Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99fae081-977d-40d2-9ac1-8d3f01fc6416.roa
File:                     99fae081-977d-40d2-9ac1-8d3f01fc6416.roa (raw, json)
Hash identifier:          CfQ3bsOkbBGCqGekzGL3CohN7u9dcq8FjKgVsBAt9nU=
Subject key identifier:   6B:31:D6:64:30:91:5F:3B:A5:B9:85:99:6F:F1:4A:0F:CE:0E:9D:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3062C5B7BF62ADC768314BC6EBA9ADB7924D32E2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99fae081-977d-40d2-9ac1-8d3f01fc6416.roa
Signing time:             Fri 26 Sep 2025 03:06:46 +0000
ROA not before:           Fri 26 Sep 2025 03:06:46 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.192.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:62:c5:b7:bf:62:ad:c7:68:31:4b:c6:eb:a9:ad:b7:92:4d:32:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 03:06:46 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=d6e7379e319d611f30c134e9f6237f93c945ff5d70ae791ec2b0eb14d238d643, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1f:d1:9f:11:0f:5b:74:fc:dd:b0:7b:e7:d3:
                    1d:6b:30:79:20:85:f5:04:53:40:78:6f:6a:11:b4:
                    fd:14:ad:21:24:e2:b0:03:93:46:b3:72:7e:e2:b1:
                    f5:b6:b6:f0:0b:3e:bb:4d:96:cb:f7:98:8c:cb:c5:
                    e3:66:d5:57:64:c5:9c:03:32:08:7d:b1:ba:02:39:
                    8c:c5:56:72:60:48:8e:32:a7:5b:38:91:ce:00:30:
                    72:48:20:d5:6b:0c:83:54:bc:77:3f:07:e7:b4:3d:
                    7c:28:02:1c:50:25:9e:65:17:cd:6a:f9:73:55:09:
                    2a:6b:02:d0:6b:6a:67:82:56:41:4a:50:90:2b:7e:
                    3b:a3:4e:d6:c7:0c:fe:97:31:42:bc:ed:9b:d6:06:
                    21:7a:bc:c2:97:ff:a9:c6:18:02:80:5b:2f:64:03:
                    d6:87:d6:70:6f:83:44:2d:13:15:38:a5:86:d2:8a:
                    f6:97:70:1f:4f:9c:da:d1:b7:19:7b:c0:79:68:6d:
                    be:b1:55:4f:c2:7a:a8:24:86:35:3a:84:00:b6:19:
                    28:2d:2f:2e:a2:b8:3c:05:0f:21:19:07:d2:e3:0b:
                    1f:f0:4c:60:a0:09:48:fb:90:50:eb:21:99:9b:07:
                    6b:d7:98:b2:cf:3a:e7:82:d2:1c:56:69:48:e7:ca:
                    da:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:31:D6:64:30:91:5F:3B:A5:B9:85:99:6F:F1:4A:0F:CE:0E:9D:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99fae081-977d-40d2-9ac1-8d3f01fc6416.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:61:94:1f:9e:dc:20:bd:16:ea:34:0b:4e:11:6c:df:43:33:
         22:e2:5a:3e:48:9b:24:11:cc:c8:42:f4:87:31:f2:f1:e6:03:
         50:c0:be:3c:f4:d8:25:c9:01:46:bb:a2:29:7c:1a:b3:7e:e7:
         17:9b:d9:19:3f:93:91:29:84:d5:74:5a:44:78:ae:bf:4d:20:
         0b:a9:35:30:b1:d3:84:d9:21:2e:b4:37:ec:a6:99:2e:c4:9a:
         51:e4:2b:dc:ba:6d:e5:81:be:3b:f0:57:b2:4d:0b:44:01:d1:
         1a:c7:93:0e:bf:71:e2:42:fd:ae:3e:18:b0:eb:a1:ff:fa:5d:
         92:45:ed:8a:72:23:19:c4:a4:22:46:22:f3:d7:35:b9:8d:62:
         ed:d9:ff:b4:8f:7d:8c:89:fe:eb:03:c3:de:04:e1:35:c4:d5:
         0d:aa:c5:ae:ca:4e:30:68:08:d8:f6:ce:99:03:81:63:e7:61:
         87:b3:48:b7:bc:52:3d:8b:25:62:c0:7f:2b:17:79:11:e8:b7:
         9b:1a:89:26:f5:1a:cb:8d:8e:5e:8d:b7:4d:56:b2:10:6c:be:
         d7:58:c0:66:76:8a:7b:14:06:c1:6a:64:9a:b7:53:5a:95:17:
         5a:5d:a7:02:38:f7:e8:f5:75:08:ae:68:ff:d0:92:90:af:4d:
         93:d2:08:d6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMGLFt79ircdoMUvG66mtt5JNMuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDMwNjQ2WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNmU3Mzc5ZTMxOWQ2MTFmMzBjMTM0ZTlmNjIzN2Y5M2M5
NDVmZjVkNzBhZTc5MWVjMmIwZWIxNGQyMzhkNjQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVH9GfEQ9bdPzdsHvn0x1rMHkghfUEU0B4b2oRtP0UrSEk
4rADk0azcn7isfW2tvALPrtNlsv3mIzLxeNm1VdkxZwDMgh9sboCOYzFVnJgSI4y
p1s4kc4AMHJIINVrDINUvHc/B+e0PXwoAhxQJZ5lF81q+XNVCSprAtBrameCVkFK
UJArfjujTtbHDP6XMUK87ZvWBiF6vMKX/6nGGAKAWy9kA9aH1nBvg0QtExU4pYbS
ivaXcB9PnNrRtxl7wHlobb6xVU/CeqgkhjU6hAC2GSgtLy6iuDwFDyEZB9LjCx/w
TGCgCUj7kFDrIZmbB2vXmLLPOueC0hxWaUjnyto/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUazHWZDCRXzuluYWZb/FKD84OnXEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5ZmFlMDgxLTk3N2QtNDBkMi05YWMxLThkM2YwMWZjNjQxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM278AwDQYJKoZIhvcNAQELBQADggEBACVhlB+e3CC9Fuo0C04RbN9DMyLi
Wj5ImyQRzMhC9Icx8vHmA1DAvjz02CXJAUa7oil8GrN+5xeb2Rk/k5EphNV0WkR4
rr9NIAupNTCx04TZIS60N+ymmS7EmlHkK9y6beWBvjvwV7JNC0QB0RrHkw6/ceJC
/a4+GLDrof/6XZJF7YpyIxnEpCJGIvPXNbmNYu3Z/7SPfYyJ/usDw94E4TXE1Q2q
xa7KTjBoCNj2zpkDgWPnYYezSLe8Uj2LJWLAfysXeRHot5saiSb1GsuNjl6Nt01W
shBsvtdYwGZ2insUBsFqZJq3U1qVF1pdpwI49+j1dQiuaP/QkpCvTZPSCNY=
-----END CERTIFICATE-----