Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa
File:                     471b7fbb-a1e3-44ab-8628-e10896f053eb.roa (raw, json)
Hash identifier:          fKbmCJeCPCPRH7yXmu9aU0uf+AckZ+a2ltOZAFZx7/Q=
Subject key identifier:   3D:3B:F3:FA:3F:3B:EC:F4:CE:97:9B:1D:B8:D2:45:E6:5B:2D:96:3E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       73BD9F9D23B8885AB42A4226362B97C3807D7862
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa
Signing time:             Fri 10 Oct 2025 15:36:30 +0000
ROA not before:           Fri 10 Oct 2025 15:36:30 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.248.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:bd:9f:9d:23:b8:88:5a:b4:2a:42:26:36:2b:97:c3:80:7d:78:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 15:36:30 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=79b575643709d99a48399fc6c9752ad9fcebd23de2beeedb26caba64b33c38ee, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8b:59:4b:8f:05:c9:47:10:ce:cd:88:79:40:
                    43:20:33:73:39:7e:e1:56:09:87:22:f3:04:6b:87:
                    0c:54:4d:f4:17:a4:bb:ad:fa:c0:39:6a:3a:ec:55:
                    39:d5:d6:9a:e4:6a:eb:4e:86:7f:15:80:c7:91:a9:
                    1f:80:e8:f8:91:3e:f1:f6:97:ec:c0:0a:59:c0:44:
                    4d:cc:83:99:a7:34:b1:fe:72:6c:16:5a:db:60:0b:
                    3d:24:01:71:85:ff:66:ad:06:79:ca:1d:3c:e1:10:
                    d7:b9:64:17:69:c1:ea:c4:f5:03:cb:36:67:07:79:
                    a3:4a:8d:46:96:02:fd:4b:f2:57:75:a0:0e:d3:89:
                    01:df:13:03:ac:f2:38:21:dc:b8:bb:03:ae:2e:98:
                    33:7e:ff:42:30:23:fe:c4:ad:bb:b4:37:4b:4a:d0:
                    28:44:3b:0c:1a:fc:af:a9:62:99:ea:f8:f4:5e:a1:
                    1a:5e:0f:e3:91:c8:2e:88:d1:d2:55:b1:b7:0b:39:
                    f6:7e:fd:d9:3c:90:e0:43:18:97:19:f0:3c:20:2c:
                    97:9c:1d:be:88:06:7a:a8:7d:86:63:40:10:a4:67:
                    e7:13:d7:b6:0b:4d:91:5a:c4:0b:41:81:5d:90:12:
                    5f:ba:ea:61:57:f8:44:97:69:ea:d9:0c:90:2f:ae:
                    bc:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:3B:F3:FA:3F:3B:EC:F4:CE:97:9B:1D:B8:D2:45:E6:5B:2D:96:3E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/471b7fbb-a1e3-44ab-8628-e10896f053eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.248.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         64:94:30:e0:8b:09:18:8c:b7:53:1f:33:35:93:f8:79:42:f0:
         95:47:b0:2f:a0:76:e9:54:4f:9b:38:b5:c9:d2:aa:14:6b:67:
         ca:32:8c:83:8f:e9:2d:36:c2:07:55:09:b1:2e:a9:0d:78:f3:
         08:68:27:45:0c:50:81:de:a5:69:20:8f:d7:76:e3:36:b0:69:
         2d:ed:af:de:38:f9:c8:44:55:5d:db:14:86:5c:b2:05:3b:12:
         2b:8a:3c:48:d7:e3:ca:4a:3e:c8:4f:27:a9:eb:1c:57:b1:85:
         43:50:97:38:97:20:43:0c:30:4b:72:83:8c:55:1f:80:96:32:
         d1:70:e9:23:85:fa:6f:67:85:a9:fa:39:d0:c2:41:66:3e:1d:
         8f:9e:0e:3e:5f:d0:46:a7:c9:2d:bb:d8:a0:f7:65:b8:b4:57:
         17:e1:23:07:01:98:05:9b:d4:75:45:33:32:c6:67:09:ba:9b:
         db:96:8c:06:cd:40:d5:e4:ef:56:63:5a:90:d1:99:d9:83:c1:
         08:fc:18:e1:b4:06:8a:da:06:ff:44:4c:cd:03:e9:be:3f:b8:
         a8:ba:ed:70:40:bb:69:27:5e:f8:10:c7:6a:8e:79:ad:cc:1a:
         8c:cc:80:88:e8:1d:5d:9b:fb:d3:38:34:90:af:e3:a0:71:28:
         ac:e9:c2:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc72fnSO4iFq0KkImNiuXw4B9eGIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTUzNjMwWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OWI1NzU2NDM3MDlkOTlhNDgzOTlmYzZjOTc1MmFkOWZj
ZWJkMjNkZTJiZWVlZGIyNmNhYmE2NGIzM2MzOGVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzi1lLjwXJRxDOzYh5QEMgM3M5fuFWCYci8wRrhwxUTfQX
pLut+sA5ajrsVTnV1prkautOhn8VgMeRqR+A6PiRPvH2l+zAClnARE3Mg5mnNLH+
cmwWWttgCz0kAXGF/2atBnnKHTzhENe5ZBdpwerE9QPLNmcHeaNKjUaWAv1L8ld1
oA7TiQHfEwOs8jgh3Li7A64umDN+/0IwI/7Erbu0N0tK0ChEOwwa/K+pYpnq+PRe
oRpeD+ORyC6I0dJVsbcLOfZ+/dk8kOBDGJcZ8DwgLJecHb6IBnqofYZjQBCkZ+cT
17YLTZFaxAtBgV2QEl+66mFX+ESXaerZDJAvrry3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPTvz+j877PTOl5sduNJF5lstlj4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3MWI3ZmJiLWExZTMtNDRhYi04NjI4LWUxMDg5NmYwNTNlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi+MAwDQYJKoZIhvcNAQELBQADggEBAGSUMOCLCRiMt1MfMzWT+HlC8JVH
sC+gdulUT5s4tcnSqhRrZ8oyjIOP6S02wgdVCbEuqQ148whoJ0UMUIHepWkgj9d2
4zawaS3tr944+chEVV3bFIZcsgU7EiuKPEjX48pKPshPJ6nrHFexhUNQlziXIEMM
MEtyg4xVH4CWMtFw6SOF+m9nhan6OdDCQWY+HY+eDj5f0EanyS272KD3Zbi0Vxfh
IwcBmAWb1HVFMzLGZwm6m9uWjAbNQNXk71ZjWpDRmdmDwQj8GOG0BoraBv9ETM0D
6b4/uKi67XBAu2knXvgQx2qOea3MGozMgIjoHV2b+9M4NJCv46BxKKzpwnw=
-----END CERTIFICATE-----