Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aa5ff16a-b7a9-490e-99be-3eaaa71e154b.roa
File:                     aa5ff16a-b7a9-490e-99be-3eaaa71e154b.roa (raw, json)
Hash identifier:          WrKG4nZ8tU6sEC5vyIalLsDg/qcAw5S+lxjeSHj7tN4=
Subject key identifier:   77:56:11:40:87:3A:DA:84:65:10:EA:AA:38:76:BE:41:1A:74:C5:C2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       09487D26574370ED7A7139EDF8B05F72184E6416
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aa5ff16a-b7a9-490e-99be-3eaaa71e154b.roa
Signing time:             Tue 19 Aug 2025 15:30:29 +0000
ROA not before:           Tue 19 Aug 2025 15:30:29 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.254.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:48:7d:26:57:43:70:ed:7a:71:39:ed:f8:b0:5f:72:18:4e:64:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:30:29 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=fceea0402436cfef3678ff851a01c2b9977a5b9c7cfe25f22ecb48c346dbd603, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8e:0a:64:0e:e5:79:1f:b2:b4:ea:9b:24:33:
                    6c:d3:dd:22:f6:d3:7b:51:2f:c1:02:57:71:2a:7f:
                    69:8a:31:10:09:b0:dd:8b:85:6d:b1:72:52:e3:63:
                    68:97:43:c8:75:13:c6:e6:1c:33:db:1d:b7:2b:90:
                    74:93:7e:db:91:56:a8:8d:3b:00:8f:ec:bd:fa:2d:
                    24:c6:fa:25:24:a6:d2:b1:a5:9b:4b:7f:f8:f7:52:
                    72:8c:45:12:39:af:8e:3b:02:37:a4:e5:f1:ce:a3:
                    b6:6c:2d:e9:10:e7:e3:de:88:ff:3d:47:bd:ba:67:
                    f7:94:1d:ca:5f:f3:53:c8:ba:2d:e3:d8:00:e7:c2:
                    b9:ec:0f:c7:ad:93:a5:b3:60:89:ed:f9:ee:7d:b5:
                    2c:06:c1:45:a2:1d:17:fc:c8:50:14:04:ec:e9:46:
                    6c:53:16:42:91:9d:67:98:d8:5d:f3:6b:ed:43:6c:
                    5e:4c:ec:6c:96:14:42:52:84:08:f0:88:10:80:7f:
                    9c:e4:31:9c:dc:a9:d2:41:33:1c:d1:41:46:5b:07:
                    9d:47:a0:12:e7:81:97:ac:28:78:0c:51:5d:0b:02:
                    8f:57:a0:1a:4d:a1:aa:47:45:c7:6c:da:d8:ca:db:
                    a3:3d:88:51:60:f6:2c:26:60:76:74:ea:c9:1d:ff:
                    06:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:56:11:40:87:3A:DA:84:65:10:EA:AA:38:76:BE:41:1A:74:C5:C2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aa5ff16a-b7a9-490e-99be-3eaaa71e154b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.254.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         52:de:2b:f0:25:1f:e1:d9:84:d8:87:c1:b4:a9:18:cd:92:56:
         eb:26:e6:0f:d8:26:b4:c1:a9:64:de:57:91:d5:46:c7:19:f5:
         dd:c3:62:d1:d3:42:53:c3:8e:21:e2:d1:64:fc:68:55:1c:29:
         62:75:a4:0d:ac:71:c0:90:14:36:7c:e1:77:64:49:21:10:d1:
         07:d2:70:b4:df:3a:dc:18:87:b4:94:b4:47:5d:85:68:c0:ae:
         94:c3:a3:fb:3e:ff:b3:55:56:e1:79:fd:a3:5b:f9:47:48:72:
         2e:d5:5f:44:8c:6e:c7:b3:f8:1a:90:68:24:ca:34:83:3e:56:
         31:93:26:a1:9d:4a:6a:46:f0:0c:16:2a:c4:f2:18:ff:5f:5d:
         a2:62:37:f4:aa:94:c7:58:fc:cb:e4:36:28:92:33:ae:6f:48:
         12:08:ae:00:15:fc:64:9c:73:ce:59:3f:87:df:bf:39:fc:c1:
         43:ff:28:00:67:6c:67:4d:7d:ca:90:2d:ac:2b:14:93:92:6f:
         47:6d:c4:ee:17:bb:8e:a4:3a:02:89:68:45:5e:8f:e0:c3:6b:
         58:5c:93:86:ec:13:2f:b3:4e:4c:28:1d:db:82:92:03:1b:2f:
         0e:ac:7d:28:6a:ff:a2:93:24:63:2d:6f:3e:e4:2f:de:96:54:
         bf:bc:da:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCUh9JldDcO16cTnt+LBfchhOZBYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUzMDI5WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmY2VlYTA0MDI0MzZjZmVmMzY3OGZmODUxYTAxYzJiOTk3
N2E1YjljN2NmZTI1ZjIyZWNiNDhjMzQ2ZGJkNjAzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSjgpkDuV5H7K06pskM2zT3SL203tRL8ECV3Eqf2mKMRAJ
sN2LhW2xclLjY2iXQ8h1E8bmHDPbHbcrkHSTftuRVqiNOwCP7L36LSTG+iUkptKx
pZtLf/j3UnKMRRI5r447Ajek5fHOo7ZsLekQ5+PeiP89R726Z/eUHcpf81PIui3j
2ADnwrnsD8etk6WzYInt+e59tSwGwUWiHRf8yFAUBOzpRmxTFkKRnWeY2F3za+1D
bF5M7GyWFEJShAjwiBCAf5zkMZzcqdJBMxzRQUZbB51HoBLngZesKHgMUV0LAo9X
oBpNoapHRcds2tjK26M9iFFg9iwmYHZ06skd/wYJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd1YRQIc62oRlEOqqOHa+QRp0xcIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhNWZmMTZhLWI3YTktNDkwZS05OWJlLTNlYWFhNzFlMTU0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi/sAwDQYJKoZIhvcNAQELBQADggEBAFLeK/AlH+HZhNiHwbSpGM2SVusm
5g/YJrTBqWTeV5HVRscZ9d3DYtHTQlPDjiHi0WT8aFUcKWJ1pA2sccCQFDZ84Xdk
SSEQ0QfScLTfOtwYh7SUtEddhWjArpTDo/s+/7NVVuF5/aNb+UdIci7VX0SMbsez
+BqQaCTKNIM+VjGTJqGdSmpG8AwWKsTyGP9fXaJiN/SqlMdY/MvkNiiSM65vSBII
rgAV/GScc85ZP4ffvzn8wUP/KABnbGdNfcqQLawrFJOSb0dtxO4Xu46kOgKJaEVe
j+DDa1hck4bsEy+zTkwoHduCkgMbLw6sfShq/6KTJGMtbz7kL96WVL+82r0=
-----END CERTIFICATE-----