Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2ca7fb95-046b-408c-9d33-2af8b2e953f4.roa
File:                     2ca7fb95-046b-408c-9d33-2af8b2e953f4.roa (raw, json)
Hash identifier:          /ONXSxA/eCSVpjtpoFuyIgUSqiJaGJTkymRjIaHXrz4=
Subject key identifier:   20:F5:CD:56:5D:D1:E1:5A:18:12:92:6B:B0:ED:02:0A:1B:A8:DD:7E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2FF76D90F3F46FB5B13FEEF5D9454AA0FB38E1A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2ca7fb95-046b-408c-9d33-2af8b2e953f4.roa
Signing time:             Mon 04 Aug 2025 18:21:02 +0000
ROA not before:           Mon 04 Aug 2025 18:21:02 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.192.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:f7:6d:90:f3:f4:6f:b5:b1:3f:ee:f5:d9:45:4a:a0:fb:38:e1:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  4 18:21:02 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=5412b962b53a50cd16a24aac171af99feef5abb58209c22602eb6122ae7bb5cc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6a:fa:31:7e:56:cf:97:91:4c:09:93:bc:03:
                    aa:82:6a:a9:c0:37:da:91:8e:d4:de:37:48:8d:b4:
                    39:4b:71:05:17:18:62:9d:81:b3:cd:ca:0c:2c:97:
                    ec:21:9c:b5:e7:e2:79:a0:66:12:61:72:9e:b2:39:
                    15:73:76:b3:3d:b1:b3:b8:27:51:2a:2e:fe:47:2b:
                    ed:04:12:bd:5b:c5:85:74:a1:89:61:04:87:5d:62:
                    51:35:68:24:ce:ac:ed:57:65:a9:e5:e0:57:cf:21:
                    34:4e:b6:d1:71:c6:e6:59:1f:9c:d0:90:dd:83:46:
                    f2:6d:cb:93:d2:7b:5f:7c:f0:b3:47:b9:fa:87:a0:
                    91:6f:6c:ea:5c:2e:9b:b1:46:9f:fb:6f:24:d6:bc:
                    18:6e:d6:62:ef:47:9a:74:9d:bc:34:ef:d4:51:06:
                    9a:81:fb:67:51:01:e1:7f:a7:ed:53:06:61:fe:f4:
                    c6:95:a8:72:80:4e:8c:35:00:b0:eb:32:f4:10:2f:
                    82:82:bd:73:91:87:c0:0d:34:01:71:cc:82:05:6c:
                    37:3c:7f:c2:08:64:87:0a:f6:2a:d6:52:0e:73:2f:
                    b2:9a:29:59:13:e9:76:88:fc:e0:e2:a8:94:01:e1:
                    10:92:2a:d8:ab:55:67:78:3f:1e:1b:bd:36:09:ac:
                    18:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F5:CD:56:5D:D1:E1:5A:18:12:92:6B:B0:ED:02:0A:1B:A8:DD:7E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2ca7fb95-046b-408c-9d33-2af8b2e953f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.192.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         12:d8:a8:3b:34:43:d6:ae:33:be:54:e6:59:81:0d:1c:2b:f1:
         63:5a:ab:f1:c6:13:0d:2e:5b:26:eb:b1:6c:af:09:7e:35:73:
         dd:93:64:fd:e1:94:48:7f:14:e0:eb:13:94:87:35:a1:57:65:
         79:9c:41:b4:2d:75:bf:a1:ee:98:e2:c1:c4:37:b9:c9:c4:ca:
         23:4a:66:ad:a7:56:c1:2d:0e:4d:d7:26:51:34:20:88:d6:aa:
         42:32:3a:25:2d:c3:fe:f2:ba:7e:98:b1:18:7c:5c:19:54:99:
         1e:b4:cb:b5:af:ba:dd:64:4d:5e:1e:16:c0:66:a2:af:75:9b:
         b6:20:a6:c8:28:6c:cd:e1:3b:e6:0d:b3:bb:26:f9:c3:cc:ea:
         be:00:11:3c:6a:ac:4f:f4:6e:25:d8:0e:4f:bd:61:61:5e:3f:
         23:59:16:ce:42:d8:03:00:81:86:90:c2:7d:8d:04:33:d3:cd:
         68:74:3c:f6:14:fd:7f:61:2e:e6:c2:ec:38:19:98:97:95:6d:
         71:a3:09:d4:3a:66:93:a3:c5:c6:82:4c:e1:d1:dd:50:17:48:
         6e:7e:c7:0a:d6:53:3c:01:15:db:df:84:2c:04:0a:f5:a6:1a:
         7e:64:c5:50:0d:5e:0b:b4:e5:a2:31:ac:5e:b2:15:e7:81:9c:
         38:ac:51:f2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUL/dtkPP0b7WxP+712UVKoPs44aAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA0MTgyMTAyWhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDEyYjk2MmI1M2E1MGNkMTZhMjRhYWMxNzFhZjk5ZmVl
ZjVhYmI1ODIwOWMyMjYwMmViNjEyMmFlN2JiNWNjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaavoxflbPl5FMCZO8A6qCaqnAN9qRjtTeN0iNtDlLcQUX
GGKdgbPNygwsl+whnLXn4nmgZhJhcp6yORVzdrM9sbO4J1EqLv5HK+0EEr1bxYV0
oYlhBIddYlE1aCTOrO1XZanl4FfPITROttFxxuZZH5zQkN2DRvJty5PSe1988LNH
ufqHoJFvbOpcLpuxRp/7byTWvBhu1mLvR5p0nbw079RRBpqB+2dRAeF/p+1TBmH+
9MaVqHKATow1ALDrMvQQL4KCvXORh8ANNAFxzIIFbDc8f8IIZIcK9irWUg5zL7Ka
KVkT6XaI/ODiqJQB4RCSKtirVWd4Px4bvTYJrBixAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIPXNVl3R4VoYEpJrsO0CChuo3X4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjYTdmYjk1LTA0NmItNDA4Yy05ZDMzLTJhZjhiMmU5NTNmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQ2wDANBgkqhkiG9w0BAQsFAAOCAQEAEtioOzRD1q4zvlTmWYENHCvxY1qr
8cYTDS5bJuuxbK8JfjVz3ZNk/eGUSH8U4OsTlIc1oVdleZxBtC11v6HumOLBxDe5
ycTKI0pmradWwS0OTdcmUTQgiNaqQjI6JS3D/vK6fpixGHxcGVSZHrTLta+63WRN
Xh4WwGair3WbtiCmyChszeE75g2zuyb5w8zqvgARPGqsT/RuJdgOT71hYV4/I1kW
zkLYAwCBhpDCfY0EM9PNaHQ89hT9f2Eu5sLsOBmYl5VtcaMJ1Dpmk6PFxoJM4dHd
UBdIbn7HCtZTPAEV29+ELAQK9aYafmTFUA1eC7TlojGsXrIV54GcOKxR8g==
-----END CERTIFICATE-----