Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676769b4-85c5-472b-a02c-f8796041f509.roa
File:                     676769b4-85c5-472b-a02c-f8796041f509.roa (raw, json)
Hash identifier:          z6PtpVpPLPce+tFMzL/OiBjd8ym29lSDa/HlHGjNmYg=
Subject key identifier:   C1:D5:1C:12:84:50:85:74:BC:0C:FB:FF:DD:B2:99:E5:96:7D:50:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6E50B3F6F9782E1C27174F7065FA781E1069E01F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676769b4-85c5-472b-a02c-f8796041f509.roa
Signing time:             Thu 16 Oct 2025 19:50:43 +0000
ROA not before:           Thu 16 Oct 2025 19:50:43 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.147.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:50:b3:f6:f9:78:2e:1c:27:17:4f:70:65:fa:78:1e:10:69:e0:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 19:50:43 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=5a1e6e45497fd7770b08497fbfcf7518f27568779070241296669fe971527706, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:08:d8:d8:37:0c:d2:1e:1b:58:71:96:cb:22:
                    0f:2e:2d:94:63:a0:50:95:e4:4a:6f:9e:f4:fb:76:
                    c1:9c:e0:b4:9d:fa:68:27:70:38:59:91:a7:36:e1:
                    96:3f:24:f8:6b:8a:e5:51:5d:f6:c0:df:88:7d:9c:
                    af:4b:fc:29:bc:3e:ad:4f:37:aa:e1:db:3d:b3:34:
                    da:f2:d9:39:25:7a:c8:a5:f0:38:ec:ef:ee:7d:0a:
                    5c:85:57:71:39:f5:0e:95:41:e6:05:f2:07:67:3f:
                    f2:af:57:9e:b6:8d:75:66:ff:23:23:24:df:d5:82:
                    4f:eb:c3:84:26:9a:72:ba:35:b9:6f:b1:89:80:fa:
                    e1:6d:74:2b:03:a5:df:1a:c6:69:ee:87:12:88:74:
                    99:8b:4b:4c:b4:21:e6:6d:10:41:59:18:c1:76:69:
                    7d:da:12:c4:48:d1:90:bc:69:37:3f:0b:6d:c6:4d:
                    cf:07:3d:26:d8:66:60:ef:fc:d2:08:80:de:1e:17:
                    0e:97:47:1a:e0:e6:10:9c:a8:3c:83:f5:c2:79:b3:
                    e1:55:77:b2:5d:c3:8b:15:a6:7d:8b:09:c7:88:e4:
                    1b:b9:8f:10:15:fd:21:04:a8:48:e8:bd:77:c9:53:
                    de:b8:5a:91:40:66:6e:6d:67:18:68:9b:21:2a:8a:
                    af:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D5:1C:12:84:50:85:74:BC:0C:FB:FF:DD:B2:99:E5:96:7D:50:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676769b4-85c5-472b-a02c-f8796041f509.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.147.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         23:c1:ea:ad:8e:1a:bb:d0:1f:5f:e4:cb:4d:36:7e:51:c8:35:
         31:e7:85:55:20:cc:8a:da:b5:38:7c:6a:dd:30:de:9d:5a:b5:
         0f:43:ea:91:b3:da:a5:b3:92:ad:b4:e0:81:60:9e:e2:21:a6:
         6b:16:a9:62:2e:3b:e3:2f:ce:6b:4b:e8:33:d8:5e:bf:5e:41:
         a4:1b:b3:48:0d:70:ec:5a:e9:a5:2c:77:47:dd:d2:e0:27:70:
         28:b3:cf:66:70:b1:9f:40:4f:6a:d5:1a:8a:ed:67:e1:92:7c:
         e0:83:bc:00:2d:72:56:c5:23:c9:86:0e:87:72:2a:cf:c0:95:
         02:f3:d4:ce:9a:02:c8:62:65:e2:25:88:4d:a0:1b:8a:40:06:
         6f:0d:39:0a:9d:6c:46:f0:f4:95:b2:ab:e8:fa:92:49:af:a7:
         f0:3e:f9:c8:89:51:91:f4:14:d5:a6:31:e9:83:27:3d:3a:92:
         96:1b:dd:c1:02:d5:6f:cd:86:95:c4:75:6d:94:3c:c6:7d:e6:
         bc:4b:88:0c:20:d2:9c:f7:2c:57:d3:17:82:3d:1f:72:df:e2:
         db:40:d2:59:69:8d:21:28:47:ca:78:5f:b3:28:06:13:63:6a:
         88:48:e4:76:18:cc:1c:cb:04:ab:d9:67:c8:60:8f:59:d2:bf:
         ec:c9:2a:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUblCz9vl4LhwnF09wZfp4HhBp4B8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTk1MDQzWhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTFlNmU0NTQ5N2ZkNzc3MGIwODQ5N2ZiZmNmNzUxOGYy
NzU2ODc3OTA3MDI0MTI5NjY2OWZlOTcxNTI3NzA2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRCNjYNwzSHhtYcZbLIg8uLZRjoFCV5EpvnvT7dsGc4LSd
+mgncDhZkac24ZY/JPhriuVRXfbA34h9nK9L/Cm8Pq1PN6rh2z2zNNry2Tklesil
8Djs7+59ClyFV3E59Q6VQeYF8gdnP/KvV562jXVm/yMjJN/Vgk/rw4QmmnK6Nblv
sYmA+uFtdCsDpd8axmnuhxKIdJmLS0y0IeZtEEFZGMF2aX3aEsRI0ZC8aTc/C23G
Tc8HPSbYZmDv/NIIgN4eFw6XRxrg5hCcqDyD9cJ5s+FVd7Jdw4sVpn2LCceI5Bu5
jxAV/SEEqEjovXfJU964WpFAZm5tZxhomyEqiq8HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwdUcEoRQhXS8DPv/3bKZ5ZZ9UHEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY3Njc2OWI0LTg1YzUtNDcyYi1hMDJjLWY4Nzk2MDQxZjUwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2k8AwDQYJKoZIhvcNAQELBQADggEBACPB6q2OGrvQH1/ky002flHINTHn
hVUgzIratTh8at0w3p1atQ9D6pGz2qWzkq204IFgnuIhpmsWqWIuO+MvzmtL6DPY
Xr9eQaQbs0gNcOxa6aUsd0fd0uAncCizz2ZwsZ9AT2rVGortZ+GSfOCDvAAtclbF
I8mGDodyKs/AlQLz1M6aAshiZeIliE2gG4pABm8NOQqdbEbw9JWyq+j6kkmvp/A+
+ciJUZH0FNWmMemDJz06kpYb3cEC1W/NhpXEdW2UPMZ95rxLiAwg0pz3LFfTF4I9
H3Lf4ttA0llpjSEoR8p4X7MoBhNjaohI5HYYzBzLBKvZZ8hgj1nSv+zJKp0=
-----END CERTIFICATE-----