EE:02:D9:39:71:0C:4B:21:36:06:DD:01:AE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       34AEA992A68264C8AD4A60BE2FFBB6F8E33A35
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5906168-6c33-4fc8-9f36-f065815f1ed4.roa
Signing time:             Fri 19 Sep 2025 15:02:16 +0000
ROA not before:           Fri 19 Sep 2025 15:02:16 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.157.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:ae:a9:92:a6:82:64:c8:ad:4a:60:be:2f:fb:b6:f8:e3:3a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 15:02:16 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=6581a1d1185d807cb1ff21c13d2f31c6da66bce6949cfefbd5c7f673ba872871, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b5:31:bc:43:cf:21:e7:22:b9:78:bd:76:c7:
                    c4:4e:ac:dc:81:78:07:cc:8f:b4:a4:96:7f:e5:39:
                    f6:f5:a0:fc:49:1c:a7:9d:c2:c0:69:f0:3c:d9:4a:
                    c1:d1:ce:39:0c:d8:8e:0f:c2:16:9d:cd:48:b9:86:
                    65:02:bc:11:ad:16:ee:6d:28:4c:ea:77:26:92:52:
                    06:9e:e4:0c:82:cf:93:8a:6f:f5:86:cf:f0:4f:52:
                    a2:d9:2c:2d:d4:65:14:fd:4f:68:5d:45:25:ce:32:
                    97:48:5e:1a:40:d7:3c:71:bf:37:44:06:a1:69:c4:
                    cc:88:91:df:f1:1a:3b:54:a9:8a:26:92:ab:93:f4:
                    70:f7:1d:95:e0:84:32:1c:c1:bf:0c:25:41:25:fe:
                    b9:e0:c4:d4:e4:f2:60:02:63:45:00:76:48:4f:42:
                    81:1b:54:c5:14:89:27:3d:45:02:55:fb:4e:df:fe:
                    c9:9a:7c:f4:8a:73:32:dd:74:8d:d9:22:2f:fd:18:
                    63:a4:48:f9:43:e6:5a:25:44:7c:f4:4a:f7:44:82:
                    87:cd:ee:de:e1:89:b4:3b:b3:25:35:51:07:fe:2b:
                    8d:e4:71:ce:bc:8e:b7:3a:7f:c3:4d:23:2a:8b:07:
                    4a:6e:a9:da:c7:b9:0d:d4:89:84:73:59:2b:63:5f:
                    ce:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:B0:67:3D:54:A3:CC:EE:02:D9:39:71:0C:4B:21:36:06:DD:01:AE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5906168-6c33-4fc8-9f36-f065815f1ed4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.157.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5e:cb:61:a0:f5:fa:45:9e:d2:d8:be:17:db:f6:d5:4b:61:f6:
         cb:62:ec:6f:98:a1:ec:c3:ba:4a:f2:c8:a0:90:d7:cc:2f:40:
         b6:48:24:2a:3d:60:6f:22:38:76:4f:e0:7e:84:97:81:9e:7a:
         15:5e:70:3f:a1:03:70:01:ce:95:0c:d7:ab:3d:63:79:21:dc:
         3d:e6:a6:87:a4:9b:4c:3b:7f:e4:e1:ce:8d:45:b6:64:83:53:
         f2:f9:12:19:b6:6c:a6:40:21:22:fb:2d:0d:00:c4:2d:b0:2a:
         f7:42:9c:e0:c7:c7:61:0b:38:be:b5:c1:3b:63:5c:a4:10:21:
         9e:b3:3d:dd:b6:63:a3:e2:69:0e:98:af:a8:69:9e:2e:0a:9f:
         35:45:43:09:ad:14:c7:c8:99:80:80:84:b6:08:c9:a1:1e:ab:
         44:6a:46:79:31:56:00:f5:6e:dc:5d:ff:58:55:60:99:fe:33:
         97:33:7a:06:1d:37:95:44:9d:59:e0:6d:4f:a5:c0:0b:08:f8:
         5c:02:ec:58:e6:e0:5a:e9:7b:29:e6:88:57:ff:d4:65:30:90:
         d0:7e:14:14:a6:09:c8:6e:3d:97:a4:7d:2e:ce:f3:e8:3b:57:
         76:a9:fd:fe:88:04:6a:a2:e7:5b:99:34:f2:f5:a4:9c:fe:06:
         8d:03:d4:80
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITNK6pkqaCZMitSmC+L/u2+OM6NTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA5MTkxNTAyMTZaFw0yNTEwMjQyMzU5NTla
MHoxSTBHBgNVBAUTQDY1ODFhMWQxMTg1ZDgwN2NiMWZmMjFjMTNkMmYzMWM2ZGE2
NmJjZTY5NDljZmVmYmQ1YzdmNjczYmE4NzI4NzExLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN21MbxDzyHnIrl4vXbHxE6s3IF4B8yPtKSWf+U59vWg/Ekc
p53CwGnwPNlKwdHOOQzYjg/CFp3NSLmGZQK8Ea0W7m0oTOp3JpJSBp7kDILPk4pv
9YbP8E9SotksLdRlFP1PaF1FJc4yl0heGkDXPHG/N0QGoWnEzIiR3/EaO1SpiiaS
q5P0cPcdleCEMhzBvwwlQSX+ueDE1OTyYAJjRQB2SE9CgRtUxRSJJz1FAlX7Tt/+
yZp89IpzMt10jdkiL/0YY6RI+UPmWiVEfPRK90SCh83u3uGJtDuzJTVRB/4rjeRx
zryOtzp/w00jKosHSm6p2se5DdSJhHNZK2Nfzs8CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTdsGc9VKPM7gLZOXEMSyE2Bt0BrjAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvYjU5MDYxNjgtNmMzMy00ZmM4LTlmMzYtZjA2NTgxNWYxZWQ0LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBTadYDANBgkqhkiG9w0BAQsFAAOCAQEAXsthoPX6RZ7S2L4X2/bVS2H2y2Ls
b5ih7MO6SvLIoJDXzC9AtkgkKj1gbyI4dk/gfoSXgZ56FV5wP6EDcAHOlQzXqz1j
eSHcPeamh6SbTDt/5OHOjUW2ZINT8vkSGbZspkAhIvstDQDELbAq90Kc4MfHYQs4
vrXBO2NcpBAhnrM93bZjo+JpDpivqGmeLgqfNUVDCa0Ux8iZgICEtgjJoR6rRGpG
eTFWAPVu3F3/WFVgmf4zlzN6Bh03lUSdWeBtT6XACwj4XALsWObgWul7KeaIV//U
ZTCQ0H4UFKYJyG49l6R9Ls7z6DtXdqn9/ogEaqLnW5k08vWknP4GjQPUgA==
-----END CERTIFICATE-----