Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dfc39e26-d4ee-4af7-a4bd-0973c97eed8b.roa
File:                     dfc39e26-d4ee-4af7-a4bd-0973c97eed8b.roa (raw, json)
Hash identifier:          XQMi0NKfrfDuAmpPrlUBgE4CACMDKcFnUNCWLKeRjBo=
Subject key identifier:   23:95:BD:4B:67:5B:46:D6:78:AB:F8:AE:04:86:1D:5D:B1:81:67:E1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       035F506408C45B3996A70906FFC050EC2A188401
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dfc39e26-d4ee-4af7-a4bd-0973c97eed8b.roa
Signing time:             Fri 26 Sep 2025 16:50:18 +0000
ROA not before:           Fri 26 Sep 2025 16:50:18 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.119.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:5f:50:64:08:c4:5b:39:96:a7:09:06:ff:c0:50:ec:2a:18:84:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:50:18 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=47a662644fedf54aa33bc666a1eeaf5b681f51cf6b37f66e56948086ccb9ff10, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7b:9f:b9:fa:78:b7:31:08:fb:0c:a7:a7:07:
                    07:c1:36:31:96:02:cd:90:bc:b1:7a:30:2b:7c:c4:
                    6f:eb:f7:ea:d6:20:fb:73:f0:7a:eb:34:d8:8f:0a:
                    47:04:b1:0e:3f:6e:a6:03:95:79:5e:a1:ec:0a:30:
                    1b:21:20:69:70:19:8c:fa:0e:d2:06:f7:1c:83:89:
                    c5:6d:2e:b3:fd:78:47:fe:c1:f4:a5:2c:d1:1a:31:
                    b1:b1:1a:7e:57:17:ed:67:c0:a7:07:da:c8:87:92:
                    e2:51:e6:36:50:2d:91:59:fa:31:bc:84:4c:d3:08:
                    45:eb:2f:f8:4c:4f:95:6d:b8:7b:16:f5:2a:e2:cb:
                    52:84:81:49:fe:fa:1d:37:87:28:6b:b6:e1:a0:2e:
                    d4:65:6c:18:16:4d:a9:8a:1c:2b:bd:cb:32:25:84:
                    31:09:54:21:ff:17:0c:77:04:55:11:8f:13:a1:5e:
                    92:f9:ae:fd:d4:ed:20:4a:8a:d2:c6:8a:d3:05:41:
                    56:49:c5:e8:e8:9b:f0:d1:59:95:55:33:96:9f:47:
                    38:fa:10:a6:bb:57:a6:c1:ad:98:13:9c:19:31:93:
                    c6:73:08:18:e8:ca:a8:e3:37:9a:46:6f:ea:5d:99:
                    d6:13:2d:dc:3a:34:90:c4:92:11:a7:e7:ec:6c:7d:
                    72:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:95:BD:4B:67:5B:46:D6:78:AB:F8:AE:04:86:1D:5D:B1:81:67:E1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dfc39e26-d4ee-4af7-a4bd-0973c97eed8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9e:0d:fb:6c:7c:dc:d6:31:eb:6a:6e:70:8c:54:92:3c:f7:99:
         be:35:a1:6c:a1:b8:18:22:c2:fb:e0:de:ad:04:07:36:32:72:
         47:3d:0b:74:6b:07:30:44:3f:04:50:71:70:a9:8e:db:f4:76:
         de:7d:57:1e:49:8e:d8:2f:26:c3:f5:78:93:d7:c5:a2:67:27:
         6b:5e:ae:31:38:bd:2c:ee:79:7e:25:e1:76:3c:48:27:a4:80:
         ea:a5:8e:f2:34:7c:ae:2e:68:bb:80:28:25:dc:b4:24:99:97:
         28:59:7e:70:db:cf:14:7c:4b:5b:b0:1f:6b:40:3e:d5:51:3b:
         f0:40:a2:25:2d:2b:1c:d5:a3:32:b7:9c:33:99:eb:6d:9f:b3:
         06:1b:2d:41:35:0d:bb:3d:a1:46:42:46:0b:b8:ed:f3:38:31:
         7a:cf:09:90:d6:08:7d:97:a6:32:e6:15:1a:2f:b4:7c:cd:87:
         52:40:0e:15:ea:34:ce:35:c0:0a:7e:67:0d:54:39:14:6a:cd:
         4b:71:70:a8:ad:bd:40:e4:a8:7b:e1:11:f3:bb:99:01:f9:29:
         3c:22:15:3f:9b:b2:13:eb:35:c7:bf:da:9f:e8:7d:06:32:55:
         dc:33:f1:a8:29:06:b7:53:49:e1:04:38:de:e8:c4:f4:fb:19:
         31:45:12:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA19QZAjEWzmWpwkG/8BQ7CoYhAEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTY1MDE4WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0N2E2NjI2NDRmZWRmNTRhYTMzYmM2NjZhMWVlYWY1YjY4
MWY1MWNmNmIzN2Y2NmU1Njk0ODA4NmNjYjlmZjEwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChe5+5+ni3MQj7DKenBwfBNjGWAs2QvLF6MCt8xG/r9+rW
IPtz8HrrNNiPCkcEsQ4/bqYDlXleoewKMBshIGlwGYz6DtIG9xyDicVtLrP9eEf+
wfSlLNEaMbGxGn5XF+1nwKcH2siHkuJR5jZQLZFZ+jG8hEzTCEXrL/hMT5VtuHsW
9Sriy1KEgUn++h03hyhrtuGgLtRlbBgWTamKHCu9yzIlhDEJVCH/Fwx3BFURjxOh
XpL5rv3U7SBKitLGitMFQVZJxejom/DRWZVVM5afRzj6EKa7V6bBrZgTnBkxk8Zz
CBjoyqjjN5pGb+pdmdYTLdw6NJDEkhGn5+xsfXKbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUI5W9S2dbRtZ4q/iuBIYdXbGBZ+EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RmYzM5ZTI2LWQ0ZWUtNGFmNy1hNGJkLTA5NzNjOTdlZWQ4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM0d+gwDQYJKoZIhvcNAQELBQADggEBAJ4N+2x83NYx62pucIxUkjz3mb41
oWyhuBgiwvvg3q0EBzYyckc9C3RrBzBEPwRQcXCpjtv0dt59Vx5JjtgvJsP1eJPX
xaJnJ2terjE4vSzueX4l4XY8SCekgOqljvI0fK4uaLuAKCXctCSZlyhZfnDbzxR8
S1uwH2tAPtVRO/BAoiUtKxzVozK3nDOZ622fswYbLUE1Dbs9oUZCRgu47fM4MXrP
CZDWCH2XpjLmFRovtHzNh1JADhXqNM41wAp+Zw1UORRqzUtxcKitvUDkqHvhEfO7
mQH5KTwiFT+bshPrNce/2p/ofQYyVdwz8agpBrdTSeEEON7oxPT7GTFFEvk=
-----END CERTIFICATE-----