Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d99d9ec-42c4-4861-afdc-51606b09cc48.roa
File:                     2d99d9ec-42c4-4861-afdc-51606b09cc48.roa (raw, json)
Hash identifier:          WPiVxoNZvneAD/pNOD6zDa/GdmXe4etX23NZYHuAGnY=
Subject key identifier:   10:A3:AC:6D:87:FA:CB:F7:07:C0:31:45:1B:59:81:FB:A4:CD:2D:63
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6FC89F6D58A64B99FE23D889F491EA0392B0B9A4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d99d9ec-42c4-4861-afdc-51606b09cc48.roa
Signing time:             Tue 21 Oct 2025 08:00:13 +0000
ROA not before:           Tue 21 Oct 2025 08:00:13 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.32.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:c8:9f:6d:58:a6:4b:99:fe:23:d8:89:f4:91:ea:03:92:b0:b9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 08:00:13 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=1e0216e8b7107c0b7e2659dedfd6ea07b6511c7ff146c5ff4ef38acf0428633a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c5:6e:d6:ff:db:40:6b:43:27:be:b4:86:5d:
                    41:43:06:7f:6d:19:f5:4c:32:9c:58:a3:40:5f:f0:
                    b2:11:81:45:1b:d4:31:95:e5:ce:e1:04:f9:c5:e7:
                    20:c6:b1:fd:7a:2f:c5:7f:9c:9b:37:c0:37:56:53:
                    f6:d7:cc:95:b5:be:31:6e:79:35:2c:11:d6:ee:f4:
                    a6:7e:ec:47:2b:b6:cb:0d:a5:45:2e:e8:fa:2f:b2:
                    86:77:fb:d6:82:98:4d:28:b6:5e:58:39:95:32:8b:
                    5f:db:3d:13:a8:46:32:c9:7e:18:50:f0:ae:84:38:
                    54:d9:80:00:24:29:b1:dc:d3:b7:b9:5c:c6:c1:07:
                    bd:57:f5:a4:f4:b5:9b:e8:c8:99:22:4a:cc:d2:e9:
                    c8:e6:f3:68:20:7d:9c:f3:09:ac:c5:55:ee:ee:56:
                    91:ca:f7:e8:bf:df:5c:50:c2:e3:ce:31:09:d8:b3:
                    ab:4e:cd:76:7c:bf:19:f3:e0:5b:58:a0:43:46:36:
                    ed:de:e7:4d:09:c2:ef:02:be:e3:74:15:52:6a:96:
                    75:c4:4b:33:5e:7b:f1:a9:e9:e5:b5:b9:76:b8:25:
                    3c:97:33:40:81:a9:f4:24:fb:ee:5a:8e:71:21:94:
                    d2:2b:9c:10:26:03:94:73:b2:dd:0c:8f:e2:53:c4:
                    23:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:A3:AC:6D:87:FA:CB:F7:07:C0:31:45:1B:59:81:FB:A4:CD:2D:63
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d99d9ec-42c4-4861-afdc-51606b09cc48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0e:4c:6c:52:5f:f9:f6:a2:5d:f1:06:dc:4f:01:1a:c9:12:9f:
         1d:44:85:90:40:b2:9f:04:d9:81:1a:8f:90:fa:c9:86:ad:59:
         7d:0a:4d:54:90:da:b7:1f:dd:06:b2:dc:6e:b4:cf:8e:bd:6f:
         96:04:71:6a:c9:7e:32:01:24:7c:88:76:7e:75:16:96:63:7f:
         dd:ed:9d:f1:2f:f3:cc:04:21:d2:1f:8a:7e:fc:39:f8:a6:28:
         db:81:55:41:c6:85:7c:a0:dd:af:19:71:2c:2d:ba:ee:c9:00:
         6b:6a:70:79:d3:bb:22:7b:f8:be:d1:e2:ad:c6:36:d0:58:5e:
         86:2c:3c:26:93:36:fe:37:a0:45:4a:a6:40:a8:73:9d:63:90:
         9f:90:a1:c6:12:80:cf:8e:2a:41:c9:04:a0:eb:46:94:e0:77:
         0e:5c:2b:df:f2:47:52:a6:c4:82:92:ef:2e:4a:cf:1c:05:f0:
         aa:2d:b2:0d:26:3c:e2:a2:f7:04:34:e5:07:1d:7e:24:61:f6:
         55:39:46:26:9e:12:80:b6:a3:c1:9d:e5:90:d4:98:9c:04:d6:
         f9:6f:cb:37:63:ef:0c:7e:8d:b2:30:76:77:17:2d:84:06:73:
         ed:0d:08:9d:79:3c:84:be:7b:e1:82:f5:49:7c:b4:69:99:0a:
         fd:e8:df:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb8ifbVimS5n+I9iJ9JHqA5KwuaQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDgwMDEzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTAyMTZlOGI3MTA3YzBiN2UyNjU5ZGVkZmQ2ZWEwN2I2
NTExYzdmZjE0NmM1ZmY0ZWYzOGFjZjA0Mjg2MzNhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNxW7W/9tAa0MnvrSGXUFDBn9tGfVMMpxYo0Bf8LIRgUUb
1DGV5c7hBPnF5yDGsf16L8V/nJs3wDdWU/bXzJW1vjFueTUsEdbu9KZ+7EcrtssN
pUUu6PovsoZ3+9aCmE0otl5YOZUyi1/bPROoRjLJfhhQ8K6EOFTZgAAkKbHc07e5
XMbBB71X9aT0tZvoyJkiSszS6cjm82ggfZzzCazFVe7uVpHK9+i/31xQwuPOMQnY
s6tOzXZ8vxnz4FtYoENGNu3e500Jwu8CvuN0FVJqlnXESzNee/Gp6eW1uXa4JTyX
M0CBqfQk++5ajnEhlNIrnBAmA5Rzst0Mj+JTxCNTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEKOsbYf6y/cHwDFFG1mB+6TNLWMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkOTlkOWVjLTQyYzQtNDg2MS1hZmRjLTUxNjA2YjA5Y2M0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM27yAwDQYJKoZIhvcNAQELBQADggEBAA5MbFJf+faiXfEG3E8BGskSnx1E
hZBAsp8E2YEaj5D6yYatWX0KTVSQ2rcf3Qay3G60z469b5YEcWrJfjIBJHyIdn51
FpZjf93tnfEv88wEIdIfin78OfimKNuBVUHGhXyg3a8ZcSwtuu7JAGtqcHnTuyJ7
+L7R4q3GNtBYXoYsPCaTNv43oEVKpkCoc51jkJ+QocYSgM+OKkHJBKDrRpTgdw5c
K9/yR1KmxIKS7y5KzxwF8Kotsg0mPOKi9wQ05QcdfiRh9lU5RiaeEoC2o8Gd5ZDU
mJwE1vlvyzdj7wx+jbIwdncXLYQGc+0NCJ15PIS+e+GC9Ul8tGmZCv3o3wc=
-----END CERTIFICATE-----