Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30930141-cf20-48b4-8894-679f35db7006.roa
File:                     30930141-cf20-48b4-8894-679f35db7006.roa (raw, json)
Hash identifier:          p3Snz8o7oqX6HaQXCzOPrFSsXZ01w0SrItlA5nvH65I=
Subject key identifier:   24:A6:58:41:A9:3D:2D:BF:E7:F7:00:BD:60:D9:1D:D9:CD:9B:81:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2C7DA08045591052D7D3D02548BB934E91F547A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30930141-cf20-48b4-8894-679f35db7006.roa
Signing time:             Fri 17 Oct 2025 22:10:11 +0000
ROA not before:           Fri 17 Oct 2025 22:10:11 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.204.50.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:7d:a0:80:45:59:10:52:d7:d3:d0:25:48:bb:93:4e:91:f5:47:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 17 22:10:11 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=2bb35db15cb7e4392f424006155ca05038b5165fc3c20aebfcc36d88bfd16579, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:13:92:ac:ca:d3:9a:3d:da:55:5b:d6:de:93:
                    cc:21:24:a4:b7:d1:31:6e:2f:90:fc:50:b5:ff:f9:
                    ea:c8:c2:ba:d9:7c:4b:15:cd:f8:ef:d4:10:9a:11:
                    82:04:7b:8e:5a:e2:32:42:4b:1b:f8:91:02:45:a5:
                    23:e9:f7:3a:05:d8:e5:bc:94:fc:49:e5:fa:f2:10:
                    63:af:4f:ac:9a:7e:6d:2c:c3:6a:92:75:98:7d:55:
                    f4:3d:05:f5:36:c2:e4:3c:2e:68:9c:17:d9:0b:e9:
                    d2:20:de:20:a8:62:2b:41:d0:72:3b:eb:ed:f6:d1:
                    0f:91:fc:60:85:99:f9:4d:56:7d:55:96:12:12:e8:
                    7a:01:8e:ee:c1:d0:16:28:da:96:0b:0f:e5:a6:ac:
                    d9:dc:13:70:58:4d:6b:b3:ad:cd:3e:56:6d:80:91:
                    43:ae:21:a7:ec:70:45:22:d6:84:fe:c7:56:b9:aa:
                    03:44:fb:bc:11:07:e8:86:2b:21:a0:14:11:b3:d8:
                    99:e3:d5:5f:88:de:bf:30:fe:b9:d8:c2:e8:80:0d:
                    b3:90:1f:00:ed:f8:66:13:50:9d:a7:4b:cc:50:65:
                    e2:3d:55:c0:3b:e9:10:be:be:e2:f3:e5:12:76:8c:
                    2f:c6:35:92:d1:4a:7e:55:4e:20:4d:8b:61:f0:8f:
                    ab:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A6:58:41:A9:3D:2D:BF:E7:F7:00:BD:60:D9:1D:D9:CD:9B:81:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30930141-cf20-48b4-8894-679f35db7006.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.204.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:ca:84:c1:9e:06:a5:1b:33:23:01:32:19:f6:2c:a1:e9:61:
         86:61:09:75:fd:9e:14:ad:fd:1a:0c:9f:fe:17:7e:f3:29:00:
         3d:97:fe:43:46:79:ff:21:cd:d3:e7:6a:5b:2d:6d:ca:4a:c3:
         24:36:f9:04:3f:26:04:b6:3f:0c:25:05:45:d9:84:ce:12:9d:
         0d:95:f1:ca:8e:09:c6:aa:b6:81:77:d1:78:75:64:48:af:4e:
         d6:34:28:8c:a8:bc:f5:0d:8d:1e:59:af:86:7a:25:c1:90:39:
         05:cc:ab:1c:55:f5:8b:01:d3:13:0e:5e:28:9f:c6:d9:6e:2c:
         52:ac:be:15:88:87:e8:7f:73:15:31:5f:85:88:c3:97:c4:4b:
         0c:94:8b:31:ba:dc:f2:b9:8b:1a:15:5d:3d:4b:54:ae:52:e7:
         4c:31:df:e9:43:02:82:6d:61:3f:3d:71:bb:f3:1f:28:42:e8:
         fc:a6:2d:17:72:20:38:1c:dd:7a:bd:51:93:ff:80:43:e3:b2:
         46:c6:3e:f1:58:93:12:06:cd:9d:da:3d:ef:96:2b:ff:df:9f:
         ee:b1:a2:bd:7a:fa:c0:7c:e3:40:5a:32:b8:f8:a6:9f:d5:8c:
         26:02:35:a1:be:1a:0a:98:bb:6a:16:6e:ee:09:44:97:df:a6:
         e5:3d:4d:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULH2ggEVZEFLX09AlSLuTTpH1R6AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE3MjIxMDExWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYmIzNWRiMTVjYjdlNDM5MmY0MjQwMDYxNTVjYTA1MDM4
YjUxNjVmYzNjMjBhZWJmY2MzNmQ4OGJmZDE2NTc5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1E5KsytOaPdpVW9bek8whJKS30TFuL5D8ULX/+erIwrrZ
fEsVzfjv1BCaEYIEe45a4jJCSxv4kQJFpSPp9zoF2OW8lPxJ5fryEGOvT6yafm0s
w2qSdZh9VfQ9BfU2wuQ8LmicF9kL6dIg3iCoYitB0HI76+320Q+R/GCFmflNVn1V
lhIS6HoBju7B0BYo2pYLD+WmrNncE3BYTWuzrc0+Vm2AkUOuIafscEUi1oT+x1a5
qgNE+7wRB+iGKyGgFBGz2Jnj1V+I3r8w/rnYwuiADbOQHwDt+GYTUJ2nS8xQZeI9
VcA76RC+vuLz5RJ2jC/GNZLRSn5VTiBNi2Hwj6vXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJKZYQak9Lb/n9wC9YNkd2c2bgYEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMwOTMwMTQxLWNmMjAtNDhiNC04ODk0LTY3OWYzNWRiNzAwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE2zDIwDQYJKoZIhvcNAQELBQADggEBACzKhMGeBqUbMyMBMhn2LKHpYYZh
CXX9nhSt/RoMn/4XfvMpAD2X/kNGef8hzdPnalstbcpKwyQ2+QQ/JgS2PwwlBUXZ
hM4SnQ2V8cqOCcaqtoF30Xh1ZEivTtY0KIyovPUNjR5Zr4Z6JcGQOQXMqxxV9YsB
0xMOXiifxtluLFKsvhWIh+h/cxUxX4WIw5fESwyUizG63PK5ixoVXT1LVK5S50wx
3+lDAoJtYT89cbvzHyhC6PymLRdyIDgc3Xq9UZP/gEPjskbGPvFYkxIGzZ3aPe+W
K//fn+6xor16+sB840BaMrj4pp/VjCYCNaG+GgqYu2oWbu4JRJffpuU9TRg=
-----END CERTIFICATE-----