Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e509b26-eb2f-4b8a-8031-d39229950c03.roa
File:                     1e509b26-eb2f-4b8a-8031-d39229950c03.roa (raw, json)
Hash identifier:          1b4Z94rMh5NQ6ndwfp86TLCCQuu/sSHpn8/6wyIdhHQ=
Subject key identifier:   3A:F3:B1:76:49:07:7F:AB:23:4A:A7:C5:FB:9D:7F:81:E2:82:06:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       437C4629C4F156EB19E077FA2949BC9CF904EAAF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e509b26-eb2f-4b8a-8031-d39229950c03.roa
Signing time:             Fri 25 Jul 2025 15:52:11 +0000
ROA not before:           Fri 25 Jul 2025 15:52:11 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.163.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:7c:46:29:c4:f1:56:eb:19:e0:77:fa:29:49:bc:9c:f9:04:ea:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 15:52:11 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=3c5b0e52059c42bd968e92b256b5f6d05e7f38feca9279a6850f30dc446a5d21, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d9:3a:6f:c6:e7:f9:40:48:6e:01:84:45:3a:
                    a8:7b:1a:9d:6e:f4:ca:fd:c5:dd:b7:72:42:14:ab:
                    2d:09:07:e2:3d:fa:f8:07:96:d6:00:2a:27:36:cd:
                    17:48:b0:91:3d:4e:06:3f:1c:f6:85:d1:ca:2b:24:
                    5c:9c:e2:6e:3a:a6:4a:8c:c1:fd:e2:99:24:72:bd:
                    1b:83:22:24:c9:9b:ec:0e:7d:e6:67:62:c0:9c:57:
                    4f:1b:ff:35:20:f2:b8:f2:b4:e9:0b:01:ed:86:5e:
                    ec:73:e3:11:cd:e3:09:7a:1f:6c:e2:3a:b1:b6:f4:
                    f6:e1:5d:85:78:4e:6b:28:56:4b:ec:ae:0b:0d:89:
                    76:0a:13:22:3d:59:8e:37:d9:49:d8:fb:ff:dd:03:
                    43:e2:ff:6c:54:29:19:24:60:8e:8c:9b:4e:e3:f5:
                    bf:96:fe:1b:8b:62:d2:5a:0a:a4:16:4a:c1:c4:2f:
                    e8:78:22:22:5f:e6:ec:04:83:b0:2f:10:e1:11:6c:
                    74:37:03:3e:07:f0:a0:6a:f3:81:4b:df:99:2e:c3:
                    bf:6e:ab:d8:41:cb:cb:43:7a:84:2e:5b:03:ec:3e:
                    fe:4b:b5:4d:95:b1:8a:a0:1f:da:89:94:03:90:c0:
                    eb:8c:df:4f:e0:82:59:1c:3b:46:5a:d6:e7:df:4d:
                    9e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F3:B1:76:49:07:7F:AB:23:4A:A7:C5:FB:9D:7F:81:E2:82:06:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e509b26-eb2f-4b8a-8031-d39229950c03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.163.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         74:78:af:37:d5:7c:4e:7c:00:b8:b0:fa:51:53:19:a7:d8:58:
         d6:b6:cd:fa:2d:bc:82:f9:4c:23:fa:69:81:1b:9e:4d:69:d9:
         fe:ee:59:f9:a4:19:0b:11:3a:47:1c:da:10:fc:f7:9e:47:b1:
         aa:55:5a:76:c1:59:b8:a5:45:0c:97:8d:4e:51:92:72:09:66:
         f4:7e:48:46:8c:0b:c8:93:18:fe:c7:44:11:4b:66:44:32:79:
         ad:ba:76:a4:9d:d5:64:6f:9d:18:ea:96:e1:c1:ca:54:e3:f5:
         bb:0f:4b:7f:45:89:6c:e5:6d:f2:95:9a:40:0d:ec:f8:21:3b:
         ff:8d:61:48:f3:dd:ef:12:01:26:f1:34:41:e0:e6:9c:40:b2:
         26:e3:aa:66:94:fa:93:8c:47:9b:24:75:8e:dd:c6:18:d0:d4:
         2a:ea:c4:96:b3:6b:63:e2:cb:a2:5e:8e:1e:f4:f3:29:b4:af:
         59:e5:13:e8:ed:8b:05:02:2c:80:ec:84:c1:60:90:91:f2:dc:
         9a:5c:06:c9:34:fb:03:7c:0f:5c:9e:63:44:75:1b:82:7a:fc:
         7c:f6:a6:ac:43:78:39:af:0a:76:49:b0:8f:b8:fe:48:ec:1f:
         8c:21:53:a9:24:59:68:04:d9:1c:02:56:11:1c:74:2d:d2:72:
         96:a8:6d:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ3xGKcTxVusZ4Hf6KUm8nPkE6q8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTU1MjExWhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzViMGU1MjA1OWM0MmJkOTY4ZTkyYjI1NmI1ZjZkMDVl
N2YzOGZlY2E5Mjc5YTY4NTBmMzBkYzQ0NmE1ZDIxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQ2Tpvxuf5QEhuAYRFOqh7Gp1u9Mr9xd23ckIUqy0JB+I9
+vgHltYAKic2zRdIsJE9TgY/HPaF0corJFyc4m46pkqMwf3imSRyvRuDIiTJm+wO
feZnYsCcV08b/zUg8rjytOkLAe2GXuxz4xHN4wl6H2ziOrG29PbhXYV4TmsoVkvs
rgsNiXYKEyI9WY432UnY+//dA0Pi/2xUKRkkYI6Mm07j9b+W/huLYtJaCqQWSsHE
L+h4IiJf5uwEg7AvEOERbHQ3Az4H8KBq84FL35kuw79uq9hBy8tDeoQuWwPsPv5L
tU2VsYqgH9qJlAOQwOuM30/gglkcO0Za1uffTZ41AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOvOxdkkHf6sjSqfF+51/geKCBtUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFlNTA5YjI2LWViMmYtNGI4YS04MDMxLWQzOTIyOTk1MGMwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2o4AwDQYJKoZIhvcNAQELBQADggEBAHR4rzfVfE58ALiw+lFTGafYWNa2
zfotvIL5TCP6aYEbnk1p2f7uWfmkGQsROkcc2hD8955HsapVWnbBWbilRQyXjU5R
knIJZvR+SEaMC8iTGP7HRBFLZkQyea26dqSd1WRvnRjqluHBylTj9bsPS39FiWzl
bfKVmkAN7PghO/+NYUjz3e8SASbxNEHg5pxAsibjqmaU+pOMR5skdY7dxhjQ1Crq
xJaza2Piy6Jejh708ym0r1nlE+jtiwUCLIDshMFgkJHy3JpcBsk0+wN8D1yeY0R1
G4J6/Hz2pqxDeDmvCnZJsI+4/kjsH4whU6kkWWgE2RwCVhEcdC3ScpaobVg=
-----END CERTIFICATE-----