Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d22611eb-98da-4dc9-9c35-427f7a496dff.roa
File:                     d22611eb-98da-4dc9-9c35-427f7a496dff.roa (raw, json)
Hash identifier:          /O55IxGtZ8zToZMcm1CaQ47DCXLWNkzOml90OuzM4CU=
Subject key identifier:   90:D9:D1:6D:C9:50:26:0E:E6:7F:A2:6C:24:4D:D9:31:67:A1:B2:5A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6FC1025C7FD8D8117D1603F475829D34711EF6DF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d22611eb-98da-4dc9-9c35-427f7a496dff.roa
Signing time:             Sun 19 Oct 2025 06:01:21 +0000
ROA not before:           Sun 19 Oct 2025 06:01:21 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:c1:02:5c:7f:d8:d8:11:7d:16:03:f4:75:82:9d:34:71:1e:f6:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 06:01:21 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=f2e04ab0f0edcbbe2a677d4426d0d20870de4e339efcb11d33b140d5703c490e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:06:3a:cc:e4:40:0b:23:94:f3:f9:c6:ab:
                    52:af:b2:32:a1:ef:46:83:97:cc:96:c5:20:fe:52:
                    c3:8f:9b:8f:a5:7c:5c:ed:c0:9e:13:f4:4f:8a:29:
                    a1:cb:6f:0d:69:28:d1:1e:3b:d2:90:eb:75:25:f7:
                    24:d0:7d:b6:db:91:a3:68:f3:00:29:97:77:f3:b6:
                    88:20:1a:89:6d:91:9d:74:d7:1d:fe:cf:31:1e:4d:
                    38:a0:02:f7:f9:c5:9e:29:17:43:3a:36:b0:49:20:
                    fe:d2:e4:1f:f0:7c:9b:38:84:0a:46:97:6f:24:c1:
                    c0:61:ad:ea:b3:18:b9:3c:11:aa:b8:fb:de:64:76:
                    f2:73:c8:b2:0a:9d:f0:e5:35:3b:b9:3b:14:c4:b7:
                    f4:90:4f:0c:55:39:b3:3c:9e:b1:60:c9:09:50:f7:
                    47:21:ea:2c:28:2c:de:dc:4a:a0:3f:b2:de:90:0d:
                    16:51:cd:33:35:a6:64:7b:84:29:40:bd:f2:5c:01:
                    03:1a:98:f9:42:42:10:63:c1:d6:a7:f9:c3:12:3a:
                    29:a3:17:9a:e2:90:0a:69:63:c6:33:e3:22:65:30:
                    1b:44:99:79:7e:d3:d8:79:ed:86:d6:ec:20:ad:6c:
                    df:a9:16:c2:4b:89:1f:74:51:0c:c0:19:73:e9:6b:
                    ab:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D9:D1:6D:C9:50:26:0E:E6:7F:A2:6C:24:4D:D9:31:67:A1:B2:5A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d22611eb-98da-4dc9-9c35-427f7a496dff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:c3:5b:ed:74:26:a8:eb:d2:66:06:c4:c5:c4:7e:63:ba:0a:
         e5:3f:7a:aa:cb:c6:81:b4:24:5e:f9:0e:fd:85:cd:bb:e0:36:
         66:97:c8:20:04:b7:07:ac:d6:85:ec:2a:bd:95:77:d5:99:ee:
         03:c6:a9:58:53:c4:c7:17:34:f6:62:f8:fc:1d:98:ed:9b:5b:
         ea:b9:59:b6:6a:0e:57:ae:7b:fc:66:8f:8f:8a:79:8f:c4:ed:
         91:90:2f:76:7a:ca:66:02:9e:8e:ec:75:d5:90:e2:9f:bb:21:
         8f:e7:63:3c:d3:27:7a:b9:8e:ce:13:c0:a5:0b:9d:3f:1a:b8:
         6f:9d:8a:57:b7:8e:41:5e:a8:b8:b8:32:97:ca:92:22:9c:da:
         90:88:ba:71:dc:9e:8a:be:ce:47:a4:ea:33:1a:3c:a3:d6:d9:
         ab:85:b3:99:8b:3c:9e:42:35:98:e2:50:8c:7c:c9:5e:95:71:
         8b:72:93:bd:e2:99:08:4d:ff:2c:c2:dc:4c:32:4b:5b:c6:09:
         82:00:37:de:0e:b7:28:56:d6:38:4a:1c:b0:b6:73:32:9e:eb:
         fa:e6:7d:a3:64:1c:0e:69:0b:38:fe:db:c6:5a:8b:08:00:d0:
         a0:d2:e7:eb:69:73:9c:54:74:3a:a1:89:d2:d4:a5:eb:c8:de:
         5b:17:09:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb8ECXH/Y2BF9FgP0dYKdNHEe9t8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDYwMTIxWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmUwNGFiMGYwZWRjYmJlMmE2NzdkNDQyNmQwZDIwODcw
ZGU0ZTMzOWVmY2IxMWQzM2IxNDBkNTcwM2M0OTBlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxHQY6zORACyOU8/nGq1KvsjKh70aDl8yWxSD+UsOPm4+l
fFztwJ4T9E+KKaHLbw1pKNEeO9KQ63Ul9yTQfbbbkaNo8wApl3fztoggGoltkZ10
1x3+zzEeTTigAvf5xZ4pF0M6NrBJIP7S5B/wfJs4hApGl28kwcBhreqzGLk8Eaq4
+95kdvJzyLIKnfDlNTu5OxTEt/SQTwxVObM8nrFgyQlQ90ch6iwoLN7cSqA/st6Q
DRZRzTM1pmR7hClAvfJcAQMamPlCQhBjwdan+cMSOimjF5rikAppY8Yz4yJlMBtE
mXl+09h57YbW7CCtbN+pFsJLiR90UQzAGXPpa6trAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkNnRbclQJg7mf6JsJE3ZMWehslowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QyMjYxMWViLTk4ZGEtNGRjOS05YzM1LTQyN2Y3YTQ5NmRmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI28FQwDQYJKoZIhvcNAQELBQADggEBAIrDW+10Jqjr0mYGxMXEfmO6CuU/
eqrLxoG0JF75Dv2FzbvgNmaXyCAEtwes1oXsKr2Vd9WZ7gPGqVhTxMcXNPZi+Pwd
mO2bW+q5WbZqDleue/xmj4+KeY/E7ZGQL3Z6ymYCno7sddWQ4p+7IY/nYzzTJ3q5
js4TwKULnT8auG+dile3jkFeqLi4MpfKkiKc2pCIunHcnoq+zkek6jMaPKPW2auF
s5mLPJ5CNZjiUIx8yV6VcYtyk73imQhN/yzC3EwyS1vGCYIAN94OtyhW1jhKHLC2
czKe6/rmfaNkHA5pCzj+28ZaiwgA0KDS5+tpc5xUdDqhidLUpevI3lsXCbE=
-----END CERTIFICATE-----