Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b947a9ed-76c4-400f-9740-2172424a0184.roa
File:                     b947a9ed-76c4-400f-9740-2172424a0184.roa (raw, json)
Hash identifier:          R73Jv5T+1xuLDzNekZKUeeLv4R3O/XezWGjHkFgKKns=
Subject key identifier:   C6:8F:DA:AE:9D:56:19:B4:A4:6B:5D:12:F3:20:EC:13:DC:39:C7:5C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       136680CAFF202B1E677756E6D307D2C450D823B2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b947a9ed-76c4-400f-9740-2172424a0184.roa
Signing time:             Fri 10 Oct 2025 16:57:37 +0000
ROA not before:           Fri 10 Oct 2025 16:57:37 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.219.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:66:80:ca:ff:20:2b:1e:67:77:56:e6:d3:07:d2:c4:50:d8:23:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:57:37 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=04538c224668695f862b3d92c8a5b4fe75ca02ee990f9cdb70103f48a903e359, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cd:6f:3a:62:a9:eb:36:cd:16:1b:de:22:f5:
                    cd:ed:0e:37:1c:d2:85:22:6b:b9:fc:ed:ea:21:47:
                    fd:75:fb:f2:e3:64:6f:24:26:a9:41:62:9b:09:0d:
                    13:bc:67:fe:d5:45:2c:0e:ee:e0:89:a8:06:4c:3e:
                    e5:9e:bf:9a:29:b0:4a:3a:70:d5:00:a4:5b:c4:1e:
                    91:8b:25:c2:4f:f4:88:67:5e:b0:6e:24:ff:50:92:
                    24:f2:ea:48:ab:8e:92:7b:d8:ce:dd:1b:02:ef:e8:
                    37:0c:02:1b:e8:01:51:e2:86:b1:05:ba:5a:37:34:
                    2e:8d:77:61:fe:b3:a8:2b:5e:44:0c:6b:27:ce:00:
                    ee:7b:df:3b:50:84:49:e9:db:32:a3:e6:b5:9e:6a:
                    e3:db:f1:de:35:77:61:7b:5e:2a:3c:25:37:b6:7d:
                    4b:5a:4c:74:20:52:8a:83:18:0b:72:e0:07:b7:67:
                    04:a2:ee:03:90:0d:e0:2d:f2:a6:e6:e4:6c:1a:32:
                    43:49:3e:38:16:9e:f3:e0:b5:00:ee:dd:31:d3:30:
                    0c:39:96:0f:3a:b8:db:4a:c3:c0:c7:c5:9e:c3:e1:
                    1a:20:1c:3e:a2:84:c5:f3:58:2c:9e:43:25:ae:9b:
                    80:33:18:4e:46:2a:5a:51:65:ea:70:24:62:79:07:
                    a3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:8F:DA:AE:9D:56:19:B4:A4:6B:5D:12:F3:20:EC:13:DC:39:C7:5C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b947a9ed-76c4-400f-9740-2172424a0184.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.219.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         32:9d:7c:7b:d3:e8:c8:da:2f:fa:ac:40:c0:d2:58:23:26:ea:
         95:22:d0:cb:7c:7c:71:eb:2a:91:3c:8b:f3:6d:4d:06:95:6a:
         9f:be:7b:bf:0f:48:29:5e:59:66:22:53:0b:f0:30:2f:8f:78:
         71:21:84:14:66:b1:74:98:8b:bf:93:03:d8:ac:6a:28:21:18:
         cb:4e:fc:ac:21:f5:46:a9:f9:3e:64:45:ea:1d:42:0d:23:cc:
         bd:e1:1a:dd:94:e2:73:f7:62:b5:a1:9b:17:6d:d3:24:02:fb:
         46:5d:86:58:a2:48:65:9e:aa:26:84:41:e7:96:fb:4f:38:d1:
         62:96:b6:1c:b2:54:ae:cf:ca:a9:89:53:da:b4:4a:98:17:7c:
         4f:42:a7:57:40:30:a6:d0:bb:17:fe:cd:9f:d5:6a:44:9b:1e:
         ae:84:51:a8:6d:9c:e3:13:b0:e6:74:f8:30:37:ad:f2:00:cc:
         31:00:e0:24:7f:77:f8:c3:97:41:7d:1d:d2:b9:1e:c2:5e:9a:
         2b:90:84:01:87:17:eb:8d:c3:70:60:2f:d5:7b:e7:b1:fc:a7:
         b7:ee:a3:fb:ba:d6:d4:59:5a:47:36:0a:55:81:aa:ff:3d:c4:
         64:61:46:98:b5:a7:bf:87:21:7f:cf:83:13:97:28:f1:78:a6:
         0f:76:5c:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE2aAyv8gKx5nd1bm0wfSxFDYI7IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTY1NzM3WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDUzOGMyMjQ2Njg2OTVmODYyYjNkOTJjOGE1YjRmZTc1
Y2EwMmVlOTkwZjljZGI3MDEwM2Y0OGE5MDNlMzU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfzW86YqnrNs0WG94i9c3tDjcc0oUia7n87eohR/11+/Lj
ZG8kJqlBYpsJDRO8Z/7VRSwO7uCJqAZMPuWev5opsEo6cNUApFvEHpGLJcJP9Ihn
XrBuJP9QkiTy6kirjpJ72M7dGwLv6DcMAhvoAVHihrEFulo3NC6Nd2H+s6grXkQM
ayfOAO573ztQhEnp2zKj5rWeauPb8d41d2F7Xio8JTe2fUtaTHQgUoqDGAty4Ae3
ZwSi7gOQDeAt8qbm5GwaMkNJPjgWnvPgtQDu3THTMAw5lg86uNtKw8DHxZ7D4Rog
HD6ihMXzWCyeQyWum4AzGE5GKlpRZepwJGJ5B6ONAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxo/arp1WGbSka10S8yDsE9w5x1wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I5NDdhOWVkLTc2YzQtNDAwZi05NzQwLTIxNzI0MjRhMDE4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY228AwDQYJKoZIhvcNAQELBQADggEBADKdfHvT6MjaL/qsQMDSWCMm6pUi
0Mt8fHHrKpE8i/NtTQaVap++e78PSCleWWYiUwvwMC+PeHEhhBRmsXSYi7+TA9is
aighGMtO/Kwh9Uap+T5kReodQg0jzL3hGt2U4nP3YrWhmxdt0yQC+0ZdhliiSGWe
qiaEQeeW+0840WKWthyyVK7PyqmJU9q0SpgXfE9Cp1dAMKbQuxf+zZ/VakSbHq6E
UahtnOMTsOZ0+DA3rfIAzDEA4CR/d/jDl0F9HdK5HsJemiuQhAGHF+uNw3BgL9V7
57H8p7fuo/u61tRZWkc2ClWBqv89xGRhRpi1p7+HIX/PgxOXKPF4pg92XFg=
-----END CERTIFICATE-----