Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa
File:                     431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa (raw, json)
Hash identifier:          OxWX6sgOg+f5wVz6fCd7SwL6EjFMNNlWBYsNJc2zTXw=
Subject key identifier:   D0:EF:5C:8F:FD:CD:D0:32:46:C5:A5:25:FC:96:2B:EC:23:05:73:2D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       25CFC0A8281DC471510FA7C05B6DF5E17C052903
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa
Signing time:             Tue 29 Jul 2025 15:11:55 +0000
ROA not before:           Tue 29 Jul 2025 15:11:55 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.147.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:cf:c0:a8:28:1d:c4:71:51:0f:a7:c0:5b:6d:f5:e1:7c:05:29:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 15:11:55 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=53c6ead43468d15205a852e52a0d93e54f57d96ff84298ac347c9577d6a096e9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a7:4e:63:db:ed:ed:eb:0f:e0:83:29:10:8e:
                    d4:f3:60:fb:36:24:05:18:c9:2f:0b:ec:94:ad:7a:
                    11:42:14:f4:95:9a:62:a4:b8:27:d5:7e:f3:0d:48:
                    c4:b6:5f:dd:9a:91:0f:2d:ee:5d:7e:53:77:69:96:
                    d9:30:72:5f:27:c3:b3:1a:ef:51:da:9e:2c:27:46:
                    08:0e:b5:9c:fc:49:70:33:40:dd:37:80:92:0e:fb:
                    d5:43:a9:5c:fb:91:42:a1:0b:00:75:df:6d:e4:c7:
                    92:4a:3b:ee:ab:a8:7c:47:30:40:ee:e8:a3:17:7d:
                    8d:0f:cf:54:44:85:e3:2c:d2:f2:2a:2a:23:13:84:
                    af:20:1b:8b:ab:1f:64:a3:f8:43:4e:8d:60:2c:41:
                    d5:bd:5e:03:16:16:be:47:9c:23:b7:1d:60:81:2b:
                    7c:f5:6a:03:2f:9d:98:1a:d4:71:eb:a2:16:70:8c:
                    22:46:5e:0b:af:b8:22:66:17:e3:24:5c:97:59:39:
                    2d:26:ea:8d:d2:a5:f4:2d:2e:b7:a1:f7:6a:30:e9:
                    76:ea:79:fe:fe:d9:ab:a9:e0:91:5f:50:63:d6:96:
                    59:c6:20:f6:6d:9d:8a:55:d3:6b:69:df:05:f7:ef:
                    0f:28:a2:41:51:95:c0:5d:5a:2c:23:79:cd:9d:1f:
                    6c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:EF:5C:8F:FD:CD:D0:32:46:C5:A5:25:FC:96:2B:EC:23:05:73:2D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/431fab42-8dce-4996-981e-0eeb9cb8a5f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.147.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         3e:35:2a:06:2a:da:89:4c:c3:8a:63:d8:25:dc:f3:c3:75:96:
         75:80:e6:23:0a:ca:4f:f6:01:ce:6b:17:f5:20:06:6e:1c:65:
         11:20:f2:80:ae:7d:c7:5c:af:a1:6b:63:6c:6d:2e:dc:0e:df:
         89:0c:4b:5c:33:18:4f:92:64:43:e4:e4:af:69:21:2b:f4:c8:
         45:6e:51:b9:d4:26:eb:c7:ca:2c:4a:66:8e:77:8f:03:8b:af:
         a6:a4:f6:e9:a0:e9:e5:df:83:3c:df:e7:02:d4:58:ea:09:65:
         38:45:c7:80:4f:c0:5b:e9:bb:60:be:76:ae:78:4e:e4:8e:62:
         96:e2:87:c2:65:68:03:3e:d6:70:82:e8:99:a6:de:2d:70:7b:
         87:9c:97:6b:8a:40:f9:87:b2:b3:8f:e6:cf:da:0e:8f:26:45:
         56:f0:16:a9:99:18:46:f5:85:49:c5:36:03:14:26:7f:ac:a3:
         dc:c3:cd:48:ad:a7:59:84:bd:44:95:ae:73:2c:11:50:49:11:
         aa:f1:2e:1d:a2:db:22:ea:7a:51:df:b2:1f:29:8b:7b:02:08:
         a7:31:1c:ac:e8:b3:78:b2:1b:41:8f:1e:03:e3:93:4b:b9:04:
         c2:96:7c:7d:8e:40:50:f3:cd:a7:3f:cb:cf:e8:43:b3:a0:6e:
         59:5a:48:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJc/AqCgdxHFRD6fAW2314XwFKQMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTUxMTU1WhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2M2ZWFkNDM0NjhkMTUyMDVhODUyZTUyYTBkOTNlNTRm
NTdkOTZmZjg0Mjk4YWMzNDdjOTU3N2Q2YTA5NmU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLp05j2+3t6w/ggykQjtTzYPs2JAUYyS8L7JStehFCFPSV
mmKkuCfVfvMNSMS2X92akQ8t7l1+U3dpltkwcl8nw7Ma71HaniwnRggOtZz8SXAz
QN03gJIO+9VDqVz7kUKhCwB1323kx5JKO+6rqHxHMEDu6KMXfY0Pz1REheMs0vIq
KiMThK8gG4urH2Sj+ENOjWAsQdW9XgMWFr5HnCO3HWCBK3z1agMvnZga1HHrohZw
jCJGXguvuCJmF+MkXJdZOS0m6o3SpfQtLreh92ow6Xbqef7+2aup4JFfUGPWllnG
IPZtnYpV02tp3wX37w8ookFRlcBdWiwjec2dH2wHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0O9cj/3N0DJGxaUl/JYr7CMFcy0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQzMWZhYjQyLThkY2UtNDk5Ni05ODFlLTBlZWI5Y2I4YTVmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2k0AwDQYJKoZIhvcNAQELBQADggEBAD41KgYq2olMw4pj2CXc88N1lnWA
5iMKyk/2Ac5rF/UgBm4cZREg8oCufcdcr6FrY2xtLtwO34kMS1wzGE+SZEPk5K9p
ISv0yEVuUbnUJuvHyixKZo53jwOLr6ak9umg6eXfgzzf5wLUWOoJZThFx4BPwFvp
u2C+dq54TuSOYpbih8JlaAM+1nCC6Jmm3i1we4ecl2uKQPmHsrOP5s/aDo8mRVbw
FqmZGEb1hUnFNgMUJn+so9zDzUitp1mEvUSVrnMsEVBJEarxLh2i2yLqelHfsh8p
i3sCCKcxHKzos3iyG0GPHgPjk0u5BMKWfH2OQFDzzac/y8/oQ7OgbllaSDU=
-----END CERTIFICATE-----