Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74eb9ece-ea26-4086-88dd-0d2d4183881c.roa
File:                     74eb9ece-ea26-4086-88dd-0d2d4183881c.roa (raw, json)
Hash identifier:          AYDdb6dKI8lcIlxfoNVFtqFBhWcgvoERo/dhM3NNIkc=
Subject key identifier:   C5:9A:3D:CE:60:9F:C3:F2:33:34:F5:BF:BB:29:2E:D7:98:5C:D7:C7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E84D3D7D2192B81965CA0247435182DED751C96
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74eb9ece-ea26-4086-88dd-0d2d4183881c.roa
Signing time:             Tue 05 Aug 2025 17:11:06 +0000
ROA not before:           Tue 05 Aug 2025 17:11:06 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.204.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:84:d3:d7:d2:19:2b:81:96:5c:a0:24:74:35:18:2d:ed:75:1c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 17:11:06 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=e43ab04e0522b0a08dc9977f6594251eef2d680a98e5e4513db8b7b4b2a753e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:59:ec:f9:9a:4e:f6:00:67:9b:29:86:e6:89:
                    87:7f:77:c2:3e:60:32:68:38:71:6d:de:9b:c8:5d:
                    b6:8b:b2:6f:79:79:63:89:00:cb:88:0d:d3:d4:df:
                    eb:d5:29:c9:21:1e:6f:3e:c0:84:11:1c:78:5f:42:
                    2e:66:80:62:49:29:5d:00:ea:59:83:a4:25:88:4c:
                    9f:36:4e:31:18:93:27:e4:ab:b7:e6:48:88:f1:ac:
                    99:4e:ef:5a:1a:d1:cb:3a:52:fe:d0:64:be:8e:e2:
                    d2:7e:6f:7a:3a:b8:a1:60:c9:0f:d0:f7:ac:2f:49:
                    72:c2:1c:de:62:29:fe:d2:7b:f5:05:c1:2d:7a:c0:
                    c9:cc:0b:ab:60:86:7a:95:e6:7d:9c:36:e6:5f:35:
                    d5:fe:d5:ac:13:6f:01:d9:f0:84:2e:6f:bb:0d:ce:
                    b8:b9:31:e1:99:60:d5:6c:5e:57:71:b8:64:0b:46:
                    76:c6:0f:04:c4:19:60:0e:a6:73:e8:66:6f:4f:63:
                    2f:61:e5:d3:52:dd:a0:93:86:6b:a1:de:f2:1d:9f:
                    3c:4d:d0:f3:af:1f:4f:a6:d6:8d:e4:c6:e9:1e:1e:
                    ac:20:be:2c:a5:1f:6f:49:f8:f5:3a:b8:64:8a:32:
                    f2:20:ea:62:a9:ac:05:f7:33:55:00:d2:1d:59:c9:
                    51:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9A:3D:CE:60:9F:C3:F2:33:34:F5:BF:BB:29:2E:D7:98:5C:D7:C7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74eb9ece-ea26-4086-88dd-0d2d4183881c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:81:c5:32:b7:3e:82:1b:17:c3:7f:0d:98:c1:6e:c0:c4:c5:
         54:03:5d:26:8e:f7:4d:50:90:9a:73:9b:44:df:7b:db:56:d1:
         c5:96:5a:86:32:23:39:15:5f:7f:f4:27:bf:2a:ab:b9:0d:d9:
         6f:f0:d2:12:08:22:de:02:82:08:12:72:23:f1:28:fa:8d:49:
         a4:8d:03:7c:0a:bb:68:58:ef:d0:6c:0f:9c:a5:e9:56:0f:19:
         6b:70:d3:e3:1a:fe:0c:53:49:6d:72:ca:28:12:15:78:a5:0d:
         5b:08:c8:cd:e5:cc:f7:7a:62:a5:97:77:75:8b:48:39:36:90:
         59:ab:5b:8e:40:c2:2f:ba:b1:22:ea:ec:61:a7:0b:f2:01:8c:
         8c:55:66:9f:7f:d3:ab:f6:34:46:ac:8a:c6:d3:d6:2c:0c:44:
         ef:7b:8d:52:a7:ce:1f:5e:b5:8c:a5:3a:f2:9a:29:fc:84:33:
         f3:57:39:a3:75:ca:ee:a0:53:bf:16:27:ed:ec:aa:3b:9f:2f:
         13:70:27:82:e1:77:3c:a2:c1:96:53:09:c9:0e:27:fd:3e:a9:
         e6:bb:d7:ef:ef:ae:46:69:f9:a7:e0:83:ee:d1:ff:a4:29:6b:
         99:6a:6a:25:34:d9:03:14:b0:5a:6a:72:d4:ba:1a:ab:8e:83:
         dc:7d:a8:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXoTT19IZK4GWXKAkdDUYLe11HJYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTcxMTA2WhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDNhYjA0ZTA1MjJiMGEwOGRjOTk3N2Y2NTk0MjUxZWVm
MmQ2ODBhOThlNWU0NTEzZGI4YjdiNGIyYTc1M2U1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9Wez5mk72AGebKYbmiYd/d8I+YDJoOHFt3pvIXbaLsm95
eWOJAMuIDdPU3+vVKckhHm8+wIQRHHhfQi5mgGJJKV0A6lmDpCWITJ82TjEYkyfk
q7fmSIjxrJlO71oa0cs6Uv7QZL6O4tJ+b3o6uKFgyQ/Q96wvSXLCHN5iKf7Se/UF
wS16wMnMC6tghnqV5n2cNuZfNdX+1awTbwHZ8IQub7sNzri5MeGZYNVsXldxuGQL
RnbGDwTEGWAOpnPoZm9PYy9h5dNS3aCThmuh3vIdnzxN0POvH0+m1o3kxukeHqwg
viylH29J+PU6uGSKMvIg6mKprAX3M1UA0h1ZyVEvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxZo9zmCfw/IzNPW/uyku15hc18cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0ZWI5ZWNlLWVhMjYtNDA4Ni04OGRkLTBkMmQ0MTgzODgxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0XswwDQYJKoZIhvcNAQELBQADggEBAFeBxTK3PoIbF8N/DZjBbsDExVQD
XSaO901QkJpzm0Tfe9tW0cWWWoYyIzkVX3/0J78qq7kN2W/w0hIIIt4CgggSciPx
KPqNSaSNA3wKu2hY79BsD5yl6VYPGWtw0+Ma/gxTSW1yyigSFXilDVsIyM3lzPd6
YqWXd3WLSDk2kFmrW45Awi+6sSLq7GGnC/IBjIxVZp9/06v2NEasisbT1iwMRO97
jVKnzh9etYylOvKaKfyEM/NXOaN1yu6gU78WJ+3sqjufLxNwJ4LhdzyiwZZTCckO
J/0+qea71+/vrkZp+afgg+7R/6Qpa5lqaiU02QMUsFpqctS6GquOg9x9qPk=
-----END CERTIFICATE-----