Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0d7ea487-1ac7-4afd-9e8a-75522455872b.roa
File:                     0d7ea487-1ac7-4afd-9e8a-75522455872b.roa (raw, json)
Hash identifier:          1ifITLIwA+ar9K2f1+5jAkAOXgO+sMdmP+cngDYi5bI=
Subject key identifier:   8D:BB:05:1E:5C:6D:AB:6C:68:20:1F:FC:40:49:B1:75:2D:2B:FC:A0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4ACBE62D43DB33AB10B44AC253CBDC121974CD02
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0d7ea487-1ac7-4afd-9e8a-75522455872b.roa
Signing time:             Tue 23 Sep 2025 00:06:38 +0000
ROA not before:           Tue 23 Sep 2025 00:06:38 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:cb:e6:2d:43:db:33:ab:10:b4:4a:c2:53:cb:dc:12:19:74:cd:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 00:06:38 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=569b913b4e2b85c30153c1bf4c05e9b2aaf382fc8ef6f459033149184f1cd92d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ce:10:70:bb:7e:f1:04:a9:b2:00:66:30:98:
                    ce:4c:c9:57:01:52:53:99:d2:61:d9:12:e8:02:85:
                    a7:61:82:1b:2b:30:47:eb:2b:41:c6:87:c8:8d:6e:
                    0d:84:22:84:c2:c0:20:64:5e:31:69:e1:aa:25:8f:
                    47:b4:19:2b:08:6f:46:08:80:a7:e0:e2:5f:5e:b8:
                    c2:c7:ba:49:43:92:43:9f:aa:f0:c2:4d:3c:b9:5f:
                    6a:77:ca:b0:8e:a4:1b:6c:a1:8e:f3:74:7e:f6:ff:
                    22:07:ea:da:de:a4:00:91:f8:fd:69:a7:ad:82:a0:
                    4e:99:3b:ea:f9:1a:e7:c0:ef:b4:3c:59:9b:4e:54:
                    9c:f8:97:2b:41:e1:cb:24:e0:35:1c:22:af:d5:51:
                    59:ea:14:3e:1b:2c:ca:bd:8d:7b:3f:f3:8e:31:be:
                    8f:c8:ef:7b:88:fa:fd:a4:01:e3:3c:46:3a:56:31:
                    bf:f2:89:5a:3f:37:51:3f:c3:07:92:cf:84:03:d9:
                    4a:0e:8b:c5:67:8f:84:88:47:95:6a:0a:4f:7b:68:
                    1c:7d:a7:2b:cd:a1:5a:cc:b0:63:dd:b4:bd:6d:df:
                    dd:f5:eb:d3:7f:38:97:8c:49:79:bb:d2:3d:71:2a:
                    d3:3a:eb:27:30:ee:46:97:ad:ad:c3:12:15:bb:a6:
                    8d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BB:05:1E:5C:6D:AB:6C:68:20:1F:FC:40:49:B1:75:2D:2B:FC:A0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0d7ea487-1ac7-4afd-9e8a-75522455872b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:2a:28:b9:d6:e0:4f:af:d6:f3:71:a6:95:6d:f5:d9:f6:cd:
         be:e5:3b:a0:41:2f:51:e0:ea:18:a4:04:a0:26:d2:56:62:e5:
         08:e2:a6:69:d6:39:2d:33:ab:75:e0:62:4f:c2:1b:5a:50:95:
         de:ea:0a:3e:63:64:a5:64:93:81:1a:a2:61:78:c4:20:f7:63:
         6d:2a:c1:ff:9d:dd:59:c2:32:f1:de:37:ab:b7:4b:56:5b:f9:
         80:9e:f6:f5:2e:05:27:79:69:15:ac:77:38:c6:53:d2:45:16:
         fd:2f:c8:59:c6:36:ed:5b:5d:b2:9c:31:43:83:28:ee:89:e7:
         94:cb:4a:53:a4:21:7d:7b:cb:00:15:f1:43:fa:3b:e1:59:dd:
         f0:33:88:8f:ec:26:18:37:ec:0a:f1:d0:28:9b:2d:a9:4a:a6:
         3d:6d:fa:b4:9a:4a:83:fa:e1:dd:6f:68:01:24:87:6b:a9:fd:
         20:10:b9:11:19:cb:45:8a:d6:3f:87:54:e9:59:c8:2b:92:2a:
         90:17:57:70:69:ce:4a:7b:09:49:62:0b:f4:64:cf:5b:df:94:
         eb:8b:d8:15:c6:c3:40:3f:e9:3a:ee:f3:4e:7e:b8:9d:85:3b:
         03:dc:8f:cd:6f:c3:16:b3:b1:fe:7a:e5:0e:54:48:ad:b8:0c:
         b7:a4:2f:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSsvmLUPbM6sQtErCU8vcEhl0zQIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMDAwNjM4WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjliOTEzYjRlMmI4NWMzMDE1M2MxYmY0YzA1ZTliMmFh
ZjM4MmZjOGVmNmY0NTkwMzMxNDkxODRmMWNkOTJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuzhBwu37xBKmyAGYwmM5MyVcBUlOZ0mHZEugChadhghsr
MEfrK0HGh8iNbg2EIoTCwCBkXjFp4aolj0e0GSsIb0YIgKfg4l9euMLHuklDkkOf
qvDCTTy5X2p3yrCOpBtsoY7zdH72/yIH6trepACR+P1pp62CoE6ZO+r5GufA77Q8
WZtOVJz4lytB4csk4DUcIq/VUVnqFD4bLMq9jXs/844xvo/I73uI+v2kAeM8RjpW
Mb/yiVo/N1E/wweSz4QD2UoOi8Vnj4SIR5VqCk97aBx9pyvNoVrMsGPdtL1t3931
69N/OJeMSXm70j1xKtM66ycw7kaXra3DEhW7po2jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjbsFHlxtq2xoIB/8QEmxdS0r/KAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBkN2VhNDg3LTFhYzctNGFmZC05ZThhLTc1NTIyNDU1ODcyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VcYwDQYJKoZIhvcNAQELBQADggEBADwqKLnW4E+v1vNxppVt9dn2zb7l
O6BBL1Hg6hikBKAm0lZi5QjipmnWOS0zq3XgYk/CG1pQld7qCj5jZKVkk4EaomF4
xCD3Y20qwf+d3VnCMvHeN6u3S1Zb+YCe9vUuBSd5aRWsdzjGU9JFFv0vyFnGNu1b
XbKcMUODKO6J55TLSlOkIX17ywAV8UP6O+FZ3fAziI/sJhg37Arx0CibLalKpj1t
+rSaSoP64d1vaAEkh2up/SAQuREZy0WK1j+HVOlZyCuSKpAXV3Bpzkp7CUliC/Rk
z1vflOuL2BXGw0A/6Tru805+uJ2FOwPcj81vwxazsf565Q5USK24DLekL5o=
-----END CERTIFICATE-----