Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2dc4860-743a-4998-bb62-48e09220f1cf.roa
File:                     b2dc4860-743a-4998-bb62-48e09220f1cf.roa (raw, json)
Hash identifier:          VOUrelg0j/CVThhVzwaZPs7SpsQ0EovZPQ8F0eSWfLE=
Subject key identifier:   B8:04:3A:7A:B5:C6:73:A5:09:92:E7:BC:BB:0C:22:56:95:26:52:3D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A2ED620C4DF69E6F208B69B8479A37A7C5796A9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2dc4860-743a-4998-bb62-48e09220f1cf.roa
Signing time:             Fri 26 Sep 2025 03:00:44 +0000
ROA not before:           Fri 26 Sep 2025 03:00:44 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:2e:d6:20:c4:df:69:e6:f2:08:b6:9b:84:79:a3:7a:7c:57:96:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 03:00:44 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=501feeae99d7f2ef7d8fe368d7c578c571c53219eafb2c788756d7f64446668a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:94:61:a1:f8:35:61:b3:60:87:a3:cb:2e:66:
                    ce:ba:b1:1d:fe:12:9e:9f:c7:00:06:8e:8e:fa:06:
                    70:ee:a9:57:46:ad:5d:90:84:f4:53:27:69:07:e7:
                    ff:6f:87:c2:40:ce:23:71:1e:62:c1:36:ff:2e:b4:
                    0b:29:9a:62:3b:70:a6:a5:f4:e4:73:9d:8f:69:c2:
                    99:66:de:5a:19:57:41:8e:59:73:e5:f9:30:ab:fc:
                    f1:68:a4:e8:c8:4e:43:9c:93:17:6a:01:ab:e1:f0:
                    92:9c:a0:08:08:a6:5a:14:90:b2:1a:dd:13:f6:6d:
                    d7:d5:cd:76:eb:97:c5:29:78:87:ca:1a:c5:6d:69:
                    54:05:9d:45:b1:6d:2f:e0:62:cb:8f:53:cd:f7:95:
                    40:b7:a3:81:5c:fb:0d:39:a6:a8:25:19:51:71:80:
                    ba:06:cd:6d:77:dd:29:84:9b:a4:2c:69:2c:83:13:
                    12:51:73:36:01:5e:4c:a1:2e:50:fe:18:76:68:46:
                    c8:94:c6:68:13:ad:df:89:77:f4:d5:23:45:12:a5:
                    5e:c4:f9:0a:14:5a:4c:73:cc:11:f1:25:73:ef:31:
                    d2:2e:31:06:c4:0f:58:e8:26:8a:b3:f8:99:57:41:
                    fd:26:03:a9:14:a4:61:8b:c5:de:cd:81:d2:57:b8:
                    e3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:04:3A:7A:B5:C6:73:A5:09:92:E7:BC:BB:0C:22:56:95:26:52:3D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2dc4860-743a-4998-bb62-48e09220f1cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:02:d7:04:b1:3b:3e:b2:40:d5:7b:32:90:a2:f9:71:7c:40:
         98:71:e9:78:2b:31:a9:32:d5:bc:58:a8:c0:8f:ed:0e:67:d5:
         a4:31:7f:6d:d9:75:2f:b3:a7:34:29:be:d0:c7:18:db:cd:93:
         2a:80:37:af:1a:ce:11:50:1c:a9:cf:0f:96:99:15:f2:0b:1b:
         af:91:7f:06:10:65:28:67:c8:86:c9:cf:78:bc:c3:7f:18:00:
         d1:5b:7b:1a:36:cd:6b:32:93:23:5c:e3:28:bc:0e:66:d7:48:
         4b:12:58:e0:2d:88:29:62:1d:4e:f2:16:74:12:50:33:c5:73:
         0c:46:2b:5d:e4:d6:32:c2:79:81:ad:be:09:5f:e4:08:f2:af:
         87:38:70:fe:39:59:bc:11:b0:a9:88:b7:b3:cc:f2:dc:b7:9b:
         ae:15:15:32:d2:d0:f6:25:e2:3d:ba:b4:fe:fe:a3:80:b7:7a:
         6a:c9:ed:65:c6:84:e1:fb:7d:6d:f5:55:c4:69:cc:51:c8:fc:
         14:7a:81:28:e5:17:f6:ec:a8:38:a6:bd:a5:5d:b9:fa:9b:c0:
         20:d3:91:2e:29:23:a7:41:04:07:19:87:aa:c8:ef:62:04:fc:
         1b:40:28:72:fd:3e:36:64:7f:83:4a:7c:48:b8:14:aa:82:71:
         43:85:22:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSi7WIMTfaebyCLabhHmjenxXlqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDMwMDQ0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDFmZWVhZTk5ZDdmMmVmN2Q4ZmUzNjhkN2M1NzhjNTcx
YzUzMjE5ZWFmYjJjNzg4NzU2ZDdmNjQ0NDY2NjhhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7lGGh+DVhs2CHo8suZs66sR3+Ep6fxwAGjo76BnDuqVdG
rV2QhPRTJ2kH5/9vh8JAziNxHmLBNv8utAspmmI7cKal9ORznY9pwplm3loZV0GO
WXPl+TCr/PFopOjITkOckxdqAavh8JKcoAgIploUkLIa3RP2bdfVzXbrl8UpeIfK
GsVtaVQFnUWxbS/gYsuPU833lUC3o4Fc+w05pqglGVFxgLoGzW133SmEm6QsaSyD
ExJRczYBXkyhLlD+GHZoRsiUxmgTrd+Jd/TVI0USpV7E+QoUWkxzzBHxJXPvMdIu
MQbED1joJoqz+JlXQf0mA6kUpGGLxd7NgdJXuONxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuAQ6erXGc6UJkue8uwwiVpUmUj0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IyZGM0ODYwLTc0M2EtNDk5OC1iYjYyLTQ4ZTA5MjIwZjFjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI276wwDQYJKoZIhvcNAQELBQADggEBAEEC1wSxOz6yQNV7MpCi+XF8QJhx
6XgrMaky1bxYqMCP7Q5n1aQxf23ZdS+zpzQpvtDHGNvNkyqAN68azhFQHKnPD5aZ
FfILG6+RfwYQZShnyIbJz3i8w38YANFbexo2zWsykyNc4yi8DmbXSEsSWOAtiCli
HU7yFnQSUDPFcwxGK13k1jLCeYGtvglf5Ajyr4c4cP45WbwRsKmIt7PM8ty3m64V
FTLS0PYl4j26tP7+o4C3emrJ7WXGhOH7fW31VcRpzFHI/BR6gSjlF/bsqDimvaVd
ufqbwCDTkS4pI6dBBAcZh6rI72IE/BtAKHL9PjZkf4NKfEi4FKqCcUOFIv8=
-----END CERTIFICATE-----