Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa
File:                     526b5e1a-0587-49a4-9b97-ce53249ba44b.roa (raw, json)
Hash identifier:          0cSOKP61iY913/D393/zKCYeb2AXMn8bj4Njxw8oiCk=
Subject key identifier:   57:C2:78:F2:72:26:A5:19:74:DE:97:DD:C1:2F:06:02:12:0C:33:63
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       321C179FBD7BB6ABD11D868D110D5E005899B63F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa
Signing time:             Tue 29 Jul 2025 17:11:39 +0000
ROA not before:           Tue 29 Jul 2025 17:11:39 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.255.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:1c:17:9f:bd:7b:b6:ab:d1:1d:86:8d:11:0d:5e:00:58:99:b6:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 17:11:39 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=0f262de4d943e2f4f77948b450635038fdfaea9f0f911986d2b28100a1a4b783, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:57:a3:93:67:83:be:8e:c4:ca:b0:fd:17:4b:
                    ed:21:c5:df:72:bc:7d:1a:50:76:87:7e:82:47:25:
                    c9:73:26:94:da:ee:4a:c1:f0:b3:bf:7a:5d:b5:9b:
                    af:1e:db:f8:ea:3c:d3:34:1e:62:52:ae:92:f5:a2:
                    b4:ad:84:70:e1:3d:6a:4e:83:55:61:87:d2:4d:8e:
                    3e:59:4b:55:af:e3:aa:1d:9d:4b:18:96:c0:46:8e:
                    92:61:04:4c:0d:a6:33:fc:03:8a:30:41:60:9b:10:
                    c5:58:83:fb:24:89:70:93:14:46:77:61:a1:a4:3f:
                    01:21:57:f6:c9:f6:1b:21:20:83:8a:45:92:8c:1d:
                    c7:b7:ff:89:5b:46:4e:92:0f:b9:58:0d:02:9a:4c:
                    a5:4f:b7:8f:38:15:59:be:3c:b0:f1:bb:25:d6:32:
                    cd:64:cf:fa:b3:15:06:08:e9:1f:76:c8:57:07:93:
                    02:70:93:e7:dd:94:18:cb:36:c7:6e:6e:ff:ac:55:
                    e0:21:4a:0c:0b:13:3a:14:25:0a:02:77:c5:a1:90:
                    71:c1:75:cf:38:71:d2:41:26:c4:e3:36:6f:57:9a:
                    e0:c3:5a:cf:5d:b9:6f:fe:fa:f3:43:1d:76:e0:e0:
                    f3:41:49:c1:c7:07:47:28:09:53:19:f1:17:ed:92:
                    be:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C2:78:F2:72:26:A5:19:74:DE:97:DD:C1:2F:06:02:12:0C:33:63
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.255.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:71:ad:ab:5e:23:fd:2f:82:c6:13:3b:c5:7d:c8:90:9b:53:
         77:46:7f:ec:69:4f:dc:b9:1e:08:01:06:88:30:33:54:b8:97:
         50:39:48:32:59:70:0d:cc:7f:44:af:31:cd:b9:f8:db:04:56:
         c2:6e:fc:12:3e:5f:cd:6c:1c:a6:67:31:be:ee:44:5d:2c:f8:
         5c:4d:f8:af:87:16:b5:b6:eb:37:09:73:d8:fd:0f:2b:22:b7:
         5a:34:0e:aa:fc:d9:63:3d:9c:56:b7:4a:56:8e:37:69:ce:47:
         75:7a:75:d8:61:af:9c:79:78:d0:f2:ec:17:d1:d7:b5:8b:13:
         d8:9b:10:53:fe:bc:0d:dd:c1:18:61:71:b9:8e:a8:c9:81:98:
         d8:3e:0e:f8:0c:87:0b:39:09:3a:de:9a:63:9e:2d:da:ea:aa:
         64:9f:90:4c:bc:45:27:db:a4:06:42:cf:8c:02:4c:78:ee:30:
         14:5c:30:3b:ee:66:04:d9:c8:65:8b:3d:23:52:3c:6b:ab:cb:
         19:8f:c8:f9:58:ec:08:57:db:f6:a6:de:c3:02:7d:4a:b0:e7:
         c6:85:59:61:a1:37:f1:37:79:05:b4:a3:b6:ff:a2:a6:89:c2:
         f4:1c:42:00:05:b9:f8:e7:29:b7:8c:62:77:70:01:92:5e:fe:
         ed:79:4d:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMhwXn717tqvRHYaNEQ1eAFiZtj8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTcxMTM5WhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjI2MmRlNGQ5NDNlMmY0Zjc3OTQ4YjQ1MDYzNTAzOGZk
ZmFlYTlmMGY5MTE5ODZkMmIyODEwMGExYTRiNzgzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCFV6OTZ4O+jsTKsP0XS+0hxd9yvH0aUHaHfoJHJclzJpTa
7krB8LO/el21m68e2/jqPNM0HmJSrpL1orSthHDhPWpOg1Vhh9JNjj5ZS1Wv46od
nUsYlsBGjpJhBEwNpjP8A4owQWCbEMVYg/skiXCTFEZ3YaGkPwEhV/bJ9hshIIOK
RZKMHce3/4lbRk6SD7lYDQKaTKVPt484FVm+PLDxuyXWMs1kz/qzFQYI6R92yFcH
kwJwk+fdlBjLNsdubv+sVeAhSgwLEzoUJQoCd8WhkHHBdc84cdJBJsTjNm9XmuDD
Ws9duW/++vNDHXbg4PNBScHHB0coCVMZ8Rftkr4TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV8J48nImpRl03pfdwS8GAhIMM2MwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyNmI1ZTFhLTA1ODctNDlhNC05Yjk3LWNlNTMyNDliYTQ0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2/34wDQYJKoZIhvcNAQELBQADggEBACRxrateI/0vgsYTO8V9yJCbU3dG
f+xpT9y5HggBBogwM1S4l1A5SDJZcA3Mf0SvMc25+NsEVsJu/BI+X81sHKZnMb7u
RF0s+FxN+K+HFrW26zcJc9j9Dysit1o0Dqr82WM9nFa3SlaON2nOR3V6ddhhr5x5
eNDy7BfR17WLE9ibEFP+vA3dwRhhcbmOqMmBmNg+DvgMhws5CTremmOeLdrqqmSf
kEy8RSfbpAZCz4wCTHjuMBRcMDvuZgTZyGWLPSNSPGuryxmPyPlY7AhX2/am3sMC
fUqw58aFWWGhN/E3eQW0o7b/oqaJwvQcQgAFufjnKbeMYndwAZJe/u15TQE=
-----END CERTIFICATE-----