Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6908bb09-6c96-4b80-adeb-4cbe2ef2e5f7.roa
File:                     6908bb09-6c96-4b80-adeb-4cbe2ef2e5f7.roa (raw, json)
Hash identifier:          r7RBXvriajWgHuNgzRvDtTAdVR+aXjI7OKFUs4EuYbo=
Subject key identifier:   56:F2:2F:CD:FF:DD:D9:54:5B:31:33:83:51:AD:A2:BB:8F:AF:61:37
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       162D5FFBAA7BA4629C8481F8E4CDC5D633176A36
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6908bb09-6c96-4b80-adeb-4cbe2ef2e5f7.roa
Signing time:             Tue 23 Sep 2025 00:31:59 +0000
ROA not before:           Tue 23 Sep 2025 00:31:59 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:2d:5f:fb:aa:7b:a4:62:9c:84:81:f8:e4:cd:c5:d6:33:17:6a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 00:31:59 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=5b3a7f7d25b3da28190e5a352ee265c34e9ecdde8a6886c8164eef2c9e02734f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fc:36:9c:1a:08:8c:f7:28:07:dc:9f:bf:f2:
                    53:dc:28:e1:0f:13:6d:6a:ed:de:14:26:70:66:ed:
                    95:b6:38:18:62:8a:eb:cf:4e:1b:cc:f1:bd:fa:6d:
                    89:ae:fd:c4:ea:45:07:bd:d9:a2:24:ff:03:33:4f:
                    22:ff:a4:a2:5a:2e:61:43:f6:ea:0b:51:99:4b:6b:
                    10:51:90:b8:42:a0:86:79:19:f7:49:50:d3:28:15:
                    46:e5:aa:d3:e7:cc:78:df:10:8d:86:e4:30:4e:ba:
                    0d:6d:fb:09:5b:f7:ed:99:3f:11:4c:eb:3c:9e:bf:
                    b5:c1:1c:f3:f3:08:6f:d5:f7:22:ae:7b:78:8f:26:
                    2e:69:7d:50:d2:24:b6:25:d3:3d:09:6c:d4:0c:a7:
                    d8:5d:da:fc:29:ac:f2:53:70:d9:f5:6b:51:9e:d4:
                    0c:91:7a:86:cf:02:88:f8:31:df:33:d5:f3:01:18:
                    ec:2d:58:87:bc:3a:bf:03:be:c4:18:d6:a9:35:7b:
                    c2:93:8b:ae:fc:7e:0a:d8:a1:5f:e8:4e:5b:12:76:
                    ac:1d:f9:91:00:cc:08:26:ba:61:cc:89:2b:0d:3c:
                    b5:db:80:b9:eb:25:75:1a:f9:63:47:62:aa:4c:36:
                    d5:12:be:78:09:03:af:f9:9b:d4:91:0b:40:69:47:
                    75:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:F2:2F:CD:FF:DD:D9:54:5B:31:33:83:51:AD:A2:BB:8F:AF:61:37
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6908bb09-6c96-4b80-adeb-4cbe2ef2e5f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:32:1c:19:b4:c7:9d:ad:29:92:a7:d3:44:73:87:24:6e:84:
         e2:e2:a3:87:85:3a:6c:b4:b3:70:23:69:bd:ce:b8:f7:70:a0:
         d7:57:98:43:20:9c:e7:0c:97:e9:40:0d:43:60:f4:98:47:e1:
         26:e2:9b:c8:e6:a8:47:94:ac:0b:79:c1:54:3f:a4:21:a8:ea:
         39:de:cf:2a:0c:8d:61:58:97:4b:5f:7c:64:67:f5:3b:9d:f2:
         1c:3c:f8:d1:bd:11:75:11:a1:a8:8d:fb:c1:43:44:43:93:27:
         a3:0f:d6:28:2a:5a:27:48:fa:57:39:78:2f:77:be:6f:ff:c5:
         bd:4d:91:f3:79:96:4b:dd:e5:a2:a7:9a:a1:4c:01:b2:9e:fa:
         ef:7b:0c:e0:38:c4:03:84:e2:a2:89:ae:00:ac:29:40:6e:d8:
         68:f4:f1:65:7f:d4:32:09:18:73:56:cf:4f:a8:38:94:72:ed:
         9c:fe:2b:95:d3:ca:87:1c:a2:bc:0c:bb:ef:1d:8d:80:bf:30:
         9d:27:28:5b:d8:80:41:88:39:86:7e:9d:14:62:6e:3b:f0:6a:
         6b:8d:11:07:78:4b:5d:12:b5:03:95:a8:51:02:f1:21:22:58:
         e1:e6:e5:d3:ba:5d:87:04:56:7c:29:8c:31:fb:c7:a8:f6:46:
         67:88:c7:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFi1f+6p7pGKchIH45M3F1jMXajYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMDAzMTU5WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjNhN2Y3ZDI1YjNkYTI4MTkwZTVhMzUyZWUyNjVjMzRl
OWVjZGRlOGE2ODg2YzgxNjRlZWYyYzllMDI3MzRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2/DacGgiM9ygH3J+/8lPcKOEPE21q7d4UJnBm7ZW2OBhi
iuvPThvM8b36bYmu/cTqRQe92aIk/wMzTyL/pKJaLmFD9uoLUZlLaxBRkLhCoIZ5
GfdJUNMoFUblqtPnzHjfEI2G5DBOug1t+wlb9+2ZPxFM6zyev7XBHPPzCG/V9yKu
e3iPJi5pfVDSJLYl0z0JbNQMp9hd2vwprPJTcNn1a1Ge1AyReobPAoj4Md8z1fMB
GOwtWIe8Or8DvsQY1qk1e8KTi678fgrYoV/oTlsSdqwd+ZEAzAgmumHMiSsNPLXb
gLnrJXUa+WNHYqpMNtUSvngJA6/5m9SRC0BpR3V3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVvIvzf/d2VRbMTODUa2iu4+vYTcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY5MDhiYjA5LTZjOTYtNGI4MC1hZGViLTRjYmUyZWYyZTVmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0VQwwDQYJKoZIhvcNAQELBQADggEBAHEyHBm0x52tKZKn00RzhyRuhOLi
o4eFOmy0s3Ajab3OuPdwoNdXmEMgnOcMl+lADUNg9JhH4Sbim8jmqEeUrAt5wVQ/
pCGo6jnezyoMjWFYl0tffGRn9Tud8hw8+NG9EXURoaiN+8FDREOTJ6MP1igqWidI
+lc5eC93vm//xb1NkfN5lkvd5aKnmqFMAbKe+u97DOA4xAOE4qKJrgCsKUBu2Gj0
8WV/1DIJGHNWz0+oOJRy7Zz+K5XTyoccorwMu+8djYC/MJ0nKFvYgEGIOYZ+nRRi
bjvwamuNEQd4S10StQOVqFEC8SEiWOHm5dO6XYcEVnwpjDH7x6j2RmeIx2w=
-----END CERTIFICATE-----