Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/80734e6d-94b2-4640-a96d-ed949c9eb152.roa
File:                     80734e6d-94b2-4640-a96d-ed949c9eb152.roa (raw, json)
Hash identifier:          OM1Pl/u8NhO3UZFnoIxWnhLJHEH5vr+/Al5P0FiHmxM=
Subject key identifier:   F6:85:EA:5B:48:4E:F3:D6:EB:4F:E4:02:3D:7E:44:18:49:AB:1D:26
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       70AFBE839F56AA6FC1691356E438A53694098AFE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/80734e6d-94b2-4640-a96d-ed949c9eb152.roa
Signing time:             Fri 17 Oct 2025 23:00:15 +0000
ROA not before:           Fri 17 Oct 2025 23:00:15 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.251.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:af:be:83:9f:56:aa:6f:c1:69:13:56:e4:38:a5:36:94:09:8a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 17 23:00:15 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=744fcb5a62d48be3cf2f753d61a0674f98ed8769f1d59b812ea2e264ad16c670, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:fd:db:c7:84:2b:df:6c:ee:04:10:a8:6e:c5:
                    af:f6:39:d8:19:3f:f3:a8:41:90:8e:ea:fd:a6:77:
                    9e:60:3f:4e:99:ea:25:74:64:91:2d:54:fe:c3:58:
                    01:a6:6f:8f:89:d9:f4:ef:fc:50:24:d3:2c:d8:6c:
                    ee:4c:dd:a8:62:13:18:21:c1:dc:d6:98:f1:ed:91:
                    e7:7d:c4:7d:00:b1:b8:0b:4f:13:5b:e0:3c:82:10:
                    71:18:73:df:48:89:14:9f:2a:0e:b2:34:81:80:6a:
                    a8:c0:93:e3:57:21:53:eb:a8:f1:a2:4e:29:1c:81:
                    64:a1:48:e7:0a:56:60:1c:22:b0:dc:c7:ac:aa:ac:
                    68:d4:27:46:4b:b7:18:23:b6:4a:4a:64:17:91:50:
                    63:a7:e9:6f:fb:1a:72:57:fa:7f:7a:6f:f1:2e:38:
                    49:7d:64:4f:24:1a:25:76:5c:9a:41:6e:94:21:bb:
                    2e:98:a7:ff:56:5c:8e:77:5b:31:7c:ff:4a:2c:f9:
                    d6:4d:4a:58:bd:79:98:80:4a:b4:2a:39:99:75:da:
                    8b:d4:91:f1:d0:6c:37:59:8c:b0:a5:e3:2c:20:29:
                    f7:90:7c:24:6f:cf:c9:6d:3f:d6:0e:cd:36:60:b5:
                    05:a2:93:80:f3:95:d7:ee:a1:53:e9:87:3b:32:73:
                    44:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:85:EA:5B:48:4E:F3:D6:EB:4F:E4:02:3D:7E:44:18:49:AB:1D:26
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/80734e6d-94b2-4640-a96d-ed949c9eb152.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.251.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         35:b0:59:19:3d:c0:03:4a:15:f3:9e:79:5c:7b:04:e6:de:95:
         31:02:09:17:8b:f8:4e:01:66:d5:15:47:33:40:29:c9:82:03:
         2f:dd:84:e3:b9:c0:b6:91:61:fd:5e:6c:e7:5c:9f:0f:5d:d5:
         d9:74:c5:5c:a5:f5:55:b9:05:57:05:c9:a5:2a:4b:31:25:6d:
         09:c3:8b:7d:eb:a6:42:6b:3e:b9:28:43:0b:b0:6d:39:38:f7:
         4c:00:78:0d:6e:e4:b5:80:8d:2b:67:4a:36:6a:25:14:35:c1:
         e4:59:f4:81:d5:05:d7:9f:65:10:96:0a:83:65:6d:c8:7c:2e:
         4e:55:d6:8e:e0:09:db:ac:49:fe:ec:86:d8:83:b0:a6:2f:bb:
         ca:41:ff:17:56:80:5a:dc:ba:69:f0:c7:25:e7:d3:11:17:76:
         cc:e6:53:7b:dd:62:6c:cf:bd:46:5e:15:14:bd:74:b7:11:0b:
         64:45:49:ae:d6:c0:d9:da:c8:34:26:84:91:a2:f0:03:df:5f:
         54:64:df:9a:ed:6b:bf:8b:6d:80:64:28:3a:bc:d0:12:31:1f:
         99:f1:00:8e:d7:77:c6:0d:48:6e:1f:66:24:b9:82:51:c1:09:
         0a:79:2f:55:cc:d8:26:ad:07:19:9a:c3:a8:8e:10:66:b1:02:
         0b:34:b5:86
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcK++g59Wqm/BaRNW5DilNpQJiv4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE3MjMwMDE1WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDRmY2I1YTYyZDQ4YmUzY2YyZjc1M2Q2MWEwNjc0Zjk4
ZWQ4NzY5ZjFkNTliODEyZWEyZTI2NGFkMTZjNjcwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf/dvHhCvfbO4EEKhuxa/2OdgZP/OoQZCO6v2md55gP06Z
6iV0ZJEtVP7DWAGmb4+J2fTv/FAk0yzYbO5M3ahiExghwdzWmPHtked9xH0AsbgL
TxNb4DyCEHEYc99IiRSfKg6yNIGAaqjAk+NXIVPrqPGiTikcgWShSOcKVmAcIrDc
x6yqrGjUJ0ZLtxgjtkpKZBeRUGOn6W/7GnJX+n96b/EuOEl9ZE8kGiV2XJpBbpQh
uy6Yp/9WXI53WzF8/0os+dZNSli9eZiASrQqOZl12ovUkfHQbDdZjLCl4ywgKfeQ
fCRvz8ltP9YOzTZgtQWik4DzldfuoVPphzsyc0R5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU9oXqW0hO89brT+QCPX5EGEmrHSYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgwNzM0ZTZkLTk0YjItNDY0MC1hOTZkLWVkOTQ5YzllYjE1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2+zANBgkqhkiG9w0BAQsFAAOCAQEANbBZGT3AA0oV8555XHsE5t6VMQIJ
F4v4TgFm1RVHM0ApyYIDL92E47nAtpFh/V5s51yfD13V2XTFXKX1VbkFVwXJpSpL
MSVtCcOLfeumQms+uShDC7BtOTj3TAB4DW7ktYCNK2dKNmolFDXB5Fn0gdUF159l
EJYKg2VtyHwuTlXWjuAJ26xJ/uyG2IOwpi+7ykH/F1aAWty6afDHJefTERd2zOZT
e91ibM+9Rl4VFL10txELZEVJrtbA2drINCaEkaLwA99fVGTfmu1rv4ttgGQoOrzQ
EjEfmfEAjtd3xg1Ibh9mJLmCUcEJCnkvVczYJq0HGZrDqI4QZrECCzS1hg==
-----END CERTIFICATE-----