Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa
File:                     47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa (raw, json)
Hash identifier:          NLicHJdDC0gR4hFBcgSJkeaTPNPuEt1lhMDpJVXsPL4=
Subject key identifier:   DE:77:CE:8E:AA:AE:82:8B:BF:F4:89:CF:CC:B8:CE:3F:C7:B3:91:FA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       06D9BEF7EA01B75D51A2BDF75B9F1631D634A51F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa
Signing time:             Tue 21 Oct 2025 11:53:55 +0000
ROA not before:           Tue 21 Oct 2025 11:53:55 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d9:be:f7:ea:01:b7:5d:51:a2:bd:f7:5b:9f:16:31:d6:34:a5:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 11:53:55 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=90908f10db9b3f6db4af29d8f527143974de70c0d092508516add98966098b89, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:73:2b:5e:2b:0f:ef:96:18:48:f6:fb:58:97:
                    fc:6e:29:49:2c:7c:e0:f5:ef:5f:a9:cb:7a:be:6a:
                    1d:b6:d3:86:3d:61:d6:f2:c1:63:6f:2c:77:83:6f:
                    97:3e:45:03:d6:3c:ce:b9:b6:3b:af:f8:23:08:ac:
                    ea:46:2c:e0:f0:1c:85:e8:57:29:3a:f0:10:b0:6c:
                    7b:60:b8:92:70:e5:e6:00:a0:05:e0:17:33:a0:0a:
                    8d:47:b0:de:64:27:a0:b8:75:39:54:99:0f:ef:03:
                    f5:8b:c7:98:d8:57:7b:48:74:d2:35:86:3a:48:ae:
                    9e:75:72:6a:d2:d6:91:d2:52:9d:0b:78:8a:06:e7:
                    58:4c:50:8c:9f:c2:56:b5:6f:ae:6f:63:cf:5b:c6:
                    ab:51:6d:71:49:e9:17:de:e9:76:89:46:14:0a:17:
                    62:0c:7a:0b:e7:fd:5d:5e:b1:8f:c5:d7:06:67:60:
                    10:59:6b:41:59:85:8e:ac:91:16:33:be:8f:2a:dc:
                    89:fe:06:1e:70:6c:a6:23:d9:67:ed:27:6f:48:45:
                    4e:76:f0:04:d2:0b:ed:52:f1:8f:89:ad:f4:f5:b5:
                    b4:10:b1:01:53:d8:bc:53:6d:f5:58:82:54:52:0e:
                    c4:83:d3:d4:5c:f8:17:16:4a:4a:dd:01:65:ce:1f:
                    fb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:77:CE:8E:AA:AE:82:8B:BF:F4:89:CF:CC:B8:CE:3F:C7:B3:91:FA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ea:89:a3:e7:f8:a2:b2:d1:50:6d:72:46:cc:33:ef:5c:12:
         ac:9a:8a:8d:6c:45:91:b6:4e:5d:c2:92:c3:2b:28:4b:fd:13:
         c4:42:42:dc:d9:f1:86:25:1c:9f:e0:b7:34:ab:f0:3e:23:e2:
         26:64:3f:76:fd:de:67:12:bd:9d:ff:ce:30:bf:5f:e1:43:5d:
         20:01:62:5d:97:7e:5e:c1:9a:b7:38:55:8b:e3:71:88:7c:3d:
         aa:03:31:6d:03:01:0f:d2:f1:c8:d9:f3:03:f0:dd:d9:11:86:
         f3:a3:cf:fa:2a:9f:33:14:54:fa:f3:61:1a:9a:dd:cf:74:15:
         b5:75:f1:6b:23:a3:b2:b8:b6:7b:f6:0e:12:bd:bb:d3:a9:f8:
         21:80:c9:4d:85:38:0a:26:9e:ba:97:9e:81:a2:3c:16:d3:d1:
         87:35:0c:6d:a8:3d:65:50:7a:e2:4c:1d:a7:b8:ae:9c:27:67:
         a8:7f:b6:c8:ed:ea:54:f8:ac:60:92:1d:bc:d7:55:07:17:34:
         d4:40:ee:95:41:ea:e8:b1:46:81:c3:56:ed:29:ba:f3:eb:3d:
         ea:9f:b5:a0:b5:93:ed:3d:66:a3:64:02:ef:7e:38:4e:f0:4b:
         7c:e5:ac:bd:45:66:b3:ea:31:0b:a5:09:00:b5:7a:15:73:8b:
         f4:e4:7d:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBtm+9+oBt11Ror33W58WMdY0pR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMTE1MzU1WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDkwOGYxMGRiOWIzZjZkYjRhZjI5ZDhmNTI3MTQzOTc0
ZGU3MGMwZDA5MjUwODUxNmFkZDk4OTY2MDk4Yjg5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvcyteKw/vlhhI9vtYl/xuKUksfOD171+py3q+ah2204Y9
YdbywWNvLHeDb5c+RQPWPM65tjuv+CMIrOpGLODwHIXoVyk68BCwbHtguJJw5eYA
oAXgFzOgCo1HsN5kJ6C4dTlUmQ/vA/WLx5jYV3tIdNI1hjpIrp51cmrS1pHSUp0L
eIoG51hMUIyfwla1b65vY89bxqtRbXFJ6Rfe6XaJRhQKF2IMegvn/V1esY/F1wZn
YBBZa0FZhY6skRYzvo8q3In+Bh5wbKYj2WftJ29IRU528ATSC+1S8Y+JrfT1tbQQ
sQFT2LxTbfVYglRSDsSD09Rc+BcWSkrdAWXOH/t5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3nfOjqqugou/9InPzLjOP8ezkfowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3ZDc2Y2I4LTRhNzctNGI0Ny1iY2MxLTIzMDZkYTljZWE2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X/gwDQYJKoZIhvcNAQELBQADggEBAAPqiaPn+KKy0VBtckbMM+9cEqya
io1sRZG2Tl3CksMrKEv9E8RCQtzZ8YYlHJ/gtzSr8D4j4iZkP3b93mcSvZ3/zjC/
X+FDXSABYl2Xfl7Bmrc4VYvjcYh8PaoDMW0DAQ/S8cjZ8wPw3dkRhvOjz/oqnzMU
VPrzYRqa3c90FbV18Wsjo7K4tnv2DhK9u9Op+CGAyU2FOAomnrqXnoGiPBbT0Yc1
DG2oPWVQeuJMHae4rpwnZ6h/tsjt6lT4rGCSHbzXVQcXNNRA7pVB6uixRoHDVu0p
uvPrPeqftaC1k+09ZqNkAu9+OE7wS3zlrL1FZrPqMQulCQC1ehVzi/TkfSQ=
-----END CERTIFICATE-----