Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/071bfc3f-7852-4f76-88e4-3a7522ae131f.roa
File:                     071bfc3f-7852-4f76-88e4-3a7522ae131f.roa (raw, json)
Hash identifier:          v0yOugUJCUwJ1rniTT3cSxfQq4eD/L5OYYNOf67dW/M=
Subject key identifier:   66:9E:69:64:04:B7:6C:AD:F7:20:AC:7D:F3:FB:32:86:39:B5:DD:24
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       26F290D54FCD6628DC34D5A83121D35748CEADD0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/071bfc3f-7852-4f76-88e4-3a7522ae131f.roa
Signing time:             Fri 19 Sep 2025 02:07:37 +0000
ROA not before:           Fri 19 Sep 2025 02:07:37 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.192.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:f2:90:d5:4f:cd:66:28:dc:34:d5:a8:31:21:d3:57:48:ce:ad:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 02:07:37 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=5d5c5ff74c10f627ade3be172280692f1470765e2a84d5a91460c65a307fdcc5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a9:39:39:65:9d:fa:75:2b:29:dd:31:1f:0d:
                    03:74:89:83:4f:12:32:79:a2:fa:f6:0e:2e:a1:29:
                    18:02:21:7b:89:b5:c7:67:7b:0c:87:7d:c7:ed:6c:
                    2e:8c:60:91:7d:af:b0:7a:fc:b2:31:b8:9f:34:7c:
                    6e:81:53:5d:4d:37:31:1a:69:b3:ef:13:48:14:22:
                    fa:7c:47:f9:8a:63:88:5b:24:bf:c1:36:38:8e:9d:
                    8d:2f:47:11:a1:8d:61:95:7e:28:92:99:a3:c2:63:
                    1b:22:29:81:e8:e3:94:40:c8:a9:19:be:21:c3:37:
                    dd:ef:da:be:a3:c3:ea:91:63:f7:b4:a1:0c:c2:1c:
                    9a:5f:40:12:19:2c:ab:18:58:91:ed:a2:bb:da:40:
                    63:fc:33:fb:66:d5:7e:a7:ac:a5:91:13:6a:d2:10:
                    ed:fb:16:19:ad:5a:f2:31:ee:50:19:31:bb:c6:d7:
                    36:3a:80:38:9c:83:ac:62:0b:a9:26:22:55:6d:51:
                    a8:14:53:27:ae:3d:e9:e1:93:d3:27:05:1f:33:2c:
                    84:5e:49:f9:c0:c9:63:45:6c:51:2e:98:65:a9:fa:
                    9c:0c:31:22:51:62:b8:78:fa:21:fe:56:ac:b6:53:
                    f9:44:a8:50:cb:e7:3d:21:7c:59:63:b9:60:43:6e:
                    93:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:9E:69:64:04:B7:6C:AD:F7:20:AC:7D:F3:FB:32:86:39:B5:DD:24
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/071bfc3f-7852-4f76-88e4-3a7522ae131f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.192.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:55:6e:a0:3e:ca:2c:ef:ed:26:ec:f5:5e:cd:1e:d9:8a:a9:
         6f:85:b2:21:a0:8a:c0:31:70:28:9b:79:ac:76:21:75:d9:fe:
         7b:00:44:80:2f:d1:d6:53:29:e8:e7:50:50:f4:09:ff:dc:0c:
         62:8a:00:de:eb:95:39:86:41:28:bb:c9:97:e8:c1:ed:0e:62:
         3e:7d:25:e4:17:03:8f:fc:8a:9a:38:77:8d:13:14:96:95:35:
         4e:65:52:67:ae:4d:a7:3b:cb:91:e3:30:73:c7:5d:43:d5:a1:
         20:9c:22:11:ab:d4:ac:22:36:8b:98:93:d7:84:70:d6:eb:06:
         67:35:4c:0d:c4:c7:23:7b:2e:c4:5e:db:7c:16:05:37:90:17:
         a8:48:7d:58:3f:f0:67:7c:5f:3a:a9:0d:de:08:f8:47:90:5b:
         67:69:ed:d3:c0:4c:29:22:af:7f:d5:8b:46:e3:86:4a:5b:81:
         69:7d:bc:e1:90:d3:f2:8f:6e:a6:ce:68:dc:06:3c:34:27:0a:
         60:9b:2e:e6:c5:aa:eb:a4:80:0b:1c:98:cb:8f:3b:66:7e:46:
         bf:44:c8:38:08:dd:e2:bf:13:c6:11:2f:4b:65:28:0c:07:b6:
         f2:34:d2:a4:d9:1d:4f:f6:98:46:b4:9e:37:58:9d:0f:72:00:
         da:cd:d3:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJvKQ1U/NZijcNNWoMSHTV0jOrdAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE5MDIwNzM3WhcNMjUxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDVjNWZmNzRjMTBmNjI3YWRlM2JlMTcyMjgwNjkyZjE0
NzA3NjVlMmE4NGQ1YTkxNDYwYzY1YTMwN2ZkY2M1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxqTk5ZZ36dSsp3TEfDQN0iYNPEjJ5ovr2Di6hKRgCIXuJ
tcdnewyHfcftbC6MYJF9r7B6/LIxuJ80fG6BU11NNzEaabPvE0gUIvp8R/mKY4hb
JL/BNjiOnY0vRxGhjWGVfiiSmaPCYxsiKYHo45RAyKkZviHDN93v2r6jw+qRY/e0
oQzCHJpfQBIZLKsYWJHtorvaQGP8M/tm1X6nrKWRE2rSEO37FhmtWvIx7lAZMbvG
1zY6gDicg6xiC6kmIlVtUagUUyeuPenhk9MnBR8zLIReSfnAyWNFbFEumGWp+pwM
MSJRYrh4+iH+Vqy2U/lEqFDL5z0hfFljuWBDbpN9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZp5pZAS3bK33IKx98/syhjm13SQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3MWJmYzNmLTc4NTItNGY3Ni04OGU0LTNhNzUyMmFlMTMxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2wHwwDQYJKoZIhvcNAQELBQADggEBALJVbqA+yizv7Sbs9V7NHtmKqW+F
siGgisAxcCibeax2IXXZ/nsARIAv0dZTKejnUFD0Cf/cDGKKAN7rlTmGQSi7yZfo
we0OYj59JeQXA4/8ipo4d40TFJaVNU5lUmeuTac7y5HjMHPHXUPVoSCcIhGr1Kwi
NouYk9eEcNbrBmc1TA3ExyN7LsRe23wWBTeQF6hIfVg/8Gd8XzqpDd4I+EeQW2dp
7dPATCkir3/Vi0bjhkpbgWl9vOGQ0/KPbqbOaNwGPDQnCmCbLubFquukgAscmMuP
O2Z+Rr9EyDgI3eK/E8YRL0tlKAwHtvI00qTZHU/2mEa0njdYnQ9yANrN01o=
-----END CERTIFICATE-----