Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d10ec203-44c7-4617-a578-ca38aeff57f9.roa
File:                     d10ec203-44c7-4617-a578-ca38aeff57f9.roa (raw, json)
Hash identifier:          udX69yGTR6FeAUd+lv4P8vh4SIOMycpOlACDO0r0s6o=
Subject key identifier:   2B:B8:66:EC:B6:0E:16:7F:9E:2B:87:F4:1F:85:22:AC:28:BE:52:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A8C1CD4B4A3EFEE2688D6B16F95AD6F10DE0204
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d10ec203-44c7-4617-a578-ca38aeff57f9.roa
Signing time:             Fri 07 Nov 2025 01:20:56 +0000
ROA not before:           Fri 07 Nov 2025 01:20:56 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.156.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 08 Nov 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:8c:1c:d4:b4:a3:ef:ee:26:88:d6:b1:6f:95:ad:6f:10:de:02:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  7 01:20:56 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=f54ea7059f71f0efb586e6d43f623c2821e64977e876b3aa20140429d38a148c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:31:d6:dd:55:78:eb:e2:9e:1e:af:c1:8b:49:
                    67:cf:4a:49:0f:0f:27:1b:fd:9b:9f:9f:60:6f:3d:
                    68:2e:08:32:c8:bc:a0:b3:5d:f5:93:ca:b1:e0:c1:
                    be:21:fe:7c:3c:23:a6:61:0c:a1:3c:a4:4e:a5:8e:
                    32:47:e8:5e:03:d3:c8:65:bc:f9:52:cb:5b:fb:30:
                    25:a6:c4:96:8a:61:db:54:38:33:67:e5:94:01:af:
                    69:9d:ec:50:5a:3e:68:c4:a9:4d:b7:0b:72:34:a1:
                    ec:43:22:a9:bf:f9:f9:1c:73:49:d0:50:31:14:ec:
                    93:83:46:7b:b8:18:8c:da:41:c5:81:dc:28:0f:23:
                    ea:20:d0:de:db:3e:eb:72:df:ea:22:2c:a5:d4:7f:
                    63:d4:96:c8:71:66:1b:b0:75:cd:a1:ae:f1:a1:b5:
                    33:5c:a1:66:a9:03:d3:e3:7b:f3:62:75:39:8a:6d:
                    53:31:a1:1f:3a:75:94:f9:2d:14:0d:82:0a:c1:bc:
                    a2:34:49:85:15:d0:20:56:a2:63:8d:e6:3a:36:3b:
                    37:a3:f4:ad:cb:3d:45:75:44:e9:09:52:68:e6:43:
                    5e:5d:65:4f:95:be:33:59:c3:73:ba:62:29:c4:c7:
                    32:10:e9:8a:d3:52:dc:b3:b6:1f:6f:8a:8d:3c:d2:
                    6d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B8:66:EC:B6:0E:16:7F:9E:2B:87:F4:1F:85:22:AC:28:BE:52:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d10ec203-44c7-4617-a578-ca38aeff57f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.156.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         74:ba:27:4a:41:43:a8:35:6f:cd:20:9e:67:b0:bb:99:6f:db:
         a3:54:25:e0:c4:82:a8:83:6a:76:6e:df:da:2f:f6:d5:51:2b:
         a3:e1:f5:15:6b:37:78:a8:ce:17:9d:c3:a5:0d:1f:e2:54:cb:
         00:d5:bd:0d:cd:c7:bf:90:90:25:9f:aa:bb:ff:66:91:f2:47:
         14:02:58:c3:8a:5b:82:69:e2:60:62:af:8a:be:46:22:94:e5:
         9d:cc:ed:1c:c0:48:7a:27:cf:fa:d7:79:66:39:ca:ea:d4:d5:
         d3:cc:fc:ca:0d:a2:f0:b7:eb:4e:c0:f2:52:d6:48:cc:5c:0e:
         c2:28:e6:ad:a8:11:8f:16:ec:dc:65:31:57:d3:bd:15:6e:ea:
         e6:77:89:1c:3c:66:49:44:3a:58:2d:e0:e9:ff:b3:91:87:13:
         31:1b:5b:bb:64:6e:9b:f6:e3:59:4f:0f:02:e5:fc:d9:16:0b:
         8b:16:9f:f9:b5:9a:b9:cc:1f:57:cf:42:6f:0f:2a:46:f2:ec:
         89:5d:9a:f1:74:5a:4b:fb:57:08:82:79:45:62:c9:c6:85:c2:
         16:a1:16:40:ac:35:8d:83:35:f8:51:d0:22:99:e3:40:bd:fc:
         7d:1a:50:90:bd:66:82:b8:0e:11:e7:76:26:a0:2a:c9:e6:1c:
         0c:eb:9b:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaowc1LSj7+4miNaxb5WtbxDeAgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA3MDEyMDU2WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTRlYTcwNTlmNzFmMGVmYjU4NmU2ZDQzZjYyM2MyODIx
ZTY0OTc3ZTg3NmIzYWEyMDE0MDQyOWQzOGExNDhjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOMdbdVXjr4p4er8GLSWfPSkkPDycb/Zufn2BvPWguCDLI
vKCzXfWTyrHgwb4h/nw8I6ZhDKE8pE6ljjJH6F4D08hlvPlSy1v7MCWmxJaKYdtU
ODNn5ZQBr2md7FBaPmjEqU23C3I0oexDIqm/+fkcc0nQUDEU7JODRnu4GIzaQcWB
3CgPI+og0N7bPuty3+oiLKXUf2PUlshxZhuwdc2hrvGhtTNcoWapA9Pje/NidTmK
bVMxoR86dZT5LRQNggrBvKI0SYUV0CBWomON5jo2Ozej9K3LPUV1ROkJUmjmQ15d
ZU+VvjNZw3O6YinExzIQ6YrTUtyzth9vio080m2JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK7hm7LYOFn+eK4f0H4UirCi+Ut4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QxMGVjMjAzLTQ0YzctNDYxNy1hNTc4LWNhMzhhZWZmNTdmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2nAgwDQYJKoZIhvcNAQELBQADggEBAHS6J0pBQ6g1b80gnmewu5lv26NU
JeDEgqiDanZu39ov9tVRK6Ph9RVrN3iozhedw6UNH+JUywDVvQ3Nx7+QkCWfqrv/
ZpHyRxQCWMOKW4Jp4mBir4q+RiKU5Z3M7RzASHonz/rXeWY5yurU1dPM/MoNovC3
607A8lLWSMxcDsIo5q2oEY8W7NxlMVfTvRVu6uZ3iRw8ZklEOlgt4On/s5GHEzEb
W7tkbpv241lPDwLl/NkWC4sWn/m1mrnMH1fPQm8PKkby7IldmvF0Wkv7VwiCeUVi
ycaFwhahFkCsNY2DNfhR0CKZ40C9/H0aUJC9ZoK4DhHndiagKsnmHAzrm8Y=
-----END CERTIFICATE-----