Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74efe89a-3988-4164-98dd-bb1f690379cf.roa
File:                     74efe89a-3988-4164-98dd-bb1f690379cf.roa (raw, json)
Hash identifier:          t0WptCDPfvHY2bFv084PZ+m68+n1AXdm5DmcnEc8XT0=
Subject key identifier:   3D:BF:5D:22:CA:93:09:D0:77:DE:00:39:68:6F:70:D6:7E:56:B2:55
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5D7005277BB4965113B77805AFEDEF68E1735F50
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74efe89a-3988-4164-98dd-bb1f690379cf.roa
Signing time:             Fri 19 Sep 2025 17:51:06 +0000
ROA not before:           Fri 19 Sep 2025 17:51:06 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.94.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:70:05:27:7b:b4:96:51:13:b7:78:05:af:ed:ef:68:e1:73:5f:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 17:51:06 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=0feb5dcc9c092f3a06d668c0d47e96d71a18c88f2fa1eefe2cec872aa4e3cadb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:67:08:66:71:7c:51:d7:ea:30:33:f7:4a:f8:
                    25:0c:1f:ba:04:74:36:60:44:f3:04:e8:8e:c0:e7:
                    4f:29:42:75:09:71:4c:88:40:c7:ba:f7:e8:c5:b2:
                    f7:9c:e0:12:f2:7f:fb:ec:4f:21:76:53:dc:42:8b:
                    64:fc:c4:0f:5e:70:d8:dc:d0:03:e8:49:89:d9:5b:
                    67:0d:94:d6:2d:e7:e8:5d:84:90:c5:08:b4:df:0b:
                    d2:ef:70:50:0f:3c:ff:5e:80:95:c8:b0:bf:ca:d5:
                    c3:a0:7b:32:2b:c8:9b:5f:ce:45:ee:60:7e:9a:96:
                    63:33:9c:7a:92:d1:42:04:a9:3d:e4:85:bf:c3:5e:
                    b4:fd:0e:cc:52:c7:c7:63:87:9d:81:86:aa:75:3c:
                    c5:a6:05:6f:19:55:0f:86:9a:3e:3a:16:93:4b:04:
                    ab:21:7e:5f:ae:bb:e1:7b:54:41:a5:4b:eb:b7:45:
                    c8:35:58:96:3c:aa:70:8a:0d:4f:49:5a:95:e4:4c:
                    67:40:ec:0b:ac:59:23:63:5f:f4:f5:ff:ef:6f:d5:
                    78:9a:c7:5b:4c:c4:cc:8c:6c:73:1b:f8:a0:5c:51:
                    5e:b3:b8:da:06:db:95:01:0b:ab:50:8c:59:6c:c7:
                    16:03:bd:0d:74:91:5c:f4:62:ba:fd:35:55:d5:06:
                    4e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:BF:5D:22:CA:93:09:D0:77:DE:00:39:68:6F:70:D6:7E:56:B2:55
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74efe89a-3988-4164-98dd-bb1f690379cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.94.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:bf:7a:76:39:d2:24:2b:08:2e:6c:43:7a:04:b7:fd:1b:ea:
         5a:61:7d:eb:dd:f4:bf:69:0c:c3:da:df:b9:1f:0a:d8:5a:46:
         f7:cb:cb:7b:c7:d6:d9:d0:3e:37:a1:bb:45:fe:8c:be:bc:32:
         af:2e:ec:13:a9:9a:e2:a2:5f:fd:fe:96:bd:62:ca:6c:9e:79:
         76:8d:05:c1:23:56:bb:fc:3e:f8:ce:ab:83:48:0a:64:6e:c0:
         92:b2:21:90:3f:a8:5b:82:cb:85:59:f7:09:b1:bd:53:c2:f5:
         6b:40:15:23:f1:9d:70:b9:4c:4e:a5:b1:7a:f5:27:8e:9a:48:
         6b:dd:49:d8:e1:02:02:f9:34:cb:67:2b:04:4e:43:85:db:65:
         b8:43:05:66:9d:8d:26:94:12:e4:4e:e0:35:26:da:c6:11:51:
         4a:05:3b:84:14:8f:17:db:c1:37:8e:7b:55:75:b1:ce:69:4b:
         2a:60:31:65:40:a7:04:61:5b:6a:f7:01:a8:40:10:93:b7:ce:
         fe:3b:4b:57:d5:59:7f:31:5b:68:cc:8f:5a:3d:c5:e2:cf:17:
         f0:15:20:7a:dc:28:c6:25:58:b6:2f:97:6f:82:82:5e:de:5d:
         1d:dc:6f:d4:34:cc:d5:ec:08:37:84:98:83:ce:88:57:7a:cb:
         92:b3:91:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXXAFJ3u0llETt3gFr+3vaOFzX1AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE5MTc1MTA2WhcNMjUxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmViNWRjYzljMDkyZjNhMDZkNjY4YzBkNDdlOTZkNzFh
MThjODhmMmZhMWVlZmUyY2VjODcyYWE0ZTNjYWRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiZwhmcXxR1+owM/dK+CUMH7oEdDZgRPME6I7A508pQnUJ
cUyIQMe69+jFsvec4BLyf/vsTyF2U9xCi2T8xA9ecNjc0APoSYnZW2cNlNYt5+hd
hJDFCLTfC9LvcFAPPP9egJXIsL/K1cOgezIryJtfzkXuYH6almMznHqS0UIEqT3k
hb/DXrT9DsxSx8djh52Bhqp1PMWmBW8ZVQ+Gmj46FpNLBKshfl+uu+F7VEGlS+u3
Rcg1WJY8qnCKDU9JWpXkTGdA7AusWSNjX/T1/+9v1Xiax1tMxMyMbHMb+KBcUV6z
uNoG25UBC6tQjFlsxxYDvQ10kVz0Yrr9NVXVBk5BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPb9dIsqTCdB33gA5aG9w1n5WslUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0ZWZlODlhLTM5ODgtNDE2NC05OGRkLWJiMWY2OTAzNzljZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2XmgwDQYJKoZIhvcNAQELBQADggEBAHG/enY50iQrCC5sQ3oEt/0b6lph
fevd9L9pDMPa37kfCthaRvfLy3vH1tnQPjehu0X+jL68Mq8u7BOpmuKiX/3+lr1i
ymyeeXaNBcEjVrv8PvjOq4NICmRuwJKyIZA/qFuCy4VZ9wmxvVPC9WtAFSPxnXC5
TE6lsXr1J46aSGvdSdjhAgL5NMtnKwROQ4XbZbhDBWadjSaUEuRO4DUm2sYRUUoF
O4QUjxfbwTeOe1V1sc5pSypgMWVApwRhW2r3AahAEJO3zv47S1fVWX8xW2jMj1o9
xeLPF/AVIHrcKMYlWLYvl2+Cgl7eXR3cb9Q0zNXsCDeEmIPOiFd6y5KzkRA=
-----END CERTIFICATE-----