Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0343bdaa-e131-4136-b2f5-0014c17799d1.roa
File:                     0343bdaa-e131-4136-b2f5-0014c17799d1.roa (raw, json)
Hash identifier:          3nYIO4ThpfPeQZYtyno0+GL7p7LRBysURCfEvvaToI8=
Subject key identifier:   8B:73:E0:87:01:54:61:D6:03:99:23:BB:E9:59:E9:C5:07:7A:5B:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7DCB9234BB9B423D493040C3E368C358CEC2BBA8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0343bdaa-e131-4136-b2f5-0014c17799d1.roa
Signing time:             Fri 26 Sep 2025 02:45:14 +0000
ROA not before:           Fri 26 Sep 2025 02:45:14 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.154.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:cb:92:34:bb:9b:42:3d:49:30:40:c3:e3:68:c3:58:ce:c2:bb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 02:45:14 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=ddb6ebe07ce8c61dc431756491ab237aeff27404f6020815c67c3f413c9f468a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bd:1a:2e:30:98:ef:eb:d2:67:be:cf:3d:b2:
                    ff:fa:17:62:29:27:7c:f1:56:56:a5:e9:f6:6f:dc:
                    3a:e7:19:8a:e5:15:3a:8e:7d:d3:58:76:0a:6c:db:
                    31:27:eb:38:f7:d8:e9:67:48:d1:bd:be:b8:9e:f4:
                    87:e6:06:58:bd:03:28:df:39:11:94:ba:a5:0d:3d:
                    b9:19:c0:2f:4f:00:eb:b8:06:dc:42:65:78:e9:e3:
                    15:80:92:64:a1:a2:24:df:eb:5f:be:b3:9e:3e:e3:
                    2e:38:34:b1:89:45:6e:9f:96:50:b1:49:4f:ba:22:
                    1e:66:63:48:8a:4f:f0:2e:c7:17:21:39:c5:12:e9:
                    30:79:bb:ad:32:99:9b:1e:9a:63:ef:1f:bf:44:9b:
                    5b:43:94:21:c4:16:7a:a3:d6:d8:ca:3b:f5:7f:54:
                    28:b9:c6:94:85:35:c3:a4:0d:64:93:34:78:2c:90:
                    bf:a2:35:d8:aa:92:61:62:00:60:0a:b4:b7:01:bd:
                    4f:37:26:58:d1:38:61:39:1b:f8:83:e7:81:51:26:
                    74:de:97:6e:82:67:89:e3:4f:55:ee:28:7d:ca:52:
                    8d:d7:a4:26:22:33:0f:ff:ef:bf:8c:c6:4c:d9:04:
                    09:88:a7:e3:c9:2f:df:1b:4e:13:6f:48:85:e0:2c:
                    99:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:73:E0:87:01:54:61:D6:03:99:23:BB:E9:59:E9:C5:07:7A:5B:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0343bdaa-e131-4136-b2f5-0014c17799d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:53:80:ac:6b:8b:cb:8d:bd:10:c1:af:b7:01:05:f8:17:a1:
         bb:cd:af:21:49:ca:07:51:47:37:62:0c:3b:14:ce:ad:ea:e5:
         e0:4f:7b:2d:5b:fc:b4:65:4f:76:ca:0c:b9:bd:fe:12:3d:16:
         b3:96:20:c8:4c:9c:f1:1b:36:16:53:18:56:1f:8d:99:2c:97:
         45:ec:a2:21:95:cd:c9:4d:99:e8:b2:95:98:69:16:13:6c:7a:
         6b:c2:53:4e:96:2f:a2:f1:7c:36:f1:4f:72:e3:5d:f5:34:18:
         e7:54:64:76:ba:5d:99:13:e9:23:80:6b:f1:b7:fa:3f:03:b0:
         56:34:9f:37:96:ca:52:b3:4e:cd:d6:4e:68:7f:98:1d:02:83:
         62:b0:a6:71:07:fc:2b:86:e4:28:8c:b5:02:a8:ae:7e:c0:29:
         13:36:25:db:f8:a7:3c:7d:1c:8d:3e:29:98:c3:e0:b3:40:27:
         69:0c:12:80:41:77:d4:5a:27:25:57:70:a4:f3:14:af:0e:23:
         7a:2c:30:8f:92:21:46:bd:74:a1:9f:51:67:15:2d:10:6d:98:
         1a:40:af:70:ef:69:a4:32:77:72:a5:8c:a2:e9:e2:6b:65:7e:
         ef:a0:99:6c:60:6b:9b:56:66:01:3f:cd:47:55:1d:1a:1b:cc:
         b3:76:8b:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfcuSNLubQj1JMEDD42jDWM7Cu6gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDI0NTE0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGI2ZWJlMDdjZThjNjFkYzQzMTc1NjQ5MWFiMjM3YWVm
ZjI3NDA0ZjYwMjA4MTVjNjdjM2Y0MTNjOWY0NjhhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMvRouMJjv69Jnvs89sv/6F2IpJ3zxVlal6fZv3DrnGYrl
FTqOfdNYdgps2zEn6zj32OlnSNG9vrie9IfmBli9AyjfORGUuqUNPbkZwC9PAOu4
BtxCZXjp4xWAkmShoiTf61++s54+4y44NLGJRW6fllCxSU+6Ih5mY0iKT/Auxxch
OcUS6TB5u60ymZsemmPvH79Em1tDlCHEFnqj1tjKO/V/VCi5xpSFNcOkDWSTNHgs
kL+iNdiqkmFiAGAKtLcBvU83JljROGE5G/iD54FRJnTel26CZ4njT1XuKH3KUo3X
pCYiMw//77+MxkzZBAmIp+PJL98bThNvSIXgLJk7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi3PghwFUYdYDmSO76VnpxQd6W24wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAzNDNiZGFhLWUxMzEtNDEzNi1iMmY1LTAwMTRjMTc3OTlkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE25powDQYJKoZIhvcNAQELBQADggEBAKVTgKxri8uNvRDBr7cBBfgXobvN
ryFJygdRRzdiDDsUzq3q5eBPey1b/LRlT3bKDLm9/hI9FrOWIMhMnPEbNhZTGFYf
jZksl0XsoiGVzclNmeiylZhpFhNsemvCU06WL6LxfDbxT3LjXfU0GOdUZHa6XZkT
6SOAa/G3+j8DsFY0nzeWylKzTs3WTmh/mB0Cg2KwpnEH/CuG5CiMtQKorn7AKRM2
Jdv4pzx9HI0+KZjD4LNAJ2kMEoBBd9RaJyVXcKTzFK8OI3osMI+SIUa9dKGfUWcV
LRBtmBpAr3DvaaQyd3KljKLp4mtlfu+gmWxga5tWZgE/zUdVHRobzLN2i0I=
-----END CERTIFICATE-----