Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27dd2652-d2c7-40a5-9239-198add754341.roa
File:                     27dd2652-d2c7-40a5-9239-198add754341.roa (raw, json)
Hash identifier:          3DZJ5o14WBRrsEgcQlJxBhU1hJwBGyLgslWNJhM0klQ=
Subject key identifier:   96:F4:00:2D:55:40:0E:04:D4:55:3F:AA:AE:8B:0E:7B:43:10:1D:6B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2CD06C579F7379E58B282D054E2568E6E7579000
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27dd2652-d2c7-40a5-9239-198add754341.roa
Signing time:             Tue 23 Sep 2025 00:17:04 +0000
ROA not before:           Tue 23 Sep 2025 00:17:04 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.84.20.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:d0:6c:57:9f:73:79:e5:8b:28:2d:05:4e:25:68:e6:e7:57:90:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 00:17:04 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=eae500fe90441735eda43854142abbd3594409bbe774aba865e911889d935ee7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b3:bb:26:25:25:3d:41:d2:36:b2:51:b9:b8:
                    fe:4b:b5:1d:6c:7c:21:fb:31:39:44:b8:53:07:fc:
                    94:ff:4a:10:d2:58:f3:76:1e:7b:55:82:66:7e:ef:
                    a4:b1:34:cd:ca:55:b1:17:18:86:bc:ca:97:e4:84:
                    10:89:92:12:a8:68:20:d2:68:d4:2d:43:32:e1:0b:
                    66:1c:8b:a9:44:08:ca:83:5b:17:7b:14:f5:fe:c0:
                    88:40:5e:07:d1:9a:c7:cb:e7:0b:70:23:77:f3:f8:
                    ab:82:36:48:53:69:a3:f0:e4:65:e6:06:14:bb:f5:
                    61:a6:c2:86:c3:c0:8f:75:cd:cb:ce:dc:43:84:d2:
                    79:c8:50:c5:91:9a:b5:23:74:9c:b5:28:76:eb:1b:
                    88:1e:19:0d:5c:4d:a6:05:8c:58:d1:1e:c5:0a:fc:
                    34:9d:1c:1b:24:0d:c0:06:f0:5a:d2:c3:52:b0:1e:
                    ff:2e:05:ad:fc:a9:d3:ec:07:c3:bd:c4:91:93:8d:
                    5e:f4:1c:9b:00:98:9b:c5:59:4e:f2:1e:c9:5f:3e:
                    04:40:eb:d0:41:17:85:99:91:20:4f:bf:93:d8:f2:
                    ef:e9:a9:62:ef:04:c9:87:aa:35:f2:13:9a:23:71:
                    ad:de:20:97:46:ae:c6:b3:13:d2:6f:52:c9:fd:4d:
                    4c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:F4:00:2D:55:40:0E:04:D4:55:3F:AA:AE:8B:0E:7B:43:10:1D:6B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27dd2652-d2c7-40a5-9239-198add754341.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.84.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:0e:40:66:8b:54:b1:e7:9c:cc:68:66:07:e0:a0:e4:44:1d:
         c3:97:9a:a0:b1:c8:a1:fd:36:d7:c0:64:22:c3:5b:6b:a5:78:
         88:4b:48:75:d1:d4:e3:47:2b:56:80:c0:94:d9:0f:37:b3:2d:
         7a:77:47:8f:06:c1:f9:27:0c:99:b0:4c:f0:19:7c:4d:f6:94:
         89:36:10:94:af:f3:7e:51:a1:aa:c6:b4:c3:10:29:f0:8d:84:
         b1:8d:9c:a2:4c:96:dc:9e:5f:f7:27:af:06:92:70:f8:51:bb:
         8e:8e:5f:74:bd:2c:14:6f:0c:44:9e:36:90:de:8f:4c:6b:2f:
         ce:3a:c0:d6:ae:1b:c0:a6:f1:7e:c1:57:ba:0d:ab:67:0a:17:
         22:37:03:64:06:d3:7a:4c:81:44:04:d6:4e:40:9c:59:e3:88:
         b3:7b:30:ba:46:b3:78:ac:16:d9:f2:89:89:5f:11:87:c5:02:
         47:cd:f9:f1:b4:73:31:9b:fa:7b:12:42:b2:59:29:e2:29:60:
         b2:bf:ba:ac:4b:81:92:db:4a:cf:56:d8:51:dc:3d:bc:85:7e:
         ca:db:f1:25:ba:73:9f:98:f1:23:c5:4d:da:85:3d:63:94:50:
         95:28:be:bb:47:76:47:16:ef:5f:ff:6b:b7:13:bf:d6:83:60:
         3c:18:a7:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULNBsV59zeeWLKC0FTiVo5udXkAAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMDAxNzA0WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWU1MDBmZTkwNDQxNzM1ZWRhNDM4NTQxNDJhYmJkMzU5
NDQwOWJiZTc3NGFiYTg2NWU5MTE4ODlkOTM1ZWU3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/s7smJSU9QdI2slG5uP5LtR1sfCH7MTlEuFMH/JT/ShDS
WPN2HntVgmZ+76SxNM3KVbEXGIa8ypfkhBCJkhKoaCDSaNQtQzLhC2Yci6lECMqD
Wxd7FPX+wIhAXgfRmsfL5wtwI3fz+KuCNkhTaaPw5GXmBhS79WGmwobDwI91zcvO
3EOE0nnIUMWRmrUjdJy1KHbrG4geGQ1cTaYFjFjRHsUK/DSdHBskDcAG8FrSw1Kw
Hv8uBa38qdPsB8O9xJGTjV70HJsAmJvFWU7yHslfPgRA69BBF4WZkSBPv5PY8u/p
qWLvBMmHqjXyE5ojca3eIJdGrsazE9JvUsn9TUzJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlvQALVVADgTUVT+qrosOe0MQHWswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI3ZGQyNjUyLWQyYzctNDBhNS05MjM5LTE5OGFkZDc1NDM0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0VBQwDQYJKoZIhvcNAQELBQADggEBAFQOQGaLVLHnnMxoZgfgoOREHcOX
mqCxyKH9NtfAZCLDW2uleIhLSHXR1ONHK1aAwJTZDzezLXp3R48GwfknDJmwTPAZ
fE32lIk2EJSv835RoarGtMMQKfCNhLGNnKJMltyeX/cnrwaScPhRu46OX3S9LBRv
DESeNpDej0xrL846wNauG8Cm8X7BV7oNq2cKFyI3A2QG03pMgUQE1k5AnFnjiLN7
MLpGs3isFtnyiYlfEYfFAkfN+fG0czGb+nsSQrJZKeIpYLK/uqxLgZLbSs9W2FHc
PbyFfsrb8SW6c5+Y8SPFTdqFPWOUUJUovrtHdkcW71//a7cTv9aDYDwYp0E=
-----END CERTIFICATE-----