Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/31b3c27f-c2a6-4964-8eb8-dbb3fb26b4d3.roa
File:                     31b3c27f-c2a6-4964-8eb8-dbb3fb26b4d3.roa (raw, json)
Hash identifier:          QtW4/TLGJLtXm6fxZ+qw3MMamcIPt5bePH17KfG1SuM=
Subject key identifier:   72:FE:DE:CF:71:EF:A0:5D:07:68:7F:55:5C:2C:3D:04:4A:98:7B:EC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1A469480C1AB2253CE7D4BC2956BD718037336B7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/31b3c27f-c2a6-4964-8eb8-dbb3fb26b4d3.roa
Signing time:             Fri 10 Oct 2025 16:47:46 +0000
ROA not before:           Fri 10 Oct 2025 16:47:46 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.189.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:46:94:80:c1:ab:22:53:ce:7d:4b:c2:95:6b:d7:18:03:73:36:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:47:46 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=c3163deebd2bd5749d962df748b4a194a1f6da1ded9657b4706bc52bc9258bbb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1b:ff:0b:ea:bb:3a:c6:73:84:20:83:f4:a6:
                    90:29:87:76:32:67:4d:e0:e6:fc:f0:92:d4:a2:42:
                    87:09:1e:90:53:dc:96:21:25:53:a7:88:58:7c:3c:
                    bc:e1:9b:6a:7b:6e:6d:a8:b9:eb:3e:7b:b9:1c:4f:
                    12:ef:bc:89:c0:3f:4d:6a:ee:37:d7:bf:47:10:b2:
                    e7:ff:ae:f2:99:0e:0c:d7:06:72:3e:21:e6:fc:5e:
                    c6:ad:02:81:c2:58:df:45:b7:be:74:50:b5:aa:33:
                    bf:11:05:fb:91:f7:ea:53:39:b1:0e:72:eb:f4:17:
                    65:f7:14:02:33:a8:bc:15:99:cc:e1:92:2b:eb:2c:
                    9a:b3:98:fc:22:5e:00:58:8f:4a:14:51:9d:6c:1c:
                    2b:14:ce:0f:46:87:9f:62:ee:f7:8f:e1:68:fe:b4:
                    bf:be:e8:33:37:99:e1:9e:69:0f:3d:d1:02:2b:99:
                    aa:f1:8a:84:b5:ee:2c:b2:ec:9b:2b:2d:32:63:73:
                    4f:1d:dc:ae:45:41:2b:1e:1c:79:80:f4:40:29:95:
                    0a:40:f1:f1:7d:68:58:f6:3c:33:99:0c:ef:bd:8b:
                    c8:d8:76:dc:25:3e:2b:ba:65:d6:ab:c4:5b:7d:3b:
                    c6:cc:d9:ef:64:e5:f6:90:d6:bc:90:10:17:81:3d:
                    0c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:FE:DE:CF:71:EF:A0:5D:07:68:7F:55:5C:2C:3D:04:4A:98:7B:EC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/31b3c27f-c2a6-4964-8eb8-dbb3fb26b4d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.189.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         85:02:b3:29:a1:f4:56:7a:a1:c8:fd:55:3d:b6:4b:8b:25:9c:
         3a:84:26:d1:84:6e:f5:6f:44:10:54:bc:75:29:a2:c7:66:78:
         da:7c:4b:59:e6:c3:87:22:89:04:1f:63:69:2c:78:72:dd:c9:
         52:d6:32:be:09:1c:e1:4e:b6:1a:de:dd:d8:ae:18:47:61:b2:
         e8:41:f6:8f:db:6d:68:c2:4d:52:ec:46:c9:5f:93:18:ad:f7:
         19:d9:4b:a6:73:21:44:d7:8e:e8:26:a2:82:74:0a:2a:08:16:
         d8:d6:73:88:47:98:c9:a1:44:1d:23:94:80:67:6e:04:81:00:
         7e:94:b7:b0:83:44:ff:85:35:d3:de:02:71:5c:80:35:85:40:
         ec:d1:fa:14:59:d2:84:70:3b:7b:44:fe:fa:1a:2c:ad:2f:99:
         66:1a:bb:13:f3:06:43:58:d3:74:6e:7c:b1:ae:fb:43:12:89:
         ff:48:59:93:28:d1:e6:f0:96:ca:2f:7d:29:4c:fb:bd:ab:47:
         3b:36:bc:0e:52:29:e6:5d:84:2f:3c:4f:bb:a2:ee:e1:13:85:
         60:e7:ff:ca:da:c1:89:f8:c7:86:fb:b1:3a:91:a4:db:d0:91:
         09:f1:73:7e:d5:35:7f:45:f8:c9:b1:c7:41:4d:22:c0:04:3e:
         64:ca:f5:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGkaUgMGrIlPOfUvClWvXGANzNrcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTY0NzQ2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMzE2M2RlZWJkMmJkNTc0OWQ5NjJkZjc0OGI0YTE5NGEx
ZjZkYTFkZWQ5NjU3YjQ3MDZiYzUyYmM5MjU4YmJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4G/8L6rs6xnOEIIP0ppAph3YyZ03g5vzwktSiQocJHpBT
3JYhJVOniFh8PLzhm2p7bm2oues+e7kcTxLvvInAP01q7jfXv0cQsuf/rvKZDgzX
BnI+Ieb8XsatAoHCWN9Ft750ULWqM78RBfuR9+pTObEOcuv0F2X3FAIzqLwVmczh
kivrLJqzmPwiXgBYj0oUUZ1sHCsUzg9Gh59i7veP4Wj+tL++6DM3meGeaQ890QIr
marxioS17iyy7JsrLTJjc08d3K5FQSseHHmA9EAplQpA8fF9aFj2PDOZDO+9i8jY
dtwlPiu6ZdarxFt9O8bM2e9k5faQ1ryQEBeBPQwpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcv7ez3HvoF0HaH9VXCw9BEqYe+wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMxYjNjMjdmLWMyYTYtNDk2NC04ZWI4LWRiYjNmYjI2YjRkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2vYAwDQYJKoZIhvcNAQELBQADggEBAIUCsymh9FZ6ocj9VT22S4slnDqE
JtGEbvVvRBBUvHUposdmeNp8S1nmw4ciiQQfY2kseHLdyVLWMr4JHOFOthre3diu
GEdhsuhB9o/bbWjCTVLsRslfkxit9xnZS6ZzIUTXjugmooJ0CioIFtjWc4hHmMmh
RB0jlIBnbgSBAH6Ut7CDRP+FNdPeAnFcgDWFQOzR+hRZ0oRwO3tE/voaLK0vmWYa
uxPzBkNY03RufLGu+0MSif9IWZMo0ebwlsovfSlM+72rRzs2vA5SKeZdhC88T7ui
7uEThWDn/8rawYn4x4b7sTqRpNvQkQnxc37VNX9F+Mmxx0FNIsAEPmTK9UU=
-----END CERTIFICATE-----