Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/06ada3e1-d9c4-414b-9112-eef1f0cb6707.roa
File:                     06ada3e1-d9c4-414b-9112-eef1f0cb6707.roa (raw, json)
Hash identifier:          s3CI2HDUCrtLZtMOleJyEgzYCdRvy6keJxH49NMxdqQ=
Subject key identifier:   62:F0:2F:60:01:A5:EF:EA:CE:A0:14:97:8D:88:85:76:03:17:9F:F1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3283F119B9F0A2B89F20CCE6F4114F981F1DD298
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/06ada3e1-d9c4-414b-9112-eef1f0cb6707.roa
Signing time:             Sat 11 Oct 2025 01:02:51 +0000
ROA not before:           Sat 11 Oct 2025 01:02:51 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.47.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:83:f1:19:b9:f0:a2:b8:9f:20:cc:e6:f4:11:4f:98:1f:1d:d2:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 11 01:02:51 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=a7f54ba9b085737d0f9f55a66b3f8108ec5197845ea93c46ee40ff6935a5d1fe, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e0:a0:10:01:41:03:38:34:9b:a0:1e:f6:6a:
                    f6:51:30:3c:2a:96:67:99:2b:5f:49:f5:dd:51:7d:
                    ec:26:00:1b:59:70:f7:4d:d2:01:b3:d2:a4:bf:c3:
                    f0:fe:d0:79:9e:15:6c:af:b8:2f:f7:b9:0b:b3:ae:
                    4c:8b:26:99:35:5a:b9:55:15:99:eb:4d:06:37:24:
                    81:89:e1:5f:c1:63:09:1b:20:cf:e0:c6:11:26:0d:
                    e0:70:23:66:0f:d3:e2:c0:61:66:20:2b:9a:51:43:
                    12:f7:8e:9f:7d:97:47:ec:5c:31:17:9f:64:ce:4c:
                    91:dd:7c:f5:a6:00:26:0d:dc:93:e6:58:e6:02:89:
                    a3:86:fb:7c:8b:b2:1e:52:1b:2b:4d:83:4c:85:c1:
                    9c:06:70:3b:c8:63:d4:48:5a:47:ad:a5:77:d5:9c:
                    56:0a:7a:d4:8d:11:54:20:3e:9f:e5:2d:ac:c1:b1:
                    cf:58:bb:18:e9:3e:51:be:ce:d6:64:e1:b8:72:8f:
                    b6:e6:c8:19:12:1c:29:28:60:b2:e0:11:96:a0:64:
                    ac:b7:d5:cd:dc:cf:fe:8c:a7:7c:f1:8b:e4:75:74:
                    a4:08:ed:e9:69:cd:0d:d6:6c:f2:01:d5:4f:a3:57:
                    f7:21:29:9a:25:59:b5:07:1f:d3:0a:4e:c4:1f:fd:
                    9f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F0:2F:60:01:A5:EF:EA:CE:A0:14:97:8D:88:85:76:03:17:9F:F1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/06ada3e1-d9c4-414b-9112-eef1f0cb6707.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.47.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         38:f2:e6:c0:04:1f:ce:24:8e:9c:eb:f6:3f:00:ff:a6:ff:e7:
         15:26:08:be:1c:7d:4a:95:ee:49:25:58:5a:e4:2b:87:55:ca:
         8f:da:5b:1d:b4:86:ae:e9:f5:98:55:49:2c:3e:49:06:ad:31:
         78:be:50:24:1f:bd:36:89:28:1b:1a:82:cf:73:7c:20:43:bc:
         38:cd:49:48:05:5e:73:c1:46:d6:c0:45:a6:cf:a0:86:f0:4f:
         75:d5:9e:61:57:9c:5d:26:50:4f:73:67:fe:0f:53:a1:5b:95:
         eb:f1:23:8f:9b:a4:82:a4:aa:43:87:cb:47:0d:74:1c:20:b0:
         a6:0c:bb:b0:73:d1:81:e9:ec:7e:94:0d:fe:dd:a7:27:59:ed:
         db:fa:ea:26:85:8e:a6:50:e9:d4:1e:9c:c0:a5:03:64:14:e5:
         61:45:be:c7:fa:ff:2d:2c:bc:33:fc:ba:4d:c4:b0:43:7d:51:
         59:8b:cc:0f:3e:e2:f1:ce:4f:b9:cd:1a:d5:20:4a:7e:77:d2:
         b8:38:8a:81:fa:c0:b9:b2:0a:7b:3c:a7:54:ac:1b:21:b6:2c:
         bf:9a:84:70:ae:07:cf:2d:36:45:a0:67:0d:85:09:74:b4:59:
         67:2c:86:34:83:df:6b:5b:80:14:47:72:37:94:9d:ab:ae:bd:
         da:c8:f7:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMoPxGbnworifIMzm9BFPmB8d0pgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDExMDEwMjUxWhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhN2Y1NGJhOWIwODU3MzdkMGY5ZjU1YTY2YjNmODEwOGVj
NTE5Nzg0NWVhOTNjNDZlZTQwZmY2OTM1YTVkMWZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq4KAQAUEDODSboB72avZRMDwqlmeZK19J9d1RfewmABtZ
cPdN0gGz0qS/w/D+0HmeFWyvuC/3uQuzrkyLJpk1WrlVFZnrTQY3JIGJ4V/BYwkb
IM/gxhEmDeBwI2YP0+LAYWYgK5pRQxL3jp99l0fsXDEXn2TOTJHdfPWmACYN3JPm
WOYCiaOG+3yLsh5SGytNg0yFwZwGcDvIY9RIWketpXfVnFYKetSNEVQgPp/lLazB
sc9YuxjpPlG+ztZk4bhyj7bmyBkSHCkoYLLgEZagZKy31c3cz/6Mp3zxi+R1dKQI
7elpzQ3WbPIB1U+jV/chKZolWbUHH9MKTsQf/Z/tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYvAvYAGl7+rOoBSXjYiFdgMXn/EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA2YWRhM2UxLWQ5YzQtNDE0Yi05MTEyLWVlZjFmMGNiNjcwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc0L4AwDQYJKoZIhvcNAQELBQADggEBADjy5sAEH84kjpzr9j8A/6b/5xUm
CL4cfUqV7kklWFrkK4dVyo/aWx20hq7p9ZhVSSw+SQatMXi+UCQfvTaJKBsags9z
fCBDvDjNSUgFXnPBRtbARabPoIbwT3XVnmFXnF0mUE9zZ/4PU6FblevxI4+bpIKk
qkOHy0cNdBwgsKYMu7Bz0YHp7H6UDf7dpydZ7dv66iaFjqZQ6dQenMClA2QU5WFF
vsf6/y0svDP8uk3EsEN9UVmLzA8+4vHOT7nNGtUgSn530rg4ioH6wLmyCns8p1Ss
GyG2LL+ahHCuB88tNkWgZw2FCXS0WWcshjSD32tbgBRHcjeUnauuvdrI92c=
-----END CERTIFICATE-----