Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa
File:                     3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa (raw, json)
Hash identifier:          TxiUxgYrSkXoK/2UHTb11nFzM2UxvFbUHhhx3wpK/rk=
Subject key identifier:   11:B6:D0:C9:97:D7:25:5D:68:D8:28:7B:38:97:AF:38:D4:31:2F:44
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3DD15A590190681262333E1A521D2B66ECD81AD7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa
Signing time:             Fri 11 Jul 2025 17:11:45 +0000
ROA not before:           Fri 11 Jul 2025 17:11:45 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:d1:5a:59:01:90:68:12:62:33:3e:1a:52:1d:2b:66:ec:d8:1a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 17:11:45 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=f992115a82793c760ae55b7b5b5275dac674479bfeebfdea6221620a043ecbcd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b3:34:98:a0:71:ce:a2:17:4c:90:35:ad:c7:
                    24:f2:1d:41:73:06:1e:58:31:f0:26:83:a4:9d:a0:
                    e0:83:02:9e:4c:16:73:d8:9c:80:37:00:e3:f4:b3:
                    f4:c9:34:e9:57:25:e4:20:26:e4:ae:6d:b6:b1:23:
                    8f:4c:40:64:54:c2:53:be:0c:5c:7f:db:00:45:fe:
                    01:1a:52:f9:6b:7f:a8:d4:85:4c:34:33:c2:30:04:
                    df:5a:45:f3:ed:15:2c:89:1f:ce:eb:d0:b0:80:92:
                    64:6e:c3:f2:d8:b6:4a:ed:19:58:70:b3:4a:34:de:
                    6d:1a:2f:64:80:46:11:5e:13:95:ea:2d:a0:70:2e:
                    d1:41:57:66:ca:ca:98:bb:8b:44:96:e4:aa:5c:ec:
                    48:7d:58:88:68:3f:6e:31:7d:b7:d6:6e:47:5e:46:
                    04:15:d8:d1:9f:b4:76:50:86:45:9b:06:75:9d:8c:
                    7a:8f:bc:99:5b:54:5a:e7:18:26:80:f7:c4:5b:75:
                    44:e2:61:36:ac:9d:a6:3e:a2:72:0e:9f:66:4b:fe:
                    32:7b:82:6a:fd:80:0d:31:2a:b1:e3:37:7a:8d:7a:
                    1e:a1:b5:95:fe:d5:d4:6a:57:cb:f6:03:58:0b:ed:
                    64:53:16:2e:98:4d:1e:32:3e:8d:7b:fd:72:ed:c3:
                    df:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B6:D0:C9:97:D7:25:5D:68:D8:28:7B:38:97:AF:38:D4:31:2F:44
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3958d8cc-b49d-47bf-a39f-3ab7a7f5feb5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:1a:a0:da:a1:dc:89:b2:be:b4:99:bd:dd:7a:16:c0:fd:10:
         a4:c6:cb:15:c1:a8:8c:13:e7:ad:ac:c3:5f:13:40:34:e5:6b:
         63:88:d5:70:a4:f1:ea:39:eb:e2:0c:15:59:a6:65:35:6e:f2:
         ae:af:f5:73:26:4b:bb:db:e3:d9:c4:b3:2e:0a:30:bd:cc:a9:
         cd:73:e0:b8:b3:6c:a8:1d:7b:b4:2c:60:6c:77:5e:75:d4:0b:
         37:72:14:81:a4:33:73:75:e4:15:e2:4d:3d:21:49:f5:13:94:
         86:0e:26:ea:8e:4a:68:04:bd:f2:08:02:94:0c:b7:c1:b3:f4:
         7a:24:9e:af:06:93:8d:47:bb:c2:79:96:b5:2e:20:20:f3:00:
         db:93:f0:a9:4d:49:41:01:1f:ef:6a:da:e0:d0:85:0f:85:d3:
         6c:62:20:fd:6a:35:c1:33:98:ce:1b:16:18:5f:ed:5a:24:80:
         43:a1:61:28:ab:64:ee:20:9e:8f:88:51:61:c5:c3:b4:4d:d0:
         b4:0e:f8:3b:95:7b:32:79:cf:60:1e:2d:2b:af:10:8f:86:61:
         80:2a:1d:85:f7:20:19:ad:fc:cc:14:99:7d:2b:22:14:39:38:
         f4:40:1f:8d:97:38:fc:a0:61:f0:cf:ae:3c:18:27:ac:72:5a:
         2e:33:f6:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPdFaWQGQaBJiMz4aUh0rZuzYGtcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTcxMTQ1WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTkyMTE1YTgyNzkzYzc2MGFlNTViN2I1YjUyNzVkYWM2
NzQ0NzliZmVlYmZkZWE2MjIxNjIwYTA0M2VjYmNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3szSYoHHOohdMkDWtxyTyHUFzBh5YMfAmg6SdoOCDAp5M
FnPYnIA3AOP0s/TJNOlXJeQgJuSubbaxI49MQGRUwlO+DFx/2wBF/gEaUvlrf6jU
hUw0M8IwBN9aRfPtFSyJH87r0LCAkmRuw/LYtkrtGVhws0o03m0aL2SARhFeE5Xq
LaBwLtFBV2bKypi7i0SW5Kpc7Eh9WIhoP24xfbfWbkdeRgQV2NGftHZQhkWbBnWd
jHqPvJlbVFrnGCaA98RbdUTiYTasnaY+onIOn2ZL/jJ7gmr9gA0xKrHjN3qNeh6h
tZX+1dRqV8v2A1gL7WRTFi6YTR4yPo17/XLtw9/lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEbbQyZfXJV1o2Ch7OJevONQxL0QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM5NThkOGNjLWI0OWQtNDdiZi1hMzlmLTNhYjdhN2Y1ZmViNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0X9AwDQYJKoZIhvcNAQELBQADggEBAEMaoNqh3ImyvrSZvd16FsD9EKTG
yxXBqIwT562sw18TQDTla2OI1XCk8eo56+IMFVmmZTVu8q6v9XMmS7vb49nEsy4K
ML3Mqc1z4LizbKgde7QsYGx3XnXUCzdyFIGkM3N15BXiTT0hSfUTlIYOJuqOSmgE
vfIIApQMt8Gz9Hoknq8Gk41Hu8J5lrUuICDzANuT8KlNSUEBH+9q2uDQhQ+F02xi
IP1qNcEzmM4bFhhf7VokgEOhYSirZO4gno+IUWHFw7RN0LQO+DuVezJ5z2AeLSuv
EI+GYYAqHYX3IBmt/MwUmX0rIhQ5OPRAH42XOPygYfDPrjwYJ6xyWi4z9rY=
-----END CERTIFICATE-----