Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aaf3a2ff-d6e0-4b27-b6f8-e4b614c37cf0.roa
File:                     aaf3a2ff-d6e0-4b27-b6f8-e4b614c37cf0.roa (raw, json)
Hash identifier:          58ja1SjxUvrhcDKCTVjBReARClT4eJtw5it9SSTtT5k=
Subject key identifier:   9B:EB:26:2F:93:B9:B4:3E:F1:C5:F1:BD:53:36:D1:A4:10:41:12:1B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       655463F91E414EE196C6D55EDBCE18D9C564A824
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aaf3a2ff-d6e0-4b27-b6f8-e4b614c37cf0.roa
Signing time:             Mon 22 Sep 2025 23:37:57 +0000
ROA not before:           Mon 22 Sep 2025 23:37:57 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.46.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:54:63:f9:1e:41:4e:e1:96:c6:d5:5e:db:ce:18:d9:c5:64:a8:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:37:57 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=11b83e6c8a575b37f0471df470439e5d75bebc934257277e505bd3b242116017, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:73:5c:11:34:a6:e1:af:96:9f:a1:83:af:5f:
                    61:2e:dd:fc:20:61:a3:70:e6:38:f7:10:65:0a:6c:
                    1b:86:6f:db:54:e6:6f:b3:ee:bb:78:ab:92:df:82:
                    5f:74:ee:da:a8:92:fb:d3:2a:a5:5c:03:a7:81:67:
                    57:78:e6:79:da:bc:8c:91:08:61:d9:48:e7:33:9e:
                    8f:78:5a:af:e8:4d:6a:b7:ad:df:93:72:60:16:9a:
                    6b:0d:9e:f2:0a:2c:22:09:18:8e:9d:30:d3:9c:3b:
                    31:c8:12:0f:30:10:4b:94:f3:78:d7:12:51:ce:5d:
                    e3:fc:6a:e5:eb:b9:be:45:8c:6d:2b:ac:14:7e:c8:
                    bc:22:0c:c8:84:c2:5b:ed:9b:ec:09:35:7c:4e:65:
                    9a:b3:82:73:d6:93:52:55:af:21:be:3c:04:01:8c:
                    1a:15:1f:98:cd:35:12:ac:1f:6e:0d:f0:77:2d:d6:
                    90:ff:30:5f:b1:7b:35:d5:d3:49:48:3d:13:76:29:
                    c1:a2:46:e2:6a:84:42:1f:e9:d3:a9:61:a2:3f:96:
                    39:1e:35:d7:a6:66:af:40:2b:de:b7:34:a4:ca:67:
                    8f:3f:7f:81:67:ce:f9:ff:f2:91:9f:58:44:e2:06:
                    44:84:22:7d:f4:1d:eb:e6:50:5e:0c:64:12:a8:99:
                    78:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:EB:26:2F:93:B9:B4:3E:F1:C5:F1:BD:53:36:D1:A4:10:41:12:1B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aaf3a2ff-d6e0-4b27-b6f8-e4b614c37cf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:53:18:b6:8a:d9:90:46:67:14:e7:26:8c:5f:7f:a0:cf:a4:
         40:89:c0:e9:db:49:27:ba:4d:e0:23:3e:c5:42:4d:1f:12:6d:
         9a:dd:0c:1c:b6:b3:1c:77:5a:7d:0f:5c:95:c3:db:9b:56:71:
         ae:ac:b0:45:e2:d2:ff:26:78:c7:64:f4:e4:a3:95:33:8c:18:
         ef:0c:e3:a2:fb:b0:aa:e5:b4:db:4f:7a:a6:44:ae:ee:6e:fa:
         9c:1a:42:67:a9:74:7f:5a:04:9a:c2:5d:49:bd:0b:88:17:b7:
         d8:df:aa:54:6a:03:09:82:72:fc:6b:12:ed:cc:c4:19:b9:3b:
         d2:78:14:27:2c:55:cf:8f:0b:b1:ec:52:9f:64:cc:cd:9c:37:
         a7:e9:39:7a:00:f5:0f:8a:07:95:61:c8:af:84:42:eb:55:9d:
         3e:ae:ba:00:fe:11:f3:98:05:ed:d8:d5:a2:44:3b:5e:a0:60:
         a7:8f:48:46:cd:c3:fd:14:a2:f4:56:11:4a:23:01:c0:e2:9f:
         f5:2b:0f:21:f5:61:bd:33:4a:04:64:29:2c:19:1d:6e:d2:7f:
         11:d7:5d:93:08:69:17:0e:0c:54:9f:b5:47:dd:a9:5b:b1:47:
         81:07:46:f3:fc:37:c9:7d:f9:0d:ea:a8:c4:bc:90:53:12:3d:
         f6:7e:4f:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZVRj+R5BTuGWxtVe284Y2cVkqCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjMzNzU3WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMWI4M2U2YzhhNTc1YjM3ZjA0NzFkZjQ3MDQzOWU1ZDc1
YmViYzkzNDI1NzI3N2U1MDViZDNiMjQyMTE2MDE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjc1wRNKbhr5afoYOvX2Eu3fwgYaNw5jj3EGUKbBuGb9tU
5m+z7rt4q5Lfgl907tqokvvTKqVcA6eBZ1d45nnavIyRCGHZSOczno94Wq/oTWq3
rd+TcmAWmmsNnvIKLCIJGI6dMNOcOzHIEg8wEEuU83jXElHOXeP8auXrub5FjG0r
rBR+yLwiDMiEwlvtm+wJNXxOZZqzgnPWk1JVryG+PAQBjBoVH5jNNRKsH24N8Hct
1pD/MF+xezXV00lIPRN2KcGiRuJqhEIf6dOpYaI/ljkeNdemZq9AK963NKTKZ48/
f4Fnzvn/8pGfWETiBkSEIn30HevmUF4MZBKomXgRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm+smL5O5tD7xxfG9UzbRpBBBEhswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhZjNhMmZmLWQ2ZTAtNGIyNy1iNmY4LWU0YjYxNGMzN2NmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0Lg4wDQYJKoZIhvcNAQELBQADggEBAGVTGLaK2ZBGZxTnJoxff6DPpECJ
wOnbSSe6TeAjPsVCTR8SbZrdDBy2sxx3Wn0PXJXD25tWca6ssEXi0v8meMdk9OSj
lTOMGO8M46L7sKrltNtPeqZEru5u+pwaQmepdH9aBJrCXUm9C4gXt9jfqlRqAwmC
cvxrEu3MxBm5O9J4FCcsVc+PC7HsUp9kzM2cN6fpOXoA9Q+KB5VhyK+EQutVnT6u
ugD+EfOYBe3Y1aJEO16gYKePSEbNw/0UovRWEUojAcDin/UrDyH1Yb0zSgRkKSwZ
HW7SfxHXXZMIaRcODFSftUfdqVuxR4EHRvP8N8l9+Q3qqMS8kFMSPfZ+Tz0=
-----END CERTIFICATE-----