Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/775f5436-c0b1-43db-a715-5742a02b9394.roa
File:                     775f5436-c0b1-43db-a715-5742a02b9394.roa (raw, json)
Hash identifier:          82/KCVYO6RKcDtQ9raa1yUVv+L6Yz1skBjM84YwnpbM=
Subject key identifier:   4F:F5:32:81:63:A5:05:51:01:EC:EC:B7:A7:46:CB:50:16:A6:91:49
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4009E100F3C6896FF06A1A7A18E9272C8B61E3D7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/775f5436-c0b1-43db-a715-5742a02b9394.roa
Signing time:             Fri 10 Oct 2025 16:56:29 +0000
ROA not before:           Fri 10 Oct 2025 16:56:29 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.208.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:09:e1:00:f3:c6:89:6f:f0:6a:1a:7a:18:e9:27:2c:8b:61:e3:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:56:29 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=6a03cde7f7ffb5c36f5a5bc5db38422f068eae80e873e248abc1a17114185df8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0c:62:59:28:07:44:4c:43:a1:15:22:c7:8f:
                    8e:49:c0:04:41:72:23:eb:4b:82:30:30:7a:64:55:
                    d3:e1:fe:ac:ca:68:26:34:fd:72:03:e1:47:2f:9e:
                    b7:61:42:dd:5b:59:a9:9c:10:a3:91:50:75:dc:d9:
                    1e:cb:4e:47:f0:fe:ae:78:99:4f:00:8a:62:bf:c1:
                    cc:82:a3:fe:e2:30:7e:e4:23:11:5b:cc:a3:5f:33:
                    f3:bf:f7:82:4b:d2:40:22:9c:81:7f:b0:d8:23:dc:
                    c3:82:f6:b6:84:38:64:4a:a6:af:44:54:e9:ee:67:
                    97:22:80:88:51:45:4a:2d:f8:c7:97:1e:af:22:1c:
                    64:46:2b:1d:6e:04:f3:9b:a3:45:ae:a1:cd:c3:ab:
                    77:dc:d0:0f:77:4a:41:a0:54:79:ea:24:27:ff:ec:
                    24:65:6a:3f:a8:13:13:d5:c3:6a:60:d8:b6:5a:28:
                    5e:df:ef:06:2a:a6:75:b9:b8:78:eb:8a:0d:62:b1:
                    38:ba:d3:9d:a3:22:62:de:d8:c2:75:27:18:3d:51:
                    cd:21:ce:6c:5c:5a:c4:89:6c:eb:36:af:47:44:92:
                    02:44:6f:5e:4a:01:36:ac:29:8c:7b:af:90:b8:a5:
                    36:a0:ab:e1:2c:6e:f6:9a:ce:ae:12:fd:82:35:46:
                    0c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F5:32:81:63:A5:05:51:01:EC:EC:B7:A7:46:CB:50:16:A6:91:49
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/775f5436-c0b1-43db-a715-5742a02b9394.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.208.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         7a:54:08:d9:86:1f:98:e1:92:78:f6:63:02:fd:c6:66:1e:03:
         53:31:67:f5:52:3c:1e:6c:3b:9f:10:ca:12:d9:a6:d7:1d:3d:
         5f:c0:7e:5f:3d:9f:18:23:d8:b7:e7:62:74:8b:4d:9c:5e:89:
         69:dd:ba:86:f2:61:10:5d:47:b2:b6:49:94:db:de:27:50:8f:
         ad:75:40:be:a6:2d:f0:2a:c3:6d:bb:95:74:4c:a4:7b:e6:a1:
         72:59:f1:08:24:80:d2:84:80:b3:4c:5b:50:b3:9e:87:2f:51:
         1c:21:58:99:33:72:1a:9b:72:e8:e8:9b:ca:82:cf:8e:4a:53:
         f5:31:cd:5c:63:65:3d:18:29:9c:c5:95:b5:54:1b:38:ea:ab:
         1c:89:d2:58:2e:70:d6:df:68:a3:32:4b:87:5d:03:1d:3d:eb:
         ca:c0:6b:0f:73:6b:a5:46:f4:09:c9:3a:d6:24:09:4c:8d:93:
         96:3f:43:b2:a0:47:7f:c5:0d:21:dd:4e:57:53:20:46:d0:9c:
         10:95:51:d7:ae:fb:0f:8c:dd:60:69:15:b1:3e:be:57:de:44:
         dd:ea:74:3b:3e:56:3d:70:bd:d1:b0:cd:14:c9:59:40:c0:f2:
         d1:0a:d5:58:0c:bc:34:ea:00:51:b9:c7:99:ac:af:a8:e6:6a:
         34:e1:6d:c2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQAnhAPPGiW/wahp6GOknLIth49cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTY1NjI5WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTAzY2RlN2Y3ZmZiNWMzNmY1YTViYzVkYjM4NDIyZjA2
OGVhZTgwZTg3M2UyNDhhYmMxYTE3MTE0MTg1ZGY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtDGJZKAdETEOhFSLHj45JwARBciPrS4IwMHpkVdPh/qzK
aCY0/XID4UcvnrdhQt1bWamcEKORUHXc2R7LTkfw/q54mU8AimK/wcyCo/7iMH7k
IxFbzKNfM/O/94JL0kAinIF/sNgj3MOC9raEOGRKpq9EVOnuZ5cigIhRRUot+MeX
Hq8iHGRGKx1uBPObo0Wuoc3Dq3fc0A93SkGgVHnqJCf/7CRlaj+oExPVw2pg2LZa
KF7f7wYqpnW5uHjrig1isTi6052jImLe2MJ1Jxg9Uc0hzmxcWsSJbOs2r0dEkgJE
b15KATasKYx7r5C4pTagq+Esbvaazq4S/YI1RgzpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUT/UygWOlBVEB7Oy3p0bLUBamkUkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc3NWY1NDM2LWMwYjEtNDNkYi1hNzE1LTU3NDJhMDJiOTM5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE20DANBgkqhkiG9w0BAQsFAAOCAQEAelQI2YYfmOGSePZjAv3GZh4DUzFn
9VI8Hmw7nxDKEtmm1x09X8B+Xz2fGCPYt+didItNnF6Jad26hvJhEF1HsrZJlNve
J1CPrXVAvqYt8CrDbbuVdEyke+ahclnxCCSA0oSAs0xbULOehy9RHCFYmTNyGpty
6OibyoLPjkpT9THNXGNlPRgpnMWVtVQbOOqrHInSWC5w1t9oozJLh10DHT3rysBr
D3NrpUb0Cck61iQJTI2Tlj9DsqBHf8UNId1OV1MgRtCcEJVR1677D4zdYGkVsT6+
V95E3ep0Oz5WPXC90bDNFMlZQMDy0QrVWAy8NOoAUbnHmayvqOZqNOFtwg==
-----END CERTIFICATE-----