Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/775f5436-c0b1-43db-a715-5742a02b9394.roa
File:                     775f5436-c0b1-43db-a715-5742a02b9394.roa (raw, json)
Hash identifier:          O8trGQwqTTbz84bk/XRBHHTn4Jt78+7e1+vPUh/6Gvk=
Subject key identifier:   8D:C6:D4:7D:01:18:2B:45:6E:EF:B6:75:2B:1F:14:02:CC:B1:7E:12
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3E415AA49DE65E89B984A06DBF0AA233F5095062
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/775f5436-c0b1-43db-a715-5742a02b9394.roa
Signing time:             Tue 19 Aug 2025 16:31:20 +0000
ROA not before:           Tue 19 Aug 2025 16:31:20 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.208.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:41:5a:a4:9d:e6:5e:89:b9:84:a0:6d:bf:0a:a2:33:f5:09:50:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 16:31:20 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=f3e9f87ca4ef153d78fd49e810cbeebb85c4846ee1c10654e2b3c6c12e52272c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ce:c5:4d:a2:52:9c:c9:6d:ac:c5:30:fb:d3:
                    11:93:e2:88:09:e3:a5:d6:76:05:87:06:c6:31:e4:
                    c0:23:5c:6c:74:c6:5a:f8:cb:e0:d5:15:c8:78:7b:
                    7d:2c:c8:5a:31:94:6d:48:e0:36:a8:03:e3:95:c6:
                    a5:bb:36:78:18:ae:37:e4:09:80:f4:d9:a5:71:bc:
                    53:12:51:bb:55:4f:e4:a5:ff:b2:1a:54:48:96:2d:
                    82:3f:4b:ee:ac:ea:ed:ad:42:36:9a:56:60:b8:3e:
                    98:20:f1:44:ec:cd:1c:4b:32:f1:99:dc:81:6d:b6:
                    9e:da:62:23:20:7f:36:0d:c4:33:da:04:ab:b4:13:
                    77:a8:54:2a:e5:ea:4c:67:d1:07:18:14:3a:f1:e6:
                    ca:3a:7d:eb:2b:3e:3d:68:3a:ef:b7:6a:a2:91:24:
                    80:41:41:07:6a:16:89:ac:39:e5:d7:66:ee:db:05:
                    e7:79:21:b0:39:74:f6:62:42:ad:8d:23:59:46:17:
                    b8:4f:db:94:ce:e2:12:5a:76:bf:01:06:3b:87:50:
                    7b:41:01:2e:71:d0:0f:ac:87:fe:39:2d:5b:38:ff:
                    0b:59:59:38:34:e9:37:32:69:1a:a4:1b:75:b7:ad:
                    c3:61:a4:98:39:77:5e:01:9d:01:ea:c3:18:c0:50:
                    89:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C6:D4:7D:01:18:2B:45:6E:EF:B6:75:2B:1F:14:02:CC:B1:7E:12
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/775f5436-c0b1-43db-a715-5742a02b9394.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.208.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         41:4f:47:b6:b8:86:15:3f:3a:1e:35:b5:60:45:fb:df:00:70:
         66:b4:da:71:13:80:54:eb:9e:41:44:49:42:a1:06:58:bc:d7:
         1c:0a:8f:dd:8d:0c:e2:81:dd:cc:b3:a5:52:08:d6:09:d6:c7:
         3d:af:de:6c:81:60:90:c0:61:44:15:a8:e6:c6:4c:58:14:a1:
         04:7d:67:c6:37:d8:12:0b:36:b7:09:33:55:d5:21:25:a2:be:
         6c:91:f4:91:c0:cc:dd:a8:c5:b1:0c:1f:d3:46:6d:e1:86:f4:
         61:6a:cc:dd:94:61:2e:ea:2f:af:12:05:6a:68:35:41:7a:33:
         c2:65:29:26:33:9e:13:ca:5b:23:92:10:47:5c:ba:4a:f0:a1:
         67:6d:f2:f5:3c:13:3d:36:3f:fc:fc:6f:a1:40:cb:ff:60:cb:
         ae:71:8a:77:5f:10:e0:ef:db:ec:5a:d9:35:0c:ac:fa:02:58:
         b2:1c:0f:fc:74:d1:91:ae:57:eb:cd:da:02:a8:d9:82:17:0d:
         4b:3d:89:f6:3d:a1:e9:3b:d7:3f:ca:67:4b:bb:52:70:88:44:
         2b:70:09:36:4f:e1:59:7b:16:86:57:32:29:58:a8:41:89:41:
         13:67:d1:e5:8f:1c:a3:58:9d:c7:c5:56:f3:52:2e:7a:68:09:
         15:25:8a:59
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPkFapJ3mXom5hKBtvwqiM/UJUGIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTYzMTIwWhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2U5Zjg3Y2E0ZWYxNTNkNzhmZDQ5ZTgxMGNiZWViYjg1
YzQ4NDZlZTFjMTA2NTRlMmIzYzZjMTJlNTIyNzJjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMzsVNolKcyW2sxTD70xGT4ogJ46XWdgWHBsYx5MAjXGx0
xlr4y+DVFch4e30syFoxlG1I4DaoA+OVxqW7NngYrjfkCYD02aVxvFMSUbtVT+Sl
/7IaVEiWLYI/S+6s6u2tQjaaVmC4Ppgg8UTszRxLMvGZ3IFttp7aYiMgfzYNxDPa
BKu0E3eoVCrl6kxn0QcYFDrx5so6fesrPj1oOu+3aqKRJIBBQQdqFomsOeXXZu7b
Bed5IbA5dPZiQq2NI1lGF7hP25TO4hJadr8BBjuHUHtBAS5x0A+sh/45LVs4/wtZ
WTg06TcyaRqkG3W3rcNhpJg5d14BnQHqwxjAUImTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjcbUfQEYK0Vu77Z1Kx8UAsyxfhIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc3NWY1NDM2LWMwYjEtNDNkYi1hNzE1LTU3NDJhMDJiOTM5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE20DANBgkqhkiG9w0BAQsFAAOCAQEAQU9HtriGFT86HjW1YEX73wBwZrTa
cROAVOueQURJQqEGWLzXHAqP3Y0M4oHdzLOlUgjWCdbHPa/ebIFgkMBhRBWo5sZM
WBShBH1nxjfYEgs2twkzVdUhJaK+bJH0kcDM3ajFsQwf00Zt4Yb0YWrM3ZRhLuov
rxIFamg1QXozwmUpJjOeE8pbI5IQR1y6SvChZ23y9TwTPTY//PxvoUDL/2DLrnGK
d18Q4O/b7FrZNQys+gJYshwP/HTRka5X683aAqjZghcNSz2J9j2h6TvXP8pnS7tS
cIhEK3AJNk/hWXsWhlcyKVioQYlBE2fR5Y8co1idx8VW81IuemgJFSWKWQ==
-----END CERTIFICATE-----