Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a8db4d3-7115-4601-8610-e18538403214.roa
File:                     4a8db4d3-7115-4601-8610-e18538403214.roa (raw, json)
Hash identifier:          lzFOqh5T7oZ27G47GSHKJoqj1ZcY7HdhCvB9Cz8tRJM=
Subject key identifier:   AA:67:B2:42:19:FD:39:DB:5D:B2:C1:F5:C9:9F:05:15:0C:1E:D7:C8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6885FD5CE07B7FAD6F9C5F4BE68B47065962CC65
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a8db4d3-7115-4601-8610-e18538403214.roa
Signing time:             Fri 26 Sep 2025 02:29:21 +0000
ROA not before:           Fri 26 Sep 2025 02:29:21 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:85:fd:5c:e0:7b:7f:ad:6f:9c:5f:4b:e6:8b:47:06:59:62:cc:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 02:29:21 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=0b4cc90e6aa8b4c719e8200bd134eb1fe460e428bc8bdcd830ad50789fca221a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:c4:ce:3b:be:ca:21:f2:93:b7:52:72:17:
                    24:7b:ac:62:8f:92:4c:21:86:34:e4:b1:5c:fd:f4:
                    f1:0e:86:1e:5d:4a:3b:98:07:1a:91:46:05:cf:85:
                    d5:ee:11:e4:b3:50:5d:7a:77:4f:bf:88:ea:f3:60:
                    88:29:75:f5:4c:6c:fc:a5:06:ab:c8:f3:c7:88:ad:
                    d4:36:73:2b:57:b9:7a:3b:1c:86:6c:da:b5:4f:11:
                    76:d0:b1:12:60:fb:59:10:60:5d:74:db:e9:65:3c:
                    f1:a2:a4:ed:a7:b6:2c:d7:12:3f:68:e6:63:e5:e6:
                    6e:da:8a:66:34:4d:db:78:65:e4:c6:7a:58:35:90:
                    76:54:f0:e9:c8:0c:cd:22:43:98:12:20:d3:9e:a2:
                    65:e0:18:f5:5a:b7:29:2d:fc:c9:70:ad:5f:ec:79:
                    80:ab:cf:35:5f:12:ac:5f:db:e7:66:af:95:78:98:
                    55:51:df:be:74:fa:7c:52:bc:7d:cd:6c:7b:ee:ad:
                    99:03:f0:3d:fc:2c:f1:4c:8b:49:bc:5e:d7:8f:17:
                    02:0b:df:e8:75:3e:12:46:06:3f:d6:74:49:49:04:
                    4c:b7:b2:d5:82:8d:40:c3:40:32:03:17:d3:6c:b0:
                    fb:93:fa:04:d6:64:d1:ba:fc:70:60:f7:02:b2:63:
                    e9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:67:B2:42:19:FD:39:DB:5D:B2:C1:F5:C9:9F:05:15:0C:1E:D7:C8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a8db4d3-7115-4601-8610-e18538403214.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:47:01:fb:ec:50:0c:59:38:c0:ad:de:c9:32:45:b4:c3:c5:
         b9:73:69:90:b4:6e:2f:50:1d:71:7e:76:1f:95:e1:49:f0:57:
         1b:71:a8:b6:f1:6b:b5:6a:42:04:0b:18:77:f1:f8:ca:88:74:
         e6:0a:47:4c:a3:4c:47:fa:42:70:f4:49:59:19:08:5f:bb:25:
         c6:d1:6b:de:04:4e:aa:0f:7d:84:57:a8:25:83:6e:fe:38:bd:
         76:b4:78:be:72:cd:d4:23:45:b7:99:d9:98:85:d2:a0:a5:2e:
         ee:de:31:3f:41:8d:65:08:2f:14:f9:c0:9b:0b:28:84:a3:c9:
         d3:de:0b:47:6b:25:3c:5b:f6:28:06:c7:84:55:f6:7f:c8:80:
         50:e7:62:32:36:ae:f3:1d:47:2d:6a:b4:42:ac:e5:94:b6:c9:
         cc:7f:97:8f:46:dc:7d:26:fc:94:00:5a:91:34:fa:94:af:6f:
         73:c2:de:6e:87:81:27:4e:7f:cd:f2:fa:9e:6a:a2:cf:39:5d:
         b6:7a:d6:1a:6b:20:e8:a7:e7:0f:30:ad:11:a8:ba:c2:9f:c7:
         70:71:05:8e:d2:40:9b:0e:3e:4b:c7:6c:73:a0:9d:ef:8e:67:
         63:1f:a9:b9:d2:a8:6c:56:88:ad:dd:63:f7:9a:bc:1f:fd:08:
         8a:66:7f:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaIX9XOB7f61vnF9L5otHBllizGUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDIyOTIxWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjRjYzkwZTZhYThiNGM3MTllODIwMGJkMTM0ZWIxZmU0
NjBlNDI4YmM4YmRjZDgzMGFkNTA3ODlmY2EyMjFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtdMTOO77KIfKTt1JyFyR7rGKPkkwhhjTksVz99PEOhh5d
SjuYBxqRRgXPhdXuEeSzUF16d0+/iOrzYIgpdfVMbPylBqvI88eIrdQ2cytXuXo7
HIZs2rVPEXbQsRJg+1kQYF102+llPPGipO2ntizXEj9o5mPl5m7aimY0Tdt4ZeTG
elg1kHZU8OnIDM0iQ5gSINOeomXgGPVatykt/MlwrV/seYCrzzVfEqxf2+dmr5V4
mFVR3750+nxSvH3NbHvurZkD8D38LPFMi0m8XtePFwIL3+h1PhJGBj/WdElJBEy3
stWCjUDDQDIDF9NssPuT+gTWZNG6/HBg9wKyY+mfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqmeyQhn9OdtdssH1yZ8FFQwe18gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRhOGRiNGQzLTcxMTUtNDYwMS04NjEwLWUxODUzODQwMzIxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA25twwDQYJKoZIhvcNAQELBQADggEBAKRHAfvsUAxZOMCt3skyRbTDxblz
aZC0bi9QHXF+dh+V4UnwVxtxqLbxa7VqQgQLGHfx+MqIdOYKR0yjTEf6QnD0SVkZ
CF+7JcbRa94ETqoPfYRXqCWDbv44vXa0eL5yzdQjRbeZ2ZiF0qClLu7eMT9BjWUI
LxT5wJsLKISjydPeC0drJTxb9igGx4RV9n/IgFDnYjI2rvMdRy1qtEKs5ZS2ycx/
l49G3H0m/JQAWpE0+pSvb3PC3m6HgSdOf83y+p5qos85XbZ61hprIOin5w8wrRGo
usKfx3BxBY7SQJsOPkvHbHOgne+OZ2MfqbnSqGxWiK3dY/eavB/9CIpmf1E=
-----END CERTIFICATE-----