Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/60f571fb-3d1e-4303-8923-c06cde4bfd76.roa
File:                     60f571fb-3d1e-4303-8923-c06cde4bfd76.roa (raw, json)
Hash identifier:          BKcF7oaHaPT3C1La3YNWiiCAmv4Wb5P8QmbcZ0bnxoA=
Subject key identifier:   A3:58:61:01:89:65:95:AC:68:8F:74:09:EA:DE:D0:E5:E5:EC:72:35
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       094B8B5119F624834E5CFAD58D8D07C7B87D5098
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/60f571fb-3d1e-4303-8923-c06cde4bfd76.roa
Signing time:             Fri 26 Sep 2025 02:57:35 +0000
ROA not before:           Fri 26 Sep 2025 02:57:35 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:4b:8b:51:19:f6:24:83:4e:5c:fa:d5:8d:8d:07:c7:b8:7d:50:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 02:57:35 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=38d351ce3e011389f81b6f622633b056d2e4da9b7344e75c826aca29c69c3ceb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:6e:42:35:78:fd:de:9f:b7:14:06:c8:37:a9:
                    74:b3:3a:4d:4b:4e:8f:70:8b:1d:40:2c:32:a7:33:
                    83:97:ff:29:3a:1e:4e:f7:3b:a0:03:a0:27:e7:c6:
                    82:bc:16:56:ef:bc:3f:dd:a9:c7:0a:15:09:c8:56:
                    13:2d:64:04:8a:b0:c7:98:83:ca:44:73:f8:08:0a:
                    95:a6:af:39:67:e0:cc:c3:cd:37:08:c8:a6:da:e6:
                    d6:d0:4f:63:c2:ce:62:89:5c:03:62:87:b9:f6:7b:
                    2f:22:29:5c:f2:24:7f:77:1d:8f:bb:17:f9:a6:5c:
                    61:e3:da:a9:20:84:95:ad:ed:36:7c:36:47:48:a0:
                    32:06:27:52:48:a2:71:08:ac:28:fb:fa:b1:f1:5b:
                    2c:8e:b0:5b:e8:99:00:0c:83:17:f7:45:75:82:7d:
                    97:4e:97:0a:31:3d:49:8d:00:b9:b0:0a:94:e5:df:
                    96:b4:d0:de:02:ad:74:9f:2b:b9:57:b6:9d:37:e2:
                    a8:49:a9:5e:53:83:5f:40:ac:df:62:ca:c2:ea:aa:
                    f2:a8:50:9d:a1:6d:e9:6d:e5:a2:93:c2:8b:95:8f:
                    71:48:12:52:14:01:73:d4:d8:93:24:0a:2b:ca:e4:
                    9e:a3:ef:5e:ef:f9:f7:47:33:6a:ce:24:8c:e1:84:
                    76:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:58:61:01:89:65:95:AC:68:8F:74:09:EA:DE:D0:E5:E5:EC:72:35
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/60f571fb-3d1e-4303-8923-c06cde4bfd76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:f6:69:40:6b:ee:30:1a:c2:07:9d:1f:1c:f5:69:43:ea:7a:
         2b:57:31:50:28:49:6a:f9:52:df:a8:aa:dd:d2:5c:f7:9a:86:
         65:65:51:b2:aa:3b:f6:cc:aa:55:8b:b4:cb:31:22:e7:b6:71:
         d4:8c:83:d4:b4:2d:db:b3:3c:83:64:47:b1:52:98:af:f6:7a:
         36:1f:6e:d1:4f:2b:4f:ca:ad:be:ba:c6:5b:24:5b:57:43:82:
         2c:ec:45:05:44:a7:67:10:ce:51:09:ed:62:98:b1:4c:0b:bc:
         61:78:42:be:19:11:5a:e9:80:61:5c:23:c6:6a:05:99:c5:94:
         b6:70:8c:96:52:63:7e:c8:0f:a7:ea:8e:c8:0f:82:cd:49:8a:
         d0:65:b1:0c:80:06:56:b2:49:70:8b:e4:22:27:ca:8f:90:85:
         f1:1d:41:63:09:fa:ed:7a:51:34:0c:8e:55:84:37:b3:48:bf:
         59:f8:e0:5c:13:a9:36:dd:7d:af:cb:cc:86:d4:6a:45:cf:d2:
         6b:1a:97:b4:35:95:b8:09:24:d5:6b:b1:41:ce:45:21:31:20:
         eb:01:93:44:6d:65:1d:14:6d:23:28:7e:6d:72:5f:40:12:df:
         42:67:b1:8e:45:38:ca:45:a7:56:8b:76:35:bc:ca:e2:83:19:
         92:cb:e1:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCUuLURn2JINOXPrVjY0Hx7h9UJgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDI1NzM1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGQzNTFjZTNlMDExMzg5ZjgxYjZmNjIyNjMzYjA1NmQy
ZTRkYTliNzM0NGU3NWM4MjZhY2EyOWM2OWMzY2ViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1bkI1eP3en7cUBsg3qXSzOk1LTo9wix1ALDKnM4OX/yk6
Hk73O6ADoCfnxoK8FlbvvD/dqccKFQnIVhMtZASKsMeYg8pEc/gICpWmrzln4MzD
zTcIyKba5tbQT2PCzmKJXANih7n2ey8iKVzyJH93HY+7F/mmXGHj2qkghJWt7TZ8
NkdIoDIGJ1JIonEIrCj7+rHxWyyOsFvomQAMgxf3RXWCfZdOlwoxPUmNALmwCpTl
35a00N4CrXSfK7lXtp034qhJqV5Tg19ArN9iysLqqvKoUJ2hbelt5aKTwouVj3FI
ElIUAXPU2JMkCivK5J6j717v+fdHM2rOJIzhhHY5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo1hhAYlllaxoj3QJ6t7Q5eXscjUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYwZjU3MWZiLTNkMWUtNDMwMy04OTIzLWMwNmNkZTRiZmQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI25gwwDQYJKoZIhvcNAQELBQADggEBAHf2aUBr7jAawgedHxz1aUPqeitX
MVAoSWr5Ut+oqt3SXPeahmVlUbKqO/bMqlWLtMsxIue2cdSMg9S0LduzPINkR7FS
mK/2ejYfbtFPK0/Krb66xlskW1dDgizsRQVEp2cQzlEJ7WKYsUwLvGF4Qr4ZEVrp
gGFcI8ZqBZnFlLZwjJZSY37ID6fqjsgPgs1JitBlsQyABlaySXCL5CInyo+QhfEd
QWMJ+u16UTQMjlWEN7NIv1n44FwTqTbdfa/LzIbUakXP0msal7Q1lbgJJNVrsUHO
RSExIOsBk0RtZR0UbSMofm1yX0AS30JnsY5FOMpFp1aLdjW8yuKDGZLL4ao=
-----END CERTIFICATE-----