Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa88505d-f931-400f-80fb-f3525fadfa37.roa
File:                     fa88505d-f931-400f-80fb-f3525fadfa37.roa (raw, json)
Hash identifier:          qeOeRMmqUcFTUOUP2UcuRvvFtohBd1Bo3xRdR1+dppY=
Subject key identifier:   E9:29:94:25:3F:61:AC:D9:E3:D1:47:9B:23:ED:D5:4C:DA:1C:59:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0DFCAE788D9EA57A7F81D635786DC68ACC72F2CF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa88505d-f931-400f-80fb-f3525fadfa37.roa
Signing time:             Mon 15 Sep 2025 17:10:57 +0000
ROA not before:           Mon 15 Sep 2025 17:10:57 +0000
ROA not after:            Mon 20 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.166.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:fc:ae:78:8d:9e:a5:7a:7f:81:d6:35:78:6d:c6:8a:cc:72:f2:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 15 17:10:57 2025 GMT
            Not After : Oct 20 23:59:59 2025 GMT
        Subject: serialNumber=a0ab0646cf9e5d6584c7ee041e6a70ba46c394d420710b0f906e6de1397596ee, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5a:6e:6c:ae:14:a6:d8:8e:43:cb:97:0f:ae:
                    01:1f:f0:37:3a:a6:10:05:12:26:2f:2c:ad:f0:a1:
                    bf:44:29:ce:fa:e6:3f:e0:59:38:2d:a6:ad:45:92:
                    00:22:72:db:4e:33:67:90:9a:fa:d5:52:ad:8a:da:
                    a8:7d:c1:38:5c:02:20:40:fa:2f:19:a5:d2:76:1c:
                    cb:97:df:d5:c0:bd:85:5a:fd:85:47:84:d4:20:66:
                    b0:e8:87:be:fe:53:62:8d:ca:42:50:9a:3a:c3:3c:
                    70:e7:60:6a:c8:18:71:8c:ed:84:0b:f8:a3:37:56:
                    8e:82:0f:db:d4:ea:90:cb:83:bf:d9:3d:a3:0d:b8:
                    1d:29:e4:8a:e9:08:fd:bb:98:22:e7:33:10:c3:51:
                    b4:26:d5:1e:a1:c2:08:69:e3:85:90:66:85:8b:de:
                    67:2f:d7:3f:2a:ca:bb:14:7d:2d:25:53:23:5c:88:
                    e3:37:83:e1:a1:8c:dc:4e:e2:cc:d9:eb:ce:50:04:
                    cf:89:43:5d:0f:5d:ce:1e:81:c4:78:83:47:b8:84:
                    1e:52:27:1a:44:25:6d:30:d1:3b:52:78:22:7b:fc:
                    ae:93:32:2a:d6:57:ab:c5:2c:40:21:e6:be:94:28:
                    1c:ec:00:fc:56:cd:ad:4b:17:e1:5e:99:7a:78:c7:
                    65:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:29:94:25:3F:61:AC:D9:E3:D1:47:9B:23:ED:D5:4C:DA:1C:59:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa88505d-f931-400f-80fb-f3525fadfa37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.166.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         55:71:b1:83:21:27:fa:1a:6f:ba:08:95:66:c6:2e:15:62:21:
         aa:4b:ac:44:4e:c1:b8:7b:a2:d8:18:95:79:19:b6:05:96:c5:
         d7:0f:b6:ae:71:2b:bb:b8:e1:e6:17:b3:42:8a:29:19:a1:c8:
         f2:1a:e6:41:34:97:b1:d9:21:58:96:1c:6d:6b:8e:94:e5:a5:
         8b:20:85:91:28:c1:d8:dd:7b:43:02:07:fc:a9:de:20:78:b1:
         0c:8e:81:0e:23:c7:36:57:e3:24:a5:14:52:aa:82:f9:a4:a4:
         3a:04:1e:20:95:35:9d:f8:8a:59:d0:c9:67:b4:cf:a5:0a:0c:
         5b:fc:f8:22:f5:de:13:9a:db:4e:2f:65:e7:2b:e4:db:18:05:
         b9:5e:2e:f1:73:57:e5:34:6f:d7:cc:ad:9f:d7:61:40:e9:c9:
         00:fb:16:92:d5:90:f7:49:6f:ca:b8:d6:61:2b:ce:dd:28:64:
         7f:d9:f5:0f:cf:d4:77:0e:ab:81:da:44:bb:10:f6:23:7b:82:
         9d:53:0a:cf:1f:0c:44:9a:b4:39:70:1a:34:0f:6d:7d:d1:30:
         df:d2:f8:8b:56:8f:e6:38:7d:be:be:80:2a:7a:16:e8:49:0d:
         d2:5c:32:f1:7e:7b:40:17:b1:76:3f:97:16:5c:a1:c8:46:21:
         30:c9:5c:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDfyueI2epXp/gdY1eG3Gisxy8s8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE1MTcxMDU3WhcNMjUxMDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMGFiMDY0NmNmOWU1ZDY1ODRjN2VlMDQxZTZhNzBiYTQ2
YzM5NGQ0MjA3MTBiMGY5MDZlNmRlMTM5NzU5NmVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0Wm5srhSm2I5Dy5cPrgEf8Dc6phAFEiYvLK3wob9EKc76
5j/gWTgtpq1FkgAicttOM2eQmvrVUq2K2qh9wThcAiBA+i8ZpdJ2HMuX39XAvYVa
/YVHhNQgZrDoh77+U2KNykJQmjrDPHDnYGrIGHGM7YQL+KM3Vo6CD9vU6pDLg7/Z
PaMNuB0p5IrpCP27mCLnMxDDUbQm1R6hwghp44WQZoWL3mcv1z8qyrsUfS0lUyNc
iOM3g+GhjNxO4szZ685QBM+JQ10PXc4egcR4g0e4hB5SJxpEJW0w0TtSeCJ7/K6T
MirWV6vFLEAh5r6UKBzsAPxWza1LF+FemXp4x2UnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6SmUJT9hrNnj0UebI+3VTNocWXEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhODg1MDVkLWY5MzEtNDAwZi04MGZiLWYzNTI1ZmFkZmEzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2pgAwDQYJKoZIhvcNAQELBQADggEBAFVxsYMhJ/oab7oIlWbGLhViIapL
rEROwbh7otgYlXkZtgWWxdcPtq5xK7u44eYXs0KKKRmhyPIa5kE0l7HZIViWHG1r
jpTlpYsghZEowdjde0MCB/yp3iB4sQyOgQ4jxzZX4ySlFFKqgvmkpDoEHiCVNZ34
ilnQyWe0z6UKDFv8+CL13hOa204vZecr5NsYBbleLvFzV+U0b9fMrZ/XYUDpyQD7
FpLVkPdJb8q41mErzt0oZH/Z9Q/P1HcOq4HaRLsQ9iN7gp1TCs8fDESatDlwGjQP
bX3RMN/S+ItWj+Y4fb6+gCp6FuhJDdJcMvF+e0AXsXY/lxZcochGITDJXCc=
-----END CERTIFICATE-----