Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2b4045e7-612a-4861-9192-f6bf48ac9c92.roa
File:                     2b4045e7-612a-4861-9192-f6bf48ac9c92.roa (raw, json)
Hash identifier:          ywVJVuuz/35Cn6W7ryI5zgfzZiDhLzw0+/zqZbnYDHs=
Subject key identifier:   49:13:38:82:0E:CB:98:12:A6:A9:17:1B:16:12:BE:B6:0E:44:8E:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7E62A04E0584554ECB01F44BC793A11F920D9108
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2b4045e7-612a-4861-9192-f6bf48ac9c92.roa
Signing time:             Mon 22 Sep 2025 23:44:38 +0000
ROA not before:           Mon 22 Sep 2025 23:44:38 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.84.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:62:a0:4e:05:84:55:4e:cb:01:f4:4b:c7:93:a1:1f:92:0d:91:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:44:38 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=7c6e23db1f402197e568993e4d33d498cea4bd15c5ed12a8759fc2ea2bd1f72a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:30:42:70:23:f2:ff:5e:03:5d:a1:8f:21:91:
                    de:bd:6b:6b:bb:8b:73:fd:dc:cb:61:6d:1f:d3:10:
                    75:02:39:72:14:1f:eb:13:91:1b:b9:d4:67:fe:ed:
                    f3:33:73:b4:16:70:27:bc:95:1f:15:a2:66:3e:37:
                    15:3e:43:01:cd:71:d7:b3:0f:63:86:a6:2a:cd:28:
                    26:71:cd:e8:fa:11:9b:2d:0c:5d:07:7a:dc:f3:b8:
                    b0:59:74:14:88:fb:eb:96:16:70:48:c0:c4:af:eb:
                    84:35:aa:f1:b8:86:61:35:2a:22:96:c6:79:a7:27:
                    26:52:e3:7b:ca:56:f1:af:a0:c1:f5:40:0b:04:b0:
                    bb:9c:12:e4:7c:ef:f9:cb:de:41:e6:d4:ae:6a:dc:
                    39:13:e1:b5:b9:47:e7:31:92:7a:4a:ec:d8:8b:05:
                    fb:22:cf:ed:2c:17:f4:11:1f:c3:a5:74:12:52:4b:
                    9a:2f:17:5e:b0:82:e2:76:96:19:14:7d:69:96:ab:
                    bf:e6:87:78:98:52:d2:e6:84:dd:82:66:07:8b:b4:
                    f0:6a:37:0a:f6:3d:cd:c0:a8:52:dc:14:ae:a4:8b:
                    b6:72:bd:12:64:c6:21:a6:fc:c8:f3:27:fb:53:b9:
                    49:00:bb:95:45:00:cf:d5:be:b3:c9:61:46:c2:7d:
                    45:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:13:38:82:0E:CB:98:12:A6:A9:17:1B:16:12:BE:B6:0E:44:8E:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2b4045e7-612a-4861-9192-f6bf48ac9c92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.84.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:9d:58:4a:b6:61:28:8b:74:b3:b7:2a:a0:96:af:fe:03:b9:
         d5:01:a8:06:10:53:1d:51:5d:45:43:80:de:8c:d7:a3:16:5f:
         62:fd:e5:b6:52:45:b1:ab:77:91:30:86:c3:b5:3c:a5:22:76:
         7d:8a:6d:8e:dc:33:be:c1:57:e3:1b:37:12:09:1f:00:9f:0a:
         c8:85:e2:0c:69:37:9a:67:3d:56:84:10:07:64:f4:d2:f2:94:
         08:3f:8c:ce:c6:ec:3b:3e:a9:db:22:cd:46:33:ff:76:d9:2f:
         44:f4:5b:59:0b:81:27:1f:d8:b1:29:7d:d6:07:55:df:c5:5a:
         d8:61:03:86:84:ac:83:95:87:eb:37:f7:b3:58:32:17:c7:55:
         09:f6:3c:f3:29:72:c2:62:71:82:ed:b7:08:40:bf:41:60:5b:
         9c:c0:8f:ff:de:64:af:89:14:9c:57:db:a3:14:06:39:ac:66:
         1a:e9:63:a6:a5:f6:e7:43:54:f3:38:ff:7b:79:c2:95:39:91:
         62:dc:77:65:2d:b5:cb:0d:6a:3e:5a:db:6a:b4:d2:13:ed:9d:
         5f:38:c2:15:26:d9:9a:d3:4f:9a:63:99:a8:a5:1b:13:eb:17:
         55:f8:c0:a6:1a:34:09:a6:ec:c4:7f:31:ae:a8:6c:29:a7:d1:
         c9:61:fc:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfmKgTgWEVU7LAfRLx5OhH5INkQgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjM0NDM4WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzZlMjNkYjFmNDAyMTk3ZTU2ODk5M2U0ZDMzZDQ5OGNl
YTRiZDE1YzVlZDEyYTg3NTlmYzJlYTJiZDFmNzJhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiMEJwI/L/XgNdoY8hkd69a2u7i3P93MthbR/TEHUCOXIU
H+sTkRu51Gf+7fMzc7QWcCe8lR8VomY+NxU+QwHNcdezD2OGpirNKCZxzej6EZst
DF0HetzzuLBZdBSI++uWFnBIwMSv64Q1qvG4hmE1KiKWxnmnJyZS43vKVvGvoMH1
QAsEsLucEuR87/nL3kHm1K5q3DkT4bW5R+cxknpK7NiLBfsiz+0sF/QRH8OldBJS
S5ovF16wguJ2lhkUfWmWq7/mh3iYUtLmhN2CZgeLtPBqNwr2Pc3AqFLcFK6ki7Zy
vRJkxiGm/MjzJ/tTuUkAu5VFAM/VvrPJYUbCfUW3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSRM4gg7LmBKmqRcbFhK+tg5EjoIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJiNDA0NWU3LTYxMmEtNDg2MS05MTkyLWY2YmY0OGFjOWM5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VKwwDQYJKoZIhvcNAQELBQADggEBAE+dWEq2YSiLdLO3KqCWr/4DudUB
qAYQUx1RXUVDgN6M16MWX2L95bZSRbGrd5EwhsO1PKUidn2KbY7cM77BV+MbNxIJ
HwCfCsiF4gxpN5pnPVaEEAdk9NLylAg/jM7G7Ds+qdsizUYz/3bZL0T0W1kLgScf
2LEpfdYHVd/FWthhA4aErIOVh+s397NYMhfHVQn2PPMpcsJicYLttwhAv0FgW5zA
j//eZK+JFJxX26MUBjmsZhrpY6al9udDVPM4/3t5wpU5kWLcd2UttcsNaj5a22q0
0hPtnV84whUm2ZrTT5pjmailGxPrF1X4wKYaNAmm7MR/Ma6obCmn0clh/Fw=
-----END CERTIFICATE-----