Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7002c10b-e3be-4037-abbe-615f92891bff.roa
File:                     7002c10b-e3be-4037-abbe-615f92891bff.roa (raw, json)
Hash identifier:          gVkUdFl23WUN7UQsMYbHeIXpBaDytA6PwQRWEs4tpF0=
Subject key identifier:   5D:83:A5:15:B5:EF:E1:33:3B:DA:8E:82:7A:2D:00:AB:C2:87:79:68
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4AF2A73388082FD062296A77DDC7E32EBC979A18
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7002c10b-e3be-4037-abbe-615f92891bff.roa
Signing time:             Tue 21 Oct 2025 04:31:41 +0000
ROA not before:           Tue 21 Oct 2025 04:31:41 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.94.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 31 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:f2:a7:33:88:08:2f:d0:62:29:6a:77:dd:c7:e3:2e:bc:97:9a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 04:31:41 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=8423ef977050f3711fb7f961dabbcb8f0fdbb111400ea128648ede91f504040b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8b:87:3e:b5:16:f8:6f:91:cf:c8:e8:53:46:
                    2b:92:0f:a9:27:43:0b:90:41:ba:d4:41:a2:d3:7f:
                    d4:5e:ce:f4:a3:15:1f:cf:28:dc:ff:12:9c:05:7a:
                    8b:7b:a9:d6:d2:29:d9:5f:28:eb:32:3c:6e:61:c2:
                    27:13:83:65:0d:f0:e7:f7:f5:e9:1a:42:a0:2f:fe:
                    f3:10:6f:1b:aa:fe:0b:f5:1b:c7:da:cc:39:4a:d1:
                    2e:2e:ed:5d:65:c4:91:dc:9c:59:ee:88:9d:ed:6b:
                    7f:8d:30:51:74:2c:4e:a3:08:7a:4c:a1:0f:30:62:
                    85:11:d2:cc:7e:9b:f2:5b:ca:f2:b3:4d:26:40:4a:
                    07:76:f1:b9:18:5e:e0:cf:40:41:a5:bd:19:50:98:
                    d8:00:ac:ac:7a:ff:ef:ab:1a:79:5e:63:fd:05:e3:
                    78:9a:20:b5:0b:1b:4c:b3:b9:4c:fe:5e:31:86:f4:
                    15:43:78:2d:28:fc:6b:5f:32:11:e7:e5:ea:b7:d7:
                    d6:2d:1d:4c:0a:b3:f9:9d:03:1d:b3:bf:6a:2a:b9:
                    31:d8:4f:fc:d8:31:c6:35:a5:c9:c4:6e:8f:b4:cb:
                    48:73:7c:8e:0a:ec:73:1d:8f:82:0e:25:ea:cf:d3:
                    ff:60:eb:d4:4f:2d:89:1a:d8:bb:a5:c7:2e:d2:a6:
                    4c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:83:A5:15:B5:EF:E1:33:3B:DA:8E:82:7A:2D:00:AB:C2:87:79:68
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7002c10b-e3be-4037-abbe-615f92891bff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:ff:3a:9b:cf:67:8d:cf:3b:33:b3:2b:4e:55:53:64:7b:28:
         6c:b3:ee:72:f5:04:ca:7d:db:c6:27:85:ef:dd:a4:c9:1f:d2:
         e3:6a:96:15:e7:d3:8f:e4:8c:9c:2b:e8:30:35:20:98:ad:cd:
         3f:21:0f:55:f4:a6:ef:9d:c5:98:cf:b7:43:dc:32:13:1e:ad:
         85:4d:f8:09:d1:04:c4:3b:99:8a:8c:e1:82:1f:be:24:0e:37:
         ac:70:78:23:8b:43:9c:0f:47:3b:9d:c3:6b:72:97:fd:3b:8c:
         f3:fd:7d:15:cf:b5:67:53:c8:69:58:a5:f5:50:cf:7a:e6:13:
         00:d4:3c:e3:a6:8c:7b:9e:88:8c:56:f2:ff:90:a4:4f:63:c2:
         72:46:47:c1:df:d4:01:01:35:15:18:e0:91:50:8a:91:83:f0:
         51:a1:94:e9:bd:95:db:fa:15:e1:05:5c:e8:a8:3e:68:bc:9f:
         97:47:80:08:41:24:94:3c:9e:86:4d:60:05:33:e2:a3:7d:60:
         bb:97:d9:97:ab:51:9f:a4:90:0f:b5:bc:21:bd:91:f1:68:de:
         d5:85:6e:63:2c:94:e9:b3:f6:25:e2:9a:91:1c:ff:e4:59:1e:
         bb:1e:b2:5f:dc:03:e3:d3:89:d0:52:e4:af:b6:dc:2e:c1:46:
         fb:da:b2:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSvKnM4gIL9BiKWp33cfjLryXmhgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDQzMTQxWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDIzZWY5NzcwNTBmMzcxMWZiN2Y5NjFkYWJiY2I4ZjBm
ZGJiMTExNDAwZWExMjg2NDhlZGU5MWY1MDQwNDBiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWi4c+tRb4b5HPyOhTRiuSD6knQwuQQbrUQaLTf9RezvSj
FR/PKNz/EpwFeot7qdbSKdlfKOsyPG5hwicTg2UN8Of39ekaQqAv/vMQbxuq/gv1
G8fazDlK0S4u7V1lxJHcnFnuiJ3ta3+NMFF0LE6jCHpMoQ8wYoUR0sx+m/JbyvKz
TSZASgd28bkYXuDPQEGlvRlQmNgArKx6/++rGnleY/0F43iaILULG0yzuUz+XjGG
9BVDeC0o/GtfMhHn5eq319YtHUwKs/mdAx2zv2oquTHYT/zYMcY1pcnEbo+0y0hz
fI4K7HMdj4IOJerP0/9g69RPLYka2Lulxy7SpkxpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXYOlFbXv4TM72o6Cei0Aq8KHeWgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcwMDJjMTBiLWUzYmUtNDAzNy1hYmJlLTYxNWY5Mjg5MWJmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0XoQwDQYJKoZIhvcNAQELBQADggEBAGX/OpvPZ43POzOzK05VU2R7KGyz
7nL1BMp928Ynhe/dpMkf0uNqlhXn04/kjJwr6DA1IJitzT8hD1X0pu+dxZjPt0Pc
MhMerYVN+AnRBMQ7mYqM4YIfviQON6xweCOLQ5wPRzudw2tyl/07jPP9fRXPtWdT
yGlYpfVQz3rmEwDUPOOmjHueiIxW8v+QpE9jwnJGR8Hf1AEBNRUY4JFQipGD8FGh
lOm9ldv6FeEFXOioPmi8n5dHgAhBJJQ8noZNYAUz4qN9YLuX2ZerUZ+kkA+1vCG9
kfFo3tWFbmMslOmz9iXimpEc/+RZHrsesl/cA+PTidBS5K+23C7BRvvaspY=
-----END CERTIFICATE-----