Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25bba307-7d0c-4072-9571-fcfab0c857b9.roa
File:                     25bba307-7d0c-4072-9571-fcfab0c857b9.roa (raw, json)
Hash identifier:          EfHS6IynL46/0mvpEqgu4qgGrW9CaFkmdom2PqqNqk8=
Subject key identifier:   1B:4D:15:98:C1:D7:04:01:5C:83:CD:E2:AA:00:CA:33:12:85:AD:C2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       76340D2E214C7FDB9D52811864626B6EE248E1BF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25bba307-7d0c-4072-9571-fcfab0c857b9.roa
Signing time:             Thu 16 Oct 2025 19:24:06 +0000
ROA not before:           Thu 16 Oct 2025 19:24:06 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.56.0.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:34:0d:2e:21:4c:7f:db:9d:52:81:18:64:62:6b:6e:e2:48:e1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 19:24:06 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=d7312688a84318b9b7bb2d792d94918c870f6725a50b4cc5427a9737268848b8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:47:43:55:65:7e:59:fb:61:e5:c5:49:e5:62:
                    43:85:ee:4f:30:11:1b:d8:48:d3:d7:4b:b7:a5:1e:
                    c9:23:a9:7f:8b:cd:e0:0f:b3:19:66:26:58:bb:bf:
                    06:e9:1a:d7:a7:7e:70:7e:9a:94:30:3c:aa:a6:f3:
                    f3:e0:6c:92:ea:88:08:16:b9:cf:61:ac:53:9f:2b:
                    d7:56:1c:45:a0:74:03:4f:5a:89:54:8c:f6:23:ac:
                    76:92:0c:c5:ec:04:59:a6:29:e2:11:ab:4b:f3:28:
                    19:40:47:d8:de:67:0f:f4:bd:86:e9:8b:ef:58:eb:
                    52:1f:ae:34:dd:33:e1:e8:c6:3a:09:56:0b:0c:57:
                    b9:08:d2:d6:09:a0:b9:ae:bc:02:87:f4:ce:09:27:
                    6e:ef:79:1f:86:12:0a:d6:d2:cf:bb:18:db:f3:25:
                    7a:00:d4:73:c2:bf:85:9d:ef:3c:6e:08:67:2f:06:
                    c2:8e:d9:28:b0:ca:43:f6:09:07:86:26:c6:c1:4f:
                    49:a2:77:b7:3c:94:07:70:5c:c6:60:4a:ee:37:6a:
                    35:f0:bc:77:33:24:0a:2d:47:24:b3:40:e7:86:50:
                    a1:0b:8f:01:36:9a:d3:20:cc:e9:12:65:39:bf:b0:
                    4a:6f:16:9e:86:ae:fa:e2:ba:53:5d:eb:a9:54:9b:
                    de:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:4D:15:98:C1:D7:04:01:5C:83:CD:E2:AA:00:CA:33:12:85:AD:C2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25bba307-7d0c-4072-9571-fcfab0c857b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.56.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         54:63:1c:3f:a6:0a:4a:fe:8e:57:88:f2:2f:26:a5:1b:c0:4d:
         51:3b:eb:f4:b0:84:13:1d:16:df:2d:e1:eb:4b:e7:26:07:a5:
         0c:9d:5e:5b:23:31:dd:b9:3e:27:d1:88:fb:c4:28:b6:6a:ee:
         20:81:13:09:18:44:7b:e0:f4:7d:57:01:5a:0f:29:4b:e0:0b:
         eb:df:ac:00:8f:9a:91:24:de:9b:38:11:b4:d5:b0:c5:d4:8e:
         eb:a0:08:15:fd:05:d5:c5:d7:6e:d2:c3:2b:bd:07:ea:6f:62:
         19:5a:69:7f:33:24:fc:42:6d:03:ce:f3:fa:26:e2:f1:49:7a:
         47:0a:9a:ca:fc:50:0a:58:1e:39:70:34:a4:6e:94:64:67:e2:
         f2:9f:98:bb:77:13:9c:67:f8:64:de:09:bd:45:3e:e1:76:f3:
         eb:95:9a:03:6e:9f:9c:aa:c9:9c:b3:fb:89:9d:77:66:a2:99:
         f8:c9:f5:8c:e5:04:54:16:eb:19:15:cd:8f:a6:a8:f8:71:07:
         82:ea:50:84:eb:61:d9:cd:85:53:3f:af:8c:de:77:a3:e4:c5:
         2e:cd:2e:5e:fd:de:20:69:90:b0:71:e1:0a:c2:f8:48:7c:e9:
         ca:7b:e8:e5:e3:cf:30:37:90:77:11:b2:a5:97:75:97:9a:86:
         56:3a:55:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdjQNLiFMf9udUoEYZGJrbuJI4b8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTkyNDA2WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzMxMjY4OGE4NDMxOGI5YjdiYjJkNzkyZDk0OTE4Yzg3
MGY2NzI1YTUwYjRjYzU0MjdhOTczNzI2ODg0OGI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxR0NVZX5Z+2HlxUnlYkOF7k8wERvYSNPXS7elHskjqX+L
zeAPsxlmJli7vwbpGtenfnB+mpQwPKqm8/PgbJLqiAgWuc9hrFOfK9dWHEWgdANP
WolUjPYjrHaSDMXsBFmmKeIRq0vzKBlAR9jeZw/0vYbpi+9Y61IfrjTdM+HoxjoJ
VgsMV7kI0tYJoLmuvAKH9M4JJ27veR+GEgrW0s+7GNvzJXoA1HPCv4Wd7zxuCGcv
BsKO2SiwykP2CQeGJsbBT0mid7c8lAdwXMZgSu43ajXwvHczJAotRySzQOeGUKEL
jwE2mtMgzOkSZTm/sEpvFp6GrvriulNd66lUm95VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUG00VmMHXBAFcg83iqgDKMxKFrcIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI1YmJhMzA3LTdkMGMtNDA3Mi05NTcxLWZjZmFiMGM4NTdiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU0OAAwDQYJKoZIhvcNAQELBQADggEBAFRjHD+mCkr+jleI8i8mpRvATVE7
6/SwhBMdFt8t4etL5yYHpQydXlsjMd25PifRiPvEKLZq7iCBEwkYRHvg9H1XAVoP
KUvgC+vfrACPmpEk3ps4EbTVsMXUjuugCBX9BdXF127Swyu9B+pvYhlaaX8zJPxC
bQPO8/om4vFJekcKmsr8UApYHjlwNKRulGRn4vKfmLt3E5xn+GTeCb1FPuF28+uV
mgNun5yqyZyz+4mdd2aimfjJ9YzlBFQW6xkVzY+mqPhxB4LqUITrYdnNhVM/r4ze
d6PkxS7NLl793iBpkLBx4QrC+Eh86cp76OXjzzA3kHcRsqWXdZeahlY6Vc0=
-----END CERTIFICATE-----