Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/769ac735-8275-4699-adb5-1c5c60976d76.roa
File:                     769ac735-8275-4699-adb5-1c5c60976d76.roa (raw, json)
Hash identifier:          hWFHVBtpEIrXn9Ya8zVc9pl189TuXwW5xEmVJ6VKzkg=
Subject key identifier:   D8:54:2E:70:17:BE:C8:3F:B8:56:F0:57:2C:DD:86:DE:98:83:72:E6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3065BCDD5B2A1348E8D63792E6B35BFE93F76349
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/769ac735-8275-4699-adb5-1c5c60976d76.roa
Signing time:             Fri 26 Sep 2025 03:03:05 +0000
ROA not before:           Fri 26 Sep 2025 03:03:05 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.144.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:65:bc:dd:5b:2a:13:48:e8:d6:37:92:e6:b3:5b:fe:93:f7:63:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 03:03:05 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=312b5dac19cb851c210f265c1c496a4f4797d8a3e6cb1bec9b62df8755dd053d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:2f:ef:d4:91:4e:ab:03:fc:e4:6f:9f:83:4f:
                    d1:49:b0:f9:03:8e:3b:1d:bd:66:32:cd:e1:49:1e:
                    b6:b4:da:48:55:67:2f:8b:97:47:b8:d2:d8:c7:4b:
                    bb:8d:13:25:14:d5:ae:2d:3a:9e:0a:26:07:de:75:
                    5f:61:2e:5e:a5:35:3e:fd:7a:44:a2:97:f3:73:6d:
                    a4:dd:ab:6d:30:e5:57:4c:39:f0:e7:0c:ac:f5:73:
                    38:1e:04:87:b8:32:2a:e5:08:99:74:26:95:6d:eb:
                    27:a3:58:ae:95:ad:de:d8:2a:67:00:d7:fe:cd:6c:
                    ee:6f:f1:4e:75:62:0d:97:11:08:41:e7:c6:d0:c3:
                    14:fe:45:f3:c3:eb:54:76:0f:d8:97:61:46:b7:ed:
                    56:d1:48:6f:93:3f:5d:cc:db:01:f7:94:fc:45:57:
                    1a:05:33:ac:11:81:3b:f7:37:6d:ae:aa:08:a6:90:
                    be:37:1f:a5:d7:b5:ff:5b:c0:a8:32:a3:5e:00:c1:
                    81:68:ae:da:6c:6d:87:51:82:ff:a6:8c:8e:f9:5d:
                    ab:e0:ec:91:f9:d5:6e:39:69:05:03:20:0a:be:0b:
                    b2:e7:36:2f:47:a5:fb:bb:91:c7:43:d6:c4:2f:d7:
                    40:ae:5a:e7:9a:e5:b9:1f:36:59:7b:a7:42:1a:02:
                    f7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:54:2E:70:17:BE:C8:3F:B8:56:F0:57:2C:DD:86:DE:98:83:72:E6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/769ac735-8275-4699-adb5-1c5c60976d76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:38:7e:6e:87:65:10:e0:44:a0:4c:01:fa:55:e3:23:a2:e8:
         82:28:24:ae:83:f4:da:f1:d1:db:5c:0d:ff:b2:96:90:9d:2d:
         46:02:5f:7e:43:4c:2d:d1:d5:6d:6d:ce:ee:b8:5c:96:b6:96:
         8c:79:24:8d:cb:13:14:bf:77:d5:87:52:55:26:a1:23:17:4e:
         99:b3:88:08:74:d4:7e:7c:59:34:f3:cb:c4:04:5b:15:c3:dc:
         a5:12:e1:ec:e8:0d:50:c6:91:40:c9:4f:35:17:2e:1c:b1:2b:
         28:1b:d2:12:36:9a:88:33:e0:18:e9:e5:83:7e:c9:2c:7d:ad:
         2d:45:b6:41:1f:bb:23:96:81:94:51:58:bf:da:53:7c:e4:dc:
         a0:00:51:40:39:58:88:a7:eb:34:38:31:ec:e4:ef:f5:5d:b8:
         4b:4d:e1:9c:da:dd:af:52:db:e4:64:40:dc:3f:e7:d6:85:4b:
         f4:36:4a:a5:3d:50:fe:9c:40:65:20:30:db:e8:95:1a:70:5c:
         ed:d7:ff:9e:84:cb:dc:1d:fe:ba:9b:a1:ed:f4:6b:60:85:62:
         40:44:64:b6:95:80:59:4b:ee:9c:26:fb:b5:7d:e1:5a:09:33:
         fc:cc:54:f9:ae:64:ca:a2:0f:55:1a:27:07:d0:0f:ca:e7:63:
         e5:6a:7f:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMGW83VsqE0jo1jeS5rNb/pP3Y0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDMwMzA1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMTJiNWRhYzE5Y2I4NTFjMjEwZjI2NWMxYzQ5NmE0ZjQ3
OTdkOGEzZTZjYjFiZWM5YjYyZGY4NzU1ZGQwNTNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkL+/UkU6rA/zkb5+DT9FJsPkDjjsdvWYyzeFJHra02khV
Zy+Ll0e40tjHS7uNEyUU1a4tOp4KJgfedV9hLl6lNT79ekSil/NzbaTdq20w5VdM
OfDnDKz1czgeBIe4MirlCJl0JpVt6yejWK6Vrd7YKmcA1/7NbO5v8U51Yg2XEQhB
58bQwxT+RfPD61R2D9iXYUa37VbRSG+TP13M2wH3lPxFVxoFM6wRgTv3N22uqgim
kL43H6XXtf9bwKgyo14AwYFortpsbYdRgv+mjI75Xavg7JH51W45aQUDIAq+C7Ln
Ni9Hpfu7kcdD1sQv10CuWuea5bkfNll7p0IaAvdTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2FQucBe+yD+4VvBXLN2G3piDcuYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2OWFjNzM1LTgyNzUtNDY5OS1hZGI1LTFjNWM2MDk3NmQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM25pAwDQYJKoZIhvcNAQELBQADggEBAAM4fm6HZRDgRKBMAfpV4yOi6IIo
JK6D9Nrx0dtcDf+ylpCdLUYCX35DTC3R1W1tzu64XJa2lox5JI3LExS/d9WHUlUm
oSMXTpmziAh01H58WTTzy8QEWxXD3KUS4ezoDVDGkUDJTzUXLhyxKygb0hI2mogz
4Bjp5YN+ySx9rS1FtkEfuyOWgZRRWL/aU3zk3KAAUUA5WIin6zQ4Mezk7/VduEtN
4Zza3a9S2+RkQNw/59aFS/Q2SqU9UP6cQGUgMNvolRpwXO3X/56Ey9wd/rqboe30
a2CFYkBEZLaVgFlL7pwm+7V94VoJM/zMVPmuZMqiD1UaJwfQD8rnY+Vqf/g=
-----END CERTIFICATE-----