Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7bc2d2f7-b790-4846-bad9-b0fa648c2e12.roa
File:                     7bc2d2f7-b790-4846-bad9-b0fa648c2e12.roa (raw, json)
Hash identifier:          3WMbqQmDhdWPduGAFp+s0M1oMU3sda8YsgMeVCNvczA=
Subject key identifier:   5D:8D:B5:D6:51:00:CE:80:D2:7A:C6:CE:84:A4:5F:8B:8E:2B:69:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       52166F6AF0D5E3903BFF1D59D1793A832200AF2F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7bc2d2f7-b790-4846-bad9-b0fa648c2e12.roa
Signing time:             Tue 19 Aug 2025 16:31:51 +0000
ROA not before:           Tue 19 Aug 2025 16:31:51 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.214.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:16:6f:6a:f0:d5:e3:90:3b:ff:1d:59:d1:79:3a:83:22:00:af:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 16:31:51 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=8d7276fb3db7813a40963e2ab551fe0d1df650d40fe5af93b19b44797cc2299f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2a:63:da:a0:13:c5:00:1e:39:2a:0f:6d:64:
                    83:25:b7:f9:75:90:f0:e8:88:0b:5b:8f:80:87:9e:
                    48:20:61:e0:9b:9d:91:b1:5a:f6:fb:61:35:89:a7:
                    96:8b:2a:bc:f4:b7:f3:33:e3:41:ce:62:21:12:66:
                    77:6a:17:eb:2b:17:e2:56:ac:f0:88:a5:b1:8f:4f:
                    80:f0:92:27:5c:58:f8:b4:a7:78:f9:b5:12:e4:c7:
                    e9:45:aa:92:70:76:f8:48:6e:26:47:77:0c:09:5a:
                    3f:bd:e6:35:45:2a:1c:1a:c3:97:44:8d:00:10:25:
                    40:5f:f5:98:02:f0:77:d8:e9:7b:fc:18:20:7d:84:
                    27:4a:02:25:15:7e:77:22:2d:a9:28:45:d5:a2:b9:
                    4d:50:bb:5b:05:13:30:33:83:a6:84:16:f8:a2:2d:
                    64:94:b5:ec:2a:fa:22:49:51:66:0e:a7:d7:92:85:
                    fc:91:88:12:54:28:ee:9f:32:ee:89:9b:28:fa:05:
                    0e:0c:32:f8:69:43:5c:3d:0d:15:84:69:46:ee:6c:
                    80:db:3f:cc:29:f2:33:e4:e6:c4:fc:7c:dc:d4:13:
                    10:7a:33:9a:1d:42:cf:dd:02:15:4f:1e:87:24:0a:
                    42:98:c6:b6:45:a1:33:a8:2e:a9:56:d1:83:cd:5d:
                    50:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:8D:B5:D6:51:00:CE:80:D2:7A:C6:CE:84:A4:5F:8B:8E:2B:69:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7bc2d2f7-b790-4846-bad9-b0fa648c2e12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.214.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         aa:77:a0:36:fa:2a:5d:4c:f9:32:98:52:04:6b:38:65:d1:ef:
         94:60:cb:8c:6e:cc:99:d9:3f:60:02:95:44:03:ff:82:02:ea:
         ad:12:8b:b7:b7:a5:c5:bd:01:74:49:e5:ab:f6:9c:63:67:71:
         44:50:9b:37:4f:e2:2d:d6:b3:5c:5c:b9:cd:6c:8e:f5:da:6b:
         0b:be:57:5d:69:0e:91:b4:f4:24:3f:a6:e4:ff:10:be:11:4e:
         eb:5c:56:b7:8e:31:d8:9c:73:71:2f:d1:b5:57:ff:54:6b:42:
         ef:5d:a7:3d:8b:5d:44:46:67:2d:20:7c:d4:cf:71:2e:5f:ff:
         07:9b:92:9c:b7:c6:5b:59:bb:3a:23:bf:fa:14:12:6f:c0:bb:
         bb:77:14:a9:e0:da:97:3f:f0:33:77:69:86:34:47:82:95:fb:
         13:31:d6:0f:7c:13:94:d5:e3:0e:b3:f3:42:3a:68:2a:a9:a2:
         27:dc:10:f8:2c:6a:55:c1:b8:79:4b:59:b2:63:42:89:21:9a:
         cf:6c:fd:87:50:10:54:e0:59:4c:99:86:9f:4d:ed:ed:29:ed:
         81:9c:e7:a8:89:d0:1b:07:f9:51:cf:a7:05:75:db:22:60:1f:
         5a:a9:cd:85:39:aa:64:6c:b6:bb:a8:85:83:6c:eb:c8:52:94:
         0b:20:74:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUhZvavDV45A7/x1Z0Xk6gyIAry8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTYzMTUxWhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDcyNzZmYjNkYjc4MTNhNDA5NjNlMmFiNTUxZmUwZDFk
ZjY1MGQ0MGZlNWFmOTNiMTliNDQ3OTdjYzIyOTlmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsKmPaoBPFAB45Kg9tZIMlt/l1kPDoiAtbj4CHnkggYeCb
nZGxWvb7YTWJp5aLKrz0t/Mz40HOYiESZndqF+srF+JWrPCIpbGPT4DwkidcWPi0
p3j5tRLkx+lFqpJwdvhIbiZHdwwJWj+95jVFKhwaw5dEjQAQJUBf9ZgC8HfY6Xv8
GCB9hCdKAiUVfnciLakoRdWiuU1Qu1sFEzAzg6aEFviiLWSUtewq+iJJUWYOp9eS
hfyRiBJUKO6fMu6Jmyj6BQ4MMvhpQ1w9DRWEaUbubIDbP8wp8jPk5sT8fNzUExB6
M5odQs/dAhVPHockCkKYxrZFoTOoLqlW0YPNXVB3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXY211lEAzoDSesbOhKRfi44raT8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdiYzJkMmY3LWI3OTAtNDg0Ni1iYWQ5LWIwZmE2NDhjMmUxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU21sAwDQYJKoZIhvcNAQELBQADggEBAKp3oDb6Kl1M+TKYUgRrOGXR75Rg
y4xuzJnZP2AClUQD/4IC6q0Si7e3pcW9AXRJ5av2nGNncURQmzdP4i3Ws1xcuc1s
jvXaawu+V11pDpG09CQ/puT/EL4RTutcVreOMdicc3Ev0bVX/1RrQu9dpz2LXURG
Zy0gfNTPcS5f/webkpy3xltZuzojv/oUEm/Au7t3FKng2pc/8DN3aYY0R4KV+xMx
1g98E5TV4w6z80I6aCqpoifcEPgsalXBuHlLWbJjQokhms9s/YdQEFTgWUyZhp9N
7e0p7YGc56iJ0BsH+VHPpwV12yJgH1qpzYU5qmRstruohYNs68hSlAsgdN4=
-----END CERTIFICATE-----