Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9641fc22-9bdb-48ae-a658-88893a97d179.roa
File:                     9641fc22-9bdb-48ae-a658-88893a97d179.roa (raw, json)
Hash identifier:          bd2lPaamQNtFP+UulLWKDMgEtznxUUOu+6tbeVpcLmc=
Subject key identifier:   C5:2F:66:CE:43:8C:18:54:7D:DA:0F:C1:61:F6:4E:D2:DB:52:92:CC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       04404C876270A8FB4A06067D827D65D89B5E53
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9641fc22-9bdb-48ae-a658-88893a97d179.roa
Signing time:             Mon 22 Sep 2025 23:38:19 +0000
ROA not before:           Mon 22 Sep 2025 23:38:19 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.46.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:40:4c:87:62:70:a8:fb:4a:06:06:7d:82:7d:65:d8:9b:5e:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:38:19 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=04cca2267dbba6edf6067fa29a12b783ece43755252b3712b2550142c854051a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:d4:30:2a:c6:e9:84:ed:73:30:31:08:55:
                    3c:97:54:e8:7f:d9:30:8a:0f:a9:d8:2e:1a:8c:c6:
                    43:cc:54:01:b6:bf:c7:7a:e5:1f:8e:61:47:e8:36:
                    4c:ca:75:99:12:a1:32:df:6c:61:b6:45:86:3c:0e:
                    b6:11:c2:87:f3:81:54:15:f3:72:54:c3:78:f9:f7:
                    02:03:3d:62:b0:b7:47:67:9e:73:42:01:96:42:0c:
                    31:3e:93:b2:31:5d:73:5e:f9:71:d5:63:95:bd:1b:
                    36:bf:2c:7f:4e:c8:33:f3:ca:e6:c7:55:49:f6:03:
                    4f:f2:b9:d5:fe:a4:a1:30:97:67:40:6c:cc:87:64:
                    0d:aa:f0:44:c4:41:48:ba:f1:dc:11:70:2f:6a:5b:
                    76:6a:bc:df:ce:30:43:db:41:b8:f8:1e:5e:7c:05:
                    66:a0:31:88:ce:88:39:a8:cb:08:cb:17:c9:03:f7:
                    a5:0c:10:af:6d:d7:e2:7c:dd:9f:d2:54:9a:e2:a9:
                    69:1c:3c:b2:4f:a6:f0:28:10:7e:9f:63:74:fa:bb:
                    49:8f:32:e1:c8:0c:a1:48:85:9b:ca:8e:f8:3b:6c:
                    18:74:f4:97:03:18:08:dc:ba:45:16:b0:ba:aa:e0:
                    b2:af:37:11:e5:38:a7:2d:31:e9:f8:2b:9b:0c:3e:
                    b9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2F:66:CE:43:8C:18:54:7D:DA:0F:C1:61:F6:4E:D2:DB:52:92:CC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9641fc22-9bdb-48ae-a658-88893a97d179.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:f7:07:d9:49:c3:f8:d0:10:5f:6c:83:59:a4:dd:2d:9a:18:
         24:8a:f6:dd:10:a4:01:29:ba:e8:ab:24:b4:91:0f:70:71:13:
         08:06:cf:db:43:0d:42:0f:a6:da:d6:d4:8f:9f:6a:fd:fc:b1:
         c5:9d:1e:2b:f2:98:87:36:7b:67:6f:13:c1:f8:36:9b:0f:6d:
         92:77:f6:90:69:a1:4c:0d:c7:9f:c1:65:f3:79:13:85:f9:1a:
         f3:d4:81:fd:94:40:a7:0a:de:00:b6:fe:6d:18:55:05:71:8f:
         95:59:d4:c2:79:c1:1c:28:80:f6:e1:e2:04:9d:c7:3c:25:e7:
         ba:97:96:90:13:e9:08:64:1d:ef:6c:28:97:6e:31:c7:4e:ca:
         b2:5b:e9:d3:98:5e:05:f9:d8:94:6f:67:0f:06:81:c6:5f:84:
         66:7c:b6:f3:48:f6:66:f2:a6:e6:eb:6f:92:fe:29:13:93:6d:
         83:30:41:58:33:e6:fc:3a:58:c7:a7:85:83:69:41:5b:5e:0e:
         80:8c:ee:7b:c2:7b:54:96:0b:ea:48:70:ac:5d:a1:a8:31:a3:
         ab:8f:8e:e2:64:3f:a3:f6:d5:59:4a:5d:45:d7:4f:9c:46:ab:
         2a:f3:11:0e:e7:8f:0a:18:da:c0:e9:ec:2f:c1:cc:3a:d1:63:
         9c:c3:37:5a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITBEBMh2JwqPtKBgZ9gn1l2JteUzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA5MjIyMzM4MTlaFw0yNTEwMjcyMzU5NTla
MHoxSTBHBgNVBAUTQDA0Y2NhMjI2N2RiYmE2ZWRmNjA2N2ZhMjlhMTJiNzgzZWNl
NDM3NTUyNTJiMzcxMmIyNTUwMTQyYzg1NDA1MWExLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALUw1DAqxumE7XMwMQhVPJdU6H/ZMIoPqdguGozGQ8xUAba/
x3rlH45hR+g2TMp1mRKhMt9sYbZFhjwOthHCh/OBVBXzclTDePn3AgM9YrC3R2ee
c0IBlkIMMT6TsjFdc175cdVjlb0bNr8sf07IM/PK5sdVSfYDT/K51f6koTCXZ0Bs
zIdkDarwRMRBSLrx3BFwL2pbdmq8384wQ9tBuPgeXnwFZqAxiM6IOajLCMsXyQP3
pQwQr23X4nzdn9JUmuKpaRw8sk+m8CgQfp9jdPq7SY8y4cgMoUiFm8qO+DtsGHT0
lwMYCNy6RRawuqrgsq83EeU4py0x6fgrmww+uc0CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTFL2bOQ4wYVH3aD8Fh9k7S21KSzDAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvOTY0MWZjMjItOWJkYi00OGFlLWE2NTgtODg4OTNhOTdkMTc5LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEADQuIjANBgkqhkiG9w0BAQsFAAOCAQEAS/cH2UnD+NAQX2yDWaTdLZoYJIr2
3RCkASm66KsktJEPcHETCAbP20MNQg+m2tbUj59q/fyxxZ0eK/KYhzZ7Z28Twfg2
mw9tknf2kGmhTA3Hn8Fl83kThfka89SB/ZRApwreALb+bRhVBXGPlVnUwnnBHCiA
9uHiBJ3HPCXnupeWkBPpCGQd72wol24xx07Kslvp05heBfnYlG9nDwaBxl+EZny2
80j2ZvKm5utvkv4pE5NtgzBBWDPm/DpYx6eFg2lBW14OgIzue8J7VJYL6khwrF2h
qDGjq4+O4mQ/o/bVWUpdRddPnEarKvMRDuePChjawOnsL8HMOtFjnMM3Wg==
-----END CERTIFICATE-----