Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53619ab1-59ad-429e-9c36-92a32cb7c7cb.roa
File:                     53619ab1-59ad-429e-9c36-92a32cb7c7cb.roa (raw, json)
Hash identifier:          TBB5H/ytx7QqVwtyQ+BeOOe2Rb4ZsUf5PKozwOdh05o=
Subject key identifier:   A1:71:F8:27:98:1F:3F:16:7B:6C:5C:7C:A3:4E:63:32:D9:C2:35:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C9667B19110800CAA0A8A65D928A74B59A12D5D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53619ab1-59ad-429e-9c36-92a32cb7c7cb.roa
Signing time:             Wed 15 Oct 2025 21:31:43 +0000
ROA not before:           Wed 15 Oct 2025 21:31:43 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.204.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:96:67:b1:91:10:80:0c:aa:0a:8a:65:d9:28:a7:4b:59:a1:2d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 21:31:43 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=9a000b62c5c0306f51f622e5e4ff50006cfc0688086714548fca62e25cde71b9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2d:62:20:5a:18:0b:e5:ea:75:f4:35:73:30:
                    cb:76:cd:e2:d6:41:43:69:88:46:e5:73:0b:5f:79:
                    eb:37:76:77:27:d3:cb:a2:8e:53:4f:24:72:aa:d4:
                    cf:60:f2:f5:4c:4b:7b:60:ea:53:4a:55:af:fa:a9:
                    a3:29:e3:d7:8d:3c:6a:de:62:0d:f8:40:f7:a1:34:
                    4e:e8:30:5f:a0:6e:8c:96:a9:1c:d1:56:47:c1:bf:
                    11:b9:26:d7:78:d1:da:3a:28:78:9f:88:29:43:1d:
                    6a:67:92:a9:73:25:67:3a:32:e1:38:06:f3:e4:9a:
                    7d:14:2c:ae:30:23:c3:b6:45:d9:20:d1:f1:43:1b:
                    92:38:c0:5c:60:e0:7c:9a:6c:c2:44:b2:d1:03:af:
                    27:e5:e2:5d:c3:96:24:f6:cb:f4:9c:e5:50:f6:4a:
                    1e:27:84:ff:59:64:f4:ab:fa:a7:5c:46:5e:1d:23:
                    6c:2c:ca:1f:21:f4:dc:fa:e5:c6:48:c7:19:f9:29:
                    0e:dc:44:2a:40:b1:85:1d:b6:7e:ad:69:5f:aa:b3:
                    fd:a6:e0:4f:be:f2:db:e0:c1:7d:1a:49:b2:b3:0f:
                    b6:87:69:5d:2b:5a:74:94:76:95:db:22:33:d1:63:
                    47:e0:32:30:16:34:fa:41:07:af:4d:2b:0d:17:a0:
                    57:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:71:F8:27:98:1F:3F:16:7B:6C:5C:7C:A3:4E:63:32:D9:C2:35:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53619ab1-59ad-429e-9c36-92a32cb7c7cb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.204.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:da:05:2e:ca:0d:31:2d:82:95:58:42:55:1c:cc:3b:fc:b1:
         57:c0:fb:76:b1:49:27:97:6f:c6:6c:ec:a5:5d:3c:23:c8:4c:
         5b:a5:d5:bc:a2:84:04:16:c2:4e:1b:f3:1c:50:81:a8:d7:d3:
         e0:5e:e7:be:8d:91:2f:c8:7b:3b:c0:37:42:ee:db:79:a1:41:
         d2:b2:27:1e:6e:1a:10:68:ff:7f:43:42:b3:b5:e5:1e:6b:33:
         0d:d5:09:bf:16:17:dd:85:4f:77:35:93:5a:ff:ce:4e:ef:27:
         8e:b2:01:34:7b:d0:0c:12:10:62:ff:d4:48:3f:1b:4d:a0:06:
         65:04:45:d6:93:9d:af:3e:68:3b:ec:79:a8:a2:94:28:59:91:
         d9:47:1e:33:9f:d5:d4:0a:6a:82:67:7d:0f:f7:65:3e:ee:1d:
         7a:7c:db:83:b4:52:2f:fe:b8:e0:31:c4:a2:b0:65:a7:ca:7f:
         43:c9:e3:4c:0c:32:25:0b:5f:06:fe:b4:86:fd:88:b4:15:f8:
         af:c5:38:38:0d:84:32:b3:00:1f:13:ea:e1:ff:c6:11:d5:3e:
         73:26:e7:6d:ba:96:97:9c:22:49:71:77:83:f0:07:ed:67:bc:
         30:d8:e8:ff:54:d5:db:da:d5:90:c9:c1:1d:34:a0:11:cf:0d:
         4c:9e:2e:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfJZnsZEQgAyqCopl2SinS1mhLV0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MjEzMTQzWhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTAwMGI2MmM1YzAzMDZmNTFmNjIyZTVlNGZmNTAwMDZj
ZmMwNjg4MDg2NzE0NTQ4ZmNhNjJlMjVjZGU3MWI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvLWIgWhgL5ep19DVzMMt2zeLWQUNpiEblcwtfees3dncn
08uijlNPJHKq1M9g8vVMS3tg6lNKVa/6qaMp49eNPGreYg34QPehNE7oMF+gboyW
qRzRVkfBvxG5Jtd40do6KHifiClDHWpnkqlzJWc6MuE4BvPkmn0ULK4wI8O2Rdkg
0fFDG5I4wFxg4HyabMJEstEDryfl4l3DliT2y/Sc5VD2Sh4nhP9ZZPSr+qdcRl4d
I2wsyh8h9Nz65cZIxxn5KQ7cRCpAsYUdtn6taV+qs/2m4E++8tvgwX0aSbKzD7aH
aV0rWnSUdpXbIjPRY0fgMjAWNPpBB69NKw0XoFfvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoXH4J5gfPxZ7bFx8o05jMtnCNYEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUzNjE5YWIxLTU5YWQtNDI5ZS05YzM2LTkyYTMyY2I3YzdjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGPzOIwDQYJKoZIhvcNAQELBQADggEBAFzaBS7KDTEtgpVYQlUczDv8sVfA
+3axSSeXb8Zs7KVdPCPITFul1byihAQWwk4b8xxQgajX0+Be576NkS/IezvAN0Lu
23mhQdKyJx5uGhBo/39DQrO15R5rMw3VCb8WF92FT3c1k1r/zk7vJ46yATR70AwS
EGL/1Eg/G02gBmUERdaTna8+aDvseaiilChZkdlHHjOf1dQKaoJnfQ/3ZT7uHXp8
24O0Ui/+uOAxxKKwZafKf0PJ40wMMiULXwb+tIb9iLQV+K/FODgNhDKzAB8T6uH/
xhHVPnMm5226lpecIklxd4PwB+1nvDDY6P9U1dva1ZDJwR00oBHPDUyeLh8=
-----END CERTIFICATE-----