Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08a5f40f-78ab-488f-ade7-8d355327093b.roa
File:                     08a5f40f-78ab-488f-ade7-8d355327093b.roa (raw, json)
Hash identifier:          vL3D3I3fIMrgk4y+CnJU8Ya8EQ2/zl7Kd2WAV1CHAXw=
Subject key identifier:   9A:11:4E:09:23:3D:88:BE:11:AB:48:CF:08:2D:4B:4B:0C:73:1A:9B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0477ED33A7103BE0F355B60D88E005B4264D07BF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08a5f40f-78ab-488f-ade7-8d355327093b.roa
Signing time:             Wed 15 Oct 2025 23:49:59 +0000
ROA not before:           Wed 15 Oct 2025 23:49:59 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        144.220.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:77:ed:33:a7:10:3b:e0:f3:55:b6:0d:88:e0:05:b4:26:4d:07:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 23:49:59 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=fe9fd838eed2a75abcd7e3f7c2bca61f66aba8f298fa5b1f3d9132673314704a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:77:f8:02:a6:02:18:83:fe:25:ce:9f:40:32:
                    c3:cc:d4:e0:33:23:ea:1f:24:83:d2:02:3b:9f:e1:
                    cd:c2:7f:62:43:85:ef:3f:5b:3a:d0:3c:94:4e:57:
                    45:d3:26:c0:51:0f:6b:2f:15:95:df:38:1d:d4:e4:
                    b1:ef:3a:f1:f9:65:86:9d:3c:ad:59:37:41:a4:57:
                    6f:87:ef:68:9a:ef:70:5f:50:8e:4a:93:6d:3c:d3:
                    eb:5b:47:b4:72:d5:8d:fd:bb:08:4e:66:aa:b8:03:
                    7d:86:4f:95:64:20:f0:d6:ca:7b:0f:8f:03:1d:ee:
                    05:31:b9:61:44:c1:5e:0e:1e:d6:b4:cd:1b:d3:2d:
                    9d:19:a7:6d:bf:91:62:c3:e7:d6:0e:8f:f5:ff:6d:
                    63:6a:c2:75:56:fa:18:a1:19:df:5e:15:94:47:60:
                    59:2c:0c:80:c1:d4:5b:35:ef:4c:f8:5f:5b:73:87:
                    ce:83:2f:42:46:be:d6:2f:a3:20:04:2e:27:b0:16:
                    7f:af:53:d6:5a:4f:f4:7a:5c:6e:62:da:9c:d4:a9:
                    4c:d3:1b:83:fa:f3:b5:3d:30:0a:0c:4f:68:8c:b5:
                    5e:4a:77:19:16:1c:11:23:9e:cb:0a:6e:ee:a0:12:
                    8d:1c:ce:1c:b9:63:2c:20:b0:90:42:74:bc:25:b3:
                    9a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:11:4E:09:23:3D:88:BE:11:AB:48:CF:08:2D:4B:4B:0C:73:1A:9B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08a5f40f-78ab-488f-ade7-8d355327093b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.220.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a3:3a:cc:a6:9e:a1:17:0d:5c:95:7a:a0:d7:bc:3f:38:77:
         76:92:15:2f:d8:de:f0:da:3d:a2:54:98:e8:48:ee:c5:3c:d0:
         9f:61:b2:ca:c0:6d:94:81:4f:f1:0d:7b:3b:54:12:50:f4:1a:
         f5:80:1f:ed:a4:53:10:b6:89:c1:cb:2d:93:5c:8f:f2:3e:4d:
         ea:df:e2:77:b9:19:b6:24:ec:40:26:84:c5:91:5e:c8:3f:80:
         4a:93:38:61:db:54:a6:95:ce:9f:82:5f:ad:1e:8b:12:55:39:
         88:32:c4:ae:a7:b5:ac:da:46:fc:46:84:a8:dc:80:6f:26:91:
         ae:4e:aa:f4:ea:3e:df:55:24:00:40:b7:fe:97:25:3f:14:0c:
         e8:ac:4e:d8:ca:8c:90:8b:ae:b1:19:4a:e7:92:83:5b:9e:13:
         1b:53:75:6c:a3:12:80:b1:34:ea:f8:7d:a0:f0:a7:0d:7a:a3:
         20:63:d0:2e:86:66:b5:09:30:f8:6e:63:e0:fb:56:c9:48:fa:
         57:bf:81:e0:6e:1f:81:b7:11:30:6c:88:cc:7a:07:fb:f0:02:
         7f:8d:8e:d6:84:92:67:03:43:d2:87:17:56:5e:db:a9:9b:20:
         9d:0e:9d:e0:40:7c:3c:41:55:0b:8d:95:26:be:1f:f6:86:e1:
         43:73:95:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBHftM6cQO+DzVbYNiOAFtCZNB78wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MjM0OTU5WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZTlmZDgzOGVlZDJhNzVhYmNkN2UzZjdjMmJjYTYxZjY2
YWJhOGYyOThmYTViMWYzZDkxMzI2NzMzMTQ3MDRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsd/gCpgIYg/4lzp9AMsPM1OAzI+ofJIPSAjuf4c3Cf2JD
he8/WzrQPJROV0XTJsBRD2svFZXfOB3U5LHvOvH5ZYadPK1ZN0GkV2+H72ia73Bf
UI5Kk2080+tbR7Ry1Y39uwhOZqq4A32GT5VkIPDWynsPjwMd7gUxuWFEwV4OHta0
zRvTLZ0Zp22/kWLD59YOj/X/bWNqwnVW+hihGd9eFZRHYFksDIDB1Fs170z4X1tz
h86DL0JGvtYvoyAELiewFn+vU9ZaT/R6XG5i2pzUqUzTG4P687U9MAoMT2iMtV5K
dxkWHBEjnssKbu6gEo0czhy5YywgsJBCdLwls5p/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmhFOCSM9iL4Rq0jPCC1LSwxzGpswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA4YTVmNDBmLTc4YWItNDg4Zi1hZGU3LThkMzU1MzI3MDkzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACQ3H0wDQYJKoZIhvcNAQELBQADggEBAFmjOsymnqEXDVyVeqDXvD84d3aS
FS/Y3vDaPaJUmOhI7sU80J9hssrAbZSBT/ENeztUElD0GvWAH+2kUxC2icHLLZNc
j/I+Terf4ne5GbYk7EAmhMWRXsg/gEqTOGHbVKaVzp+CX60eixJVOYgyxK6ntaza
RvxGhKjcgG8mka5OqvTqPt9VJABAt/6XJT8UDOisTtjKjJCLrrEZSueSg1ueExtT
dWyjEoCxNOr4faDwpw16oyBj0C6GZrUJMPhuY+D7VslI+le/geBuH4G3ETBsiMx6
B/vwAn+NjtaEkmcDQ9KHF1Ze26mbIJ0OneBAfDxBVQuNlSa+H/aG4UNzlYc=
-----END CERTIFICATE-----