Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4570f34c-671a-4fcc-a171-7871c3923f46.roa
File:                     4570f34c-671a-4fcc-a171-7871c3923f46.roa (raw, json)
Hash identifier:          OpILYpRxVAuhcw527XHePcZZ39aObpu4nf93oL32Ihc=
Subject key identifier:   50:9A:DB:F6:CA:FD:E3:6B:4C:E1:FE:2F:7E:1C:7A:1E:FA:AC:94:31
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4277A31908A4FF6B65E7358FAD117D0428A8C28F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4570f34c-671a-4fcc-a171-7871c3923f46.roa
Signing time:             Fri 10 Oct 2025 16:08:36 +0000
ROA not before:           Fri 10 Oct 2025 16:08:36 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.72.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:77:a3:19:08:a4:ff:6b:65:e7:35:8f:ad:11:7d:04:28:a8:c2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:08:36 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=51a2af46acd6f4ef6e0eee7e87562c6e9c6d90556ba046b0a0c1ef2f1ce8a106, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b8:e8:54:13:35:ae:28:d8:0d:c3:39:35:c2:
                    13:ad:c8:83:ef:b2:9a:8f:68:cd:c5:7e:02:00:e5:
                    ca:94:83:ea:f6:e0:16:82:ea:7b:56:46:ea:44:c0:
                    0c:65:17:2b:91:25:f6:a9:48:92:2b:08:8b:d4:2b:
                    a8:38:9f:dd:65:34:74:78:0c:7f:08:67:6f:a2:72:
                    01:52:cc:12:97:f6:74:28:f6:ef:3c:83:90:9c:ce:
                    47:7c:14:65:2d:9c:b6:38:c9:09:80:a3:f8:28:e8:
                    ff:3f:e6:6e:48:67:c9:28:6c:53:87:e5:52:c9:2b:
                    4f:ca:17:3c:3e:84:f7:b0:57:b9:81:cc:d8:fc:63:
                    6e:12:f5:e1:4e:0b:64:f5:07:70:93:d2:08:9c:e3:
                    7e:72:8b:4e:56:a2:9e:20:4a:6b:89:7e:64:d8:a5:
                    c5:08:f8:02:a4:0c:9d:bd:50:ad:dc:16:d1:29:da:
                    14:a9:ba:e9:0c:bc:af:6e:50:c1:ed:17:72:c0:93:
                    2c:fd:36:da:1c:d5:20:a1:2e:9c:01:f4:77:7c:31:
                    6a:82:95:0d:32:f9:e6:b1:dd:d4:60:cb:20:de:94:
                    04:28:cc:8a:93:17:73:3d:74:06:d9:70:75:0d:91:
                    a9:82:82:53:57:84:ea:f7:b3:23:f3:8b:bc:c2:ce:
                    34:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:9A:DB:F6:CA:FD:E3:6B:4C:E1:FE:2F:7E:1C:7A:1E:FA:AC:94:31
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4570f34c-671a-4fcc-a171-7871c3923f46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1d:ec:b0:bf:bb:d5:67:cd:ae:52:3b:b2:fd:e2:c4:74:50:1c:
         72:72:65:55:fe:7d:ba:52:a8:b0:1a:ce:15:e9:28:c0:4a:33:
         18:71:58:a1:1e:19:63:6e:11:b2:5d:6c:14:16:77:24:85:60:
         6a:9f:59:ff:cc:ae:53:55:d4:66:ce:93:38:a1:dc:e8:a4:b5:
         25:4f:b3:28:32:41:0d:52:7d:69:05:cb:12:14:7c:96:a4:0e:
         d3:0c:81:2d:38:51:b5:ad:33:2d:2a:db:80:86:0a:c1:86:9d:
         06:be:cb:dd:c7:f0:20:51:97:7f:4b:c0:c1:0d:2c:ec:2a:c2:
         e0:83:c8:a6:28:36:87:54:26:0e:8a:5a:79:b8:be:38:a7:9a:
         37:7b:3d:44:8f:2f:1a:f5:a1:43:7e:67:03:47:ac:3d:d0:f1:
         a3:e6:72:98:d6:b3:28:28:04:a7:ad:3e:c9:29:86:0f:3d:32:
         93:12:34:90:4e:23:8e:fb:9f:10:db:76:20:fa:6a:47:b2:86:
         c5:b9:2a:80:c4:a8:15:ec:28:15:4a:19:8d:8e:db:17:0d:39:
         27:60:70:ef:3f:a3:44:a0:0e:c6:99:37:31:ae:6a:83:34:e0:
         a6:98:f0:11:8a:8a:7b:95:bc:4b:24:8d:f4:46:7d:08:09:a2:
         e1:71:65:54
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQnejGQik/2tl5zWPrRF9BCiowo8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTYwODM2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MWEyYWY0NmFjZDZmNGVmNmUwZWVlN2U4NzU2MmM2ZTlj
NmQ5MDU1NmJhMDQ2YjBhMGMxZWYyZjFjZThhMTA2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+uOhUEzWuKNgNwzk1whOtyIPvspqPaM3FfgIA5cqUg+r2
4BaC6ntWRupEwAxlFyuRJfapSJIrCIvUK6g4n91lNHR4DH8IZ2+icgFSzBKX9nQo
9u88g5Cczkd8FGUtnLY4yQmAo/go6P8/5m5IZ8kobFOH5VLJK0/KFzw+hPewV7mB
zNj8Y24S9eFOC2T1B3CT0gic435yi05Wop4gSmuJfmTYpcUI+AKkDJ29UK3cFtEp
2hSpuukMvK9uUMHtF3LAkyz9Ntoc1SChLpwB9Hd8MWqClQ0y+eax3dRgyyDelAQo
zIqTF3M9dAbZcHUNkamCglNXhOr3syPzi7zCzjTjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUJrb9sr942tM4f4vfhx6HvqslDEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ1NzBmMzRjLTY3MWEtNGZjYy1hMTcxLTc4NzFjMzkyM2Y0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE0SDANBgkqhkiG9w0BAQsFAAOCAQEAHeywv7vVZ82uUjuy/eLEdFAccnJl
Vf59ulKosBrOFekowEozGHFYoR4ZY24Rsl1sFBZ3JIVgap9Z/8yuU1XUZs6TOKHc
6KS1JU+zKDJBDVJ9aQXLEhR8lqQO0wyBLThRta0zLSrbgIYKwYadBr7L3cfwIFGX
f0vAwQ0s7CrC4IPIpig2h1QmDopaebi+OKeaN3s9RI8vGvWhQ35nA0esPdDxo+Zy
mNazKCgEp60+ySmGDz0ykxI0kE4jjvufENt2IPpqR7KGxbkqgMSoFewoFUoZjY7b
Fw05J2Bw7z+jRKAOxpk3Ma5qgzTgppjwEYqKe5W8SySN9EZ9CAmi4XFlVA==
-----END CERTIFICATE-----