Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f70bc190-28d3-4312-9add-43a86be21508.roa
File:                     f70bc190-28d3-4312-9add-43a86be21508.roa (raw, json)
Hash identifier:          1Wr9ZvbfBGBnTc/Ij2roRHbYbETxjkgeEJdCfyO+U+E=
Subject key identifier:   CB:C2:B2:3A:7D:1B:EB:7A:EE:52:E4:F1:DE:49:D0:97:58:B7:37:BF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       76D1620FF7001E1EA3B7561CBE2974E82C6FE816
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f70bc190-28d3-4312-9add-43a86be21508.roa
Signing time:             Tue 19 Aug 2025 16:11:59 +0000
ROA not before:           Tue 19 Aug 2025 16:11:59 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.179.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d1:62:0f:f7:00:1e:1e:a3:b7:56:1c:be:29:74:e8:2c:6f:e8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 16:11:59 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=ee5d4436f85724375869414a53d30da540ad735bdeb7d22b6d1d724d4b9aaf58, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:26:3c:de:49:7a:15:d1:1c:f1:d2:3b:7a:62:
                    76:44:0d:cd:ee:24:7f:c7:0f:37:b5:d4:10:4e:0d:
                    9e:ea:e1:65:71:2b:69:dd:0d:24:8b:12:d7:8a:2b:
                    be:42:bb:4c:45:d5:d1:f9:e4:16:63:e9:de:5e:31:
                    39:7e:8d:65:1b:7f:19:ec:d4:f1:40:fd:67:d1:16:
                    ad:03:5e:92:56:d5:cc:3d:45:64:06:9c:26:3c:76:
                    c3:d6:21:57:8a:60:5a:74:be:5b:f5:97:86:6b:dc:
                    dd:02:ed:f6:bd:12:ec:1c:9e:a6:ab:7d:85:b5:af:
                    08:e3:b9:db:f1:18:65:4f:de:7c:4d:7e:be:99:16:
                    1b:ce:e9:bc:42:a7:85:33:11:25:fa:68:80:5c:66:
                    a8:68:c5:e7:26:ac:ed:b4:f8:85:b6:6a:9c:86:b2:
                    61:12:1c:c6:ad:dd:82:64:bf:77:ba:6a:dc:ec:de:
                    3b:41:ad:2c:84:71:5e:65:4e:f5:da:f2:34:a2:0b:
                    4f:8b:1a:bc:e4:1d:0a:90:9a:cd:a3:7c:a6:18:ef:
                    a3:0c:cc:14:d0:98:31:ce:ae:de:d7:22:87:07:f9:
                    f8:b5:1f:62:99:4b:22:6e:d1:f8:a3:0d:00:6c:a2:
                    37:6a:de:31:c7:bc:7c:aa:d9:08:8c:59:38:06:20:
                    84:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:C2:B2:3A:7D:1B:EB:7A:EE:52:E4:F1:DE:49:D0:97:58:B7:37:BF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f70bc190-28d3-4312-9add-43a86be21508.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.179.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5e:92:c0:1f:25:2c:b3:cd:e4:84:9e:22:fd:fd:44:92:0d:23:
         8f:a3:86:c0:c6:6f:73:02:72:78:cf:f9:99:eb:87:19:af:db:
         81:46:c9:0a:d5:ae:49:b1:f5:38:88:69:1f:a1:8f:07:0a:6c:
         b2:ba:05:ee:31:c5:29:65:82:fa:3d:b6:70:c5:ee:ea:d3:20:
         37:05:ce:6f:54:50:a3:a2:3d:67:2a:ca:08:82:8c:c7:26:54:
         4c:c6:17:45:d9:1d:d8:88:af:48:fb:73:7b:c6:7e:10:e1:41:
         e3:ff:49:86:19:44:95:b1:64:fe:29:23:bb:20:01:72:f6:7b:
         a1:07:52:7d:a2:f3:f4:0b:0d:9f:c5:d1:0f:73:ca:f6:16:e0:
         7e:91:2a:35:2a:4b:da:65:14:a2:66:18:0a:f7:1c:97:c2:67:
         65:44:4f:fe:96:94:b8:66:45:35:9c:cb:5d:bf:dd:a4:bf:e1:
         69:d3:a6:cb:5e:8b:14:92:e5:85:1e:47:f6:bd:ba:48:30:1f:
         07:f9:82:78:6e:53:ab:28:33:89:3a:87:3c:18:6c:03:1d:72:
         c6:da:09:64:e0:16:cc:35:15:2e:18:8c:1b:49:24:bf:8b:50:
         a6:28:53:2d:c2:9c:13:02:5d:9d:1d:6f:cf:96:6a:95:59:25:
         55:c3:87:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdtFiD/cAHh6jt1Ycvil06Cxv6BYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTYxMTU5WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTVkNDQzNmY4NTcyNDM3NTg2OTQxNGE1M2QzMGRhNTQw
YWQ3MzViZGViN2QyMmI2ZDFkNzI0ZDRiOWFhZjU4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsJjzeSXoV0Rzx0jt6YnZEDc3uJH/HDze11BBODZ7q4WVx
K2ndDSSLEteKK75Cu0xF1dH55BZj6d5eMTl+jWUbfxns1PFA/WfRFq0DXpJW1cw9
RWQGnCY8dsPWIVeKYFp0vlv1l4Zr3N0C7fa9EuwcnqarfYW1rwjjudvxGGVP3nxN
fr6ZFhvO6bxCp4UzESX6aIBcZqhoxecmrO20+IW2apyGsmESHMat3YJkv3e6atzs
3jtBrSyEcV5lTvXa8jSiC0+LGrzkHQqQms2jfKYY76MMzBTQmDHOrt7XIocH+fi1
H2KZSyJu0fijDQBsojdq3jHHvHyq2QiMWTgGIIQRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUy8KyOn0b63ruUuTx3knQl1i3N78wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3MGJjMTkwLTI4ZDMtNDMxMi05YWRkLTQzYTg2YmUyMTUwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2s8AwDQYJKoZIhvcNAQELBQADggEBAF6SwB8lLLPN5ISeIv39RJINI4+j
hsDGb3MCcnjP+Znrhxmv24FGyQrVrkmx9TiIaR+hjwcKbLK6Be4xxSllgvo9tnDF
7urTIDcFzm9UUKOiPWcqygiCjMcmVEzGF0XZHdiIr0j7c3vGfhDhQeP/SYYZRJWx
ZP4pI7sgAXL2e6EHUn2i8/QLDZ/F0Q9zyvYW4H6RKjUqS9plFKJmGAr3HJfCZ2VE
T/6WlLhmRTWcy12/3aS/4WnTpsteixSS5YUeR/a9ukgwHwf5gnhuU6soM4k6hzwY
bAMdcsbaCWTgFsw1FS4YjBtJJL+LUKYoUy3CnBMCXZ0db8+WapVZJVXDh98=
-----END CERTIFICATE-----