Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa
File:                     faf09f9b-9553-45e3-9665-600b79c92a3c.roa (raw, json)
Hash identifier:          y1OTnNhvdC+fGKh5PTRyQS00mJlFJHrDp2oky/zbjaQ=
Subject key identifier:   A1:7B:0D:19:22:F1:EC:08:E3:DC:CD:8D:CE:30:C7:61:2A:B7:BA:2C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4DEB4FDB84D4F3802DEB2EFA2ACB7ACF74FF3A7C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa
Signing time:             Mon 13 Oct 2025 17:55:05 +0000
ROA not before:           Mon 13 Oct 2025 17:55:05 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.146.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:eb:4f:db:84:d4:f3:80:2d:eb:2e:fa:2a:cb:7a:cf:74:ff:3a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 13 17:55:05 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=e97abf191f60d6435bcea3e12e04c34d95d43e5117b2f7f153d5c5a7becc9b1a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e0:96:21:68:b6:f2:7e:17:3e:87:8b:51:23:
                    5d:30:5c:c7:c0:0a:bf:4d:4c:af:60:77:fc:0a:12:
                    14:92:67:11:93:be:35:35:69:54:8b:75:c6:a6:26:
                    28:19:08:db:27:38:f9:52:37:67:d2:86:98:54:ce:
                    4c:ff:2a:92:e4:dd:bf:66:33:3a:cc:d6:32:f0:08:
                    1e:ca:9e:a1:33:75:ee:c8:16:46:10:6e:0c:07:e1:
                    2a:09:42:45:c0:d1:45:1f:09:72:7b:20:06:33:66:
                    78:20:cc:c8:59:c1:ff:3e:8c:17:62:8a:7c:46:3f:
                    c3:96:b6:3b:ed:22:c1:48:6f:7a:b3:29:a7:a7:22:
                    e9:d3:f8:53:ed:3a:7a:9a:f0:bf:29:77:1e:f9:7f:
                    4d:3a:f9:6b:4f:1e:26:a5:e6:24:d0:fa:13:52:ad:
                    91:8a:fc:42:a5:4f:00:d3:c0:a7:fb:27:d7:e3:ad:
                    f5:55:71:f5:fe:fb:e1:c9:b5:79:33:31:77:b9:1b:
                    80:83:40:24:a2:69:1e:66:69:2b:af:8b:50:5d:a6:
                    87:31:fd:1f:b1:43:74:25:77:fc:6d:a4:83:2f:70:
                    32:8d:00:96:b7:d1:c4:b4:63:95:26:f6:d4:94:2f:
                    90:e5:3f:39:bb:6b:3f:3a:24:2b:8c:20:eb:bd:2c:
                    bd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:7B:0D:19:22:F1:EC:08:E3:DC:CD:8D:CE:30:C7:61:2A:B7:BA:2C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/faf09f9b-9553-45e3-9665-600b79c92a3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.146.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         54:94:8a:10:1e:a4:b1:4f:36:b1:2f:05:23:ef:5a:94:ae:d0:
         94:d0:68:47:45:b6:2a:7c:09:9b:73:cb:c7:71:1a:56:93:35:
         1d:88:64:c1:e0:53:c5:54:4e:6b:3b:54:a2:aa:2e:36:06:e2:
         e3:e2:91:37:15:76:6c:b6:41:45:66:37:91:dc:b9:68:35:94:
         a4:94:d7:d6:ed:21:11:7a:1e:8e:85:24:35:e1:63:3a:5c:98:
         c0:64:aa:b1:ad:5e:06:09:a0:19:34:c2:40:61:39:6d:f6:88:
         85:b9:b4:be:6e:c2:e3:bf:36:eb:ee:70:49:bc:20:00:ab:ed:
         1b:ea:c1:06:2b:48:cb:99:6d:86:b1:30:33:9e:9e:e9:da:83:
         a0:65:e6:ff:09:4c:ba:fc:79:7e:4c:1b:09:4c:ba:40:05:c5:
         b6:33:f3:dc:4b:bc:27:b3:07:1f:44:41:6b:44:61:3c:af:64:
         06:22:70:da:54:0d:db:30:38:68:84:48:80:21:e8:cf:63:c1:
         71:db:a1:d1:59:f6:e0:2b:ba:81:b1:ce:32:da:6f:5e:32:d4:
         2a:9e:9b:e6:b1:b7:91:31:b8:df:13:01:71:4e:79:72:c6:c3:
         35:3f:cc:e0:bb:0f:4e:b1:80:55:79:dc:40:1a:8c:6d:5e:66:
         a4:63:d1:2b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTetP24TU84At6y76Kst6z3T/OnwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEzMTc1NTA1WhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTdhYmYxOTFmNjBkNjQzNWJjZWEzZTEyZTA0YzM0ZDk1
ZDQzZTUxMTdiMmY3ZjE1M2Q1YzVhN2JlY2M5YjFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO4JYhaLbyfhc+h4tRI10wXMfACr9NTK9gd/wKEhSSZxGT
vjU1aVSLdcamJigZCNsnOPlSN2fShphUzkz/KpLk3b9mMzrM1jLwCB7KnqEzde7I
FkYQbgwH4SoJQkXA0UUfCXJ7IAYzZnggzMhZwf8+jBdiinxGP8OWtjvtIsFIb3qz
KaenIunT+FPtOnqa8L8pdx75f006+WtPHial5iTQ+hNSrZGK/EKlTwDTwKf7J9fj
rfVVcfX+++HJtXkzMXe5G4CDQCSiaR5maSuvi1Bdpocx/R+xQ3Qld/xtpIMvcDKN
AJa30cS0Y5Um9tSUL5DlPzm7az86JCuMIOu9LL2pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoXsNGSLx7Ajj3M2NzjDHYSq3uiwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhZjA5ZjliLTk1NTMtNDVlMy05NjY1LTYwMGI3OWM5MmEzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2kmAwDQYJKoZIhvcNAQELBQADggEBAFSUihAepLFPNrEvBSPvWpSu0JTQ
aEdFtip8CZtzy8dxGlaTNR2IZMHgU8VUTms7VKKqLjYG4uPikTcVdmy2QUVmN5Hc
uWg1lKSU19btIRF6Ho6FJDXhYzpcmMBkqrGtXgYJoBk0wkBhOW32iIW5tL5uwuO/
NuvucEm8IACr7RvqwQYrSMuZbYaxMDOenunag6Bl5v8JTLr8eX5MGwlMukAFxbYz
89xLvCezBx9EQWtEYTyvZAYicNpUDdswOGiESIAh6M9jwXHbodFZ9uAruoGxzjLa
b14y1Cqem+axt5ExuN8TAXFOeXLGwzU/zOC7D06xgFV53EAajG1eZqRj0Ss=
-----END CERTIFICATE-----