Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa
File:                     4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa (raw, json)
Hash identifier:          P4SliTFRJ57klpwOic3wJdZetbCNWYGz6TR5+Uy3CDM=
Subject key identifier:   78:27:14:92:53:20:04:F6:22:6F:88:FF:95:70:60:2C:EF:41:B3:A6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6B6870803620AD6628A852549796416A3280C4D7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa
Signing time:             Tue 21 Oct 2025 11:43:48 +0000
ROA not before:           Tue 21 Oct 2025 11:43:48 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 04 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:68:70:80:36:20:ad:66:28:a8:52:54:97:96:41:6a:32:80:c4:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 11:43:48 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=bd95eb1e7d5af0d1f08026c71d1d743c660d4229a98f24f6eb51fbd7f347abcf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a3:6e:9d:da:67:d9:f5:b6:74:87:a0:d8:72:
                    ac:65:27:54:eb:f0:21:d4:28:38:d8:40:09:e1:d3:
                    c9:56:45:d4:66:39:d6:7c:5b:00:08:89:1e:ff:25:
                    18:1a:ef:8b:0c:f1:50:c8:e4:da:c8:7e:4d:b5:53:
                    a2:30:37:a8:55:51:24:e6:88:15:ee:9b:f5:6e:79:
                    b1:81:ea:13:60:df:59:55:5d:07:01:92:a0:c6:1a:
                    4d:94:e4:b9:f8:6b:9a:94:02:73:44:c4:cf:9c:38:
                    c6:f1:41:97:f4:0d:08:fb:65:ac:68:ed:7e:18:3c:
                    68:18:00:76:3d:d0:89:d8:bc:12:4e:9d:bd:c9:69:
                    85:ae:96:c3:4b:f9:8b:01:25:40:f4:68:19:78:6a:
                    61:1a:a9:c3:33:e3:e5:fe:b9:cb:6b:68:b7:5d:45:
                    88:54:42:a7:7e:ae:42:c8:65:ad:e6:14:d5:7b:75:
                    26:e5:1a:bc:f1:19:e8:9c:b8:12:8e:95:67:04:6e:
                    c2:10:b4:18:6c:13:d2:4c:0b:3d:ff:93:e1:3d:0b:
                    74:b3:e6:3d:41:71:2c:20:4a:3e:bf:84:7c:51:be:
                    e3:74:77:5e:64:30:ac:81:dd:18:6f:a5:3f:ff:91:
                    b5:63:0e:2c:98:2e:08:75:66:08:f1:de:5d:6e:ba:
                    1f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:27:14:92:53:20:04:F6:22:6F:88:FF:95:70:60:2C:EF:41:B3:A6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4e33ffa2-c29a-4fcd-bbd0-bceffa2c1860.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:5e:a0:3a:0a:cf:38:2a:fd:b5:34:f5:fe:5f:19:5d:36:39:
         2f:d9:1b:d1:1f:19:53:b3:61:34:f3:66:16:e2:b6:ef:ad:0e:
         7d:da:71:a5:00:e2:5a:05:74:18:81:d3:5a:ab:2b:8b:df:b1:
         54:95:1c:3f:ae:a7:97:79:fc:96:9d:5b:5e:a9:d5:51:50:f7:
         0e:4b:83:d1:a9:30:bb:fb:db:fa:ac:b8:c6:81:0f:0e:dc:13:
         9f:7d:75:f1:41:41:3d:ce:36:97:fb:2e:10:0f:58:88:0b:7c:
         80:cd:0b:85:23:e8:19:eb:43:8a:ec:0f:e8:19:8e:5f:30:df:
         34:e4:0c:07:f2:79:3f:de:16:13:94:ae:d7:78:0d:a2:33:74:
         16:1c:65:81:d6:bb:f4:4c:ea:2f:42:f6:0a:8b:87:1c:fc:5f:
         e0:bb:59:3e:8e:d1:3e:02:3c:6c:64:e9:a6:f7:37:37:30:4f:
         24:9c:c2:c4:c0:f3:17:aa:1f:1f:70:e1:e6:76:34:05:ff:27:
         b7:ff:32:f1:71:98:0e:b1:32:6a:ae:6a:d2:f9:0e:bc:13:fa:
         04:9f:a5:0e:2a:09:4a:47:60:19:5e:f5:10:b7:e1:d6:3b:aa:
         27:08:b3:5e:9a:eb:c7:ce:03:c8:47:04:2f:5d:2a:86:17:49:
         7f:b8:21:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa2hwgDYgrWYoqFJUl5ZBajKAxNcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMTE0MzQ4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDk1ZWIxZTdkNWFmMGQxZjA4MDI2YzcxZDFkNzQzYzY2
MGQ0MjI5YTk4ZjI0ZjZlYjUxZmJkN2YzNDdhYmNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxo26d2mfZ9bZ0h6DYcqxlJ1Tr8CHUKDjYQAnh08lWRdRm
OdZ8WwAIiR7/JRga74sM8VDI5NrIfk21U6IwN6hVUSTmiBXum/VuebGB6hNg31lV
XQcBkqDGGk2U5Ln4a5qUAnNExM+cOMbxQZf0DQj7Zaxo7X4YPGgYAHY90InYvBJO
nb3JaYWulsNL+YsBJUD0aBl4amEaqcMz4+X+uctraLddRYhUQqd+rkLIZa3mFNV7
dSblGrzxGeicuBKOlWcEbsIQtBhsE9JMCz3/k+E9C3Sz5j1BcSwgSj6/hHxRvuN0
d15kMKyB3RhvpT//kbVjDiyYLgh1Zgjx3l1uuh/9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeCcUklMgBPYib4j/lXBgLO9Bs6YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRlMzNmZmEyLWMyOWEtNGZjZC1iYmQwLWJjZWZmYTJjMTg2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM0XtAwDQYJKoZIhvcNAQELBQADggEBAAVeoDoKzzgq/bU09f5fGV02OS/Z
G9EfGVOzYTTzZhbitu+tDn3acaUA4loFdBiB01qrK4vfsVSVHD+up5d5/JadW16p
1VFQ9w5Lg9GpMLv72/qsuMaBDw7cE599dfFBQT3ONpf7LhAPWIgLfIDNC4Uj6Bnr
Q4rsD+gZjl8w3zTkDAfyeT/eFhOUrtd4DaIzdBYcZYHWu/RM6i9C9gqLhxz8X+C7
WT6O0T4CPGxk6ab3NzcwTyScwsTA8xeqHx9w4eZ2NAX/J7f/MvFxmA6xMmquatL5
DrwT+gSfpQ4qCUpHYBle9RC34dY7qicIs16a68fOA8hHBC9dKoYXSX+4IYg=
-----END CERTIFICATE-----