Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/884eabae-40e5-4574-8264-5a99add21405.roa
File:                     884eabae-40e5-4574-8264-5a99add21405.roa (raw, json)
Hash identifier:          yn4uYBAS3syweFPJ+qL2kyumOKRemhiu5Po9+ZnE/xo=
Subject key identifier:   E4:C1:F3:9A:43:61:06:97:EA:2F:F0:A2:36:FF:80:25:E6:50:20:A3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       31BADD6B33ABA01A976C864576DB64FC7889955E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/884eabae-40e5-4574-8264-5a99add21405.roa
Signing time:             Fri 10 Oct 2025 16:22:45 +0000
ROA not before:           Fri 10 Oct 2025 16:22:45 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.170.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ba:dd:6b:33:ab:a0:1a:97:6c:86:45:76:db:64:fc:78:89:95:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:22:45 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=4075db3d92de88a30ada26b3badc693998faea612e27188842aca9536d856d07, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f5:59:59:f8:a3:e8:a4:04:0b:79:be:07:d9:
                    a6:92:8d:d3:df:28:f8:f7:d5:6a:a9:72:bd:7c:4c:
                    86:14:a4:71:ed:d3:48:34:0f:51:70:34:20:e8:34:
                    aa:97:50:95:e9:85:9e:8e:c1:81:bf:c5:ec:14:7e:
                    0e:19:8e:aa:aa:5c:fd:fc:59:d7:04:0f:a1:19:24:
                    eb:19:1b:90:e7:0a:e6:e2:dd:b8:9b:cd:4a:4a:0f:
                    f1:80:e8:48:c4:e6:6b:9a:34:d2:83:e3:46:f8:9a:
                    0a:c7:41:83:59:be:ca:f0:5c:a6:2e:02:68:36:72:
                    d1:68:ed:73:da:b9:9f:52:cc:6e:85:07:73:56:f2:
                    bd:81:eb:f9:47:88:f8:29:6f:d5:64:c6:f2:77:e6:
                    53:bf:fc:21:b4:4f:a4:a6:f6:42:c6:37:8b:e1:58:
                    09:71:23:69:ab:b3:ed:4f:13:c1:fe:b8:02:fe:82:
                    b8:ca:67:c3:d8:e6:fc:1f:a7:17:94:5d:40:fd:c8:
                    7e:d8:9a:57:ca:a4:f6:7a:25:df:64:b9:87:fb:82:
                    ea:dc:e2:b1:f3:84:99:10:48:2d:d9:12:dd:6f:7b:
                    d5:ca:36:7b:f4:84:76:39:4b:14:3d:b6:1f:02:87:
                    64:c1:7f:fa:ff:56:d2:01:3f:a3:68:5b:b7:f2:ec:
                    d9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:C1:F3:9A:43:61:06:97:EA:2F:F0:A2:36:FF:80:25:E6:50:20:A3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/884eabae-40e5-4574-8264-5a99add21405.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.170.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:cf:4f:41:de:a9:00:8c:be:0c:5c:73:1c:b3:2a:ed:ca:75:
         6a:4d:68:33:94:c3:2e:99:05:77:33:cb:ca:39:e3:36:0b:ef:
         86:c0:8b:c6:8a:c2:e9:d0:5a:59:32:97:39:f9:5b:07:5c:30:
         80:15:64:93:81:21:66:d1:23:d9:41:18:9d:73:61:c3:a2:14:
         e3:29:f9:eb:1f:56:fc:99:d3:e1:4b:a0:ce:8d:52:43:47:61:
         7b:68:6e:42:a3:4b:89:e5:8a:da:cd:9e:44:3f:e7:86:7d:87:
         22:88:a3:2b:fd:ac:b2:1d:f5:4f:77:7d:e2:82:bd:27:1d:bd:
         14:0a:ac:48:3d:18:3d:53:a2:11:58:0b:fb:3a:4e:4f:d3:85:
         d9:78:d6:0f:5f:77:48:26:e1:8b:ed:fe:73:21:b0:57:d5:6f:
         df:83:f3:bc:29:98:44:93:d7:e6:92:f5:66:57:9f:07:97:0b:
         07:b7:b3:b6:d6:89:eb:9e:3d:ac:b7:50:cb:bd:fb:1c:47:af:
         c5:8c:40:92:c1:4c:82:c0:a8:a9:44:8f:16:0a:52:7a:bf:98:
         35:88:09:ba:76:04:88:d2:b5:f5:85:85:db:74:56:cc:a7:9a:
         d9:7f:47:21:03:e0:f8:76:1a:08:ab:69:3a:be:14:9a:d5:a2:
         19:81:31:dc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMbrdazOroBqXbIZFdttk/HiJlV4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTYyMjQ1WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDc1ZGIzZDkyZGU4OGEzMGFkYTI2YjNiYWRjNjkzOTk4
ZmFlYTYxMmUyNzE4ODg0MmFjYTk1MzZkODU2ZDA3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd9VlZ+KPopAQLeb4H2aaSjdPfKPj31Wqpcr18TIYUpHHt
00g0D1FwNCDoNKqXUJXphZ6OwYG/xewUfg4ZjqqqXP38WdcED6EZJOsZG5DnCubi
3bibzUpKD/GA6EjE5muaNNKD40b4mgrHQYNZvsrwXKYuAmg2ctFo7XPauZ9SzG6F
B3NW8r2B6/lHiPgpb9VkxvJ35lO//CG0T6Sm9kLGN4vhWAlxI2mrs+1PE8H+uAL+
grjKZ8PY5vwfpxeUXUD9yH7YmlfKpPZ6Jd9kuYf7gurc4rHzhJkQSC3ZEt1ve9XK
Nnv0hHY5SxQ9th8Ch2TBf/r/VtIBP6NoW7fy7Nn7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5MHzmkNhBpfqL/CiNv+AJeZQIKMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4NGVhYmFlLTQwZTUtNDU3NC04MjY0LTVhOTlhZGQyMTQwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2qjANBgkqhkiG9w0BAQsFAAOCAQEAJs9PQd6pAIy+DFxzHLMq7cp1ak1o
M5TDLpkFdzPLyjnjNgvvhsCLxorC6dBaWTKXOflbB1wwgBVkk4EhZtEj2UEYnXNh
w6IU4yn56x9W/JnT4Uugzo1SQ0dhe2huQqNLieWK2s2eRD/nhn2HIoijK/2ssh31
T3d94oK9Jx29FAqsSD0YPVOiEVgL+zpOT9OF2XjWD193SCbhi+3+cyGwV9Vv34Pz
vCmYRJPX5pL1ZlefB5cLB7ezttaJ6549rLdQy737HEevxYxAksFMgsCoqUSPFgpS
er+YNYgJunYEiNK19YWF23RWzKea2X9HIQPg+HYaCKtpOr4UmtWiGYEx3A==
-----END CERTIFICATE-----