Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/546b59e3-3fdb-4211-a78c-99831ce62e34.roa
File:                     546b59e3-3fdb-4211-a78c-99831ce62e34.roa (raw, json)
Hash identifier:          2qBK1g2gFvFipvDSDyub310n4MoZqaKsN+EAnN1aLGY=
Subject key identifier:   7B:4C:64:0A:6B:BD:A9:AC:1A:41:8A:EB:38:D2:9E:74:FA:ED:62:10
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28CD519D1653DB98AB5A9B4579D391C35C1D96AE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/546b59e3-3fdb-4211-a78c-99831ce62e34.roa
Signing time:             Tue 21 Oct 2025 01:20:12 +0000
ROA not before:           Tue 21 Oct 2025 01:20:12 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 08 Nov 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:cd:51:9d:16:53:db:98:ab:5a:9b:45:79:d3:91:c3:5c:1d:96:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 01:20:12 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=a9cb114c271aed7782dbe5a51c0562e26409129cd9c47d64f9245acf8a98cf01, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1a:3a:9e:50:4c:31:82:d3:29:a1:10:0b:63:
                    92:71:b5:64:be:af:dc:10:64:2f:09:07:24:67:aa:
                    b0:57:45:d9:da:5e:28:00:98:4c:0f:5b:70:1c:e6:
                    c2:25:b4:fa:b6:98:8e:7a:0c:32:6d:53:7a:47:05:
                    fe:9f:a5:a8:24:21:d1:1c:27:8a:0e:e4:20:c4:ef:
                    d1:c5:d9:f3:d4:7c:09:c9:94:81:e8:65:ae:b4:93:
                    a0:bf:fe:11:1e:4c:6d:11:11:ea:ed:57:97:a4:19:
                    c3:85:63:9b:6c:07:1c:eb:f6:5b:86:47:9d:5b:53:
                    8d:83:18:74:0a:c4:e9:bf:b6:05:7a:57:fb:1a:1a:
                    e5:5e:8f:a8:89:68:b1:8e:c8:c5:71:e4:cc:68:62:
                    f4:2f:fc:e4:2a:9c:77:72:6d:5e:86:af:d3:fa:45:
                    c3:62:e8:f9:3e:66:0b:10:64:79:7c:cb:b7:71:fa:
                    70:2c:24:09:c3:4a:dd:48:7c:f2:84:b9:9c:ca:93:
                    3e:f4:c6:6d:05:06:70:ec:e5:c0:10:c5:70:db:97:
                    0a:31:02:c8:da:b6:b0:51:af:85:4e:db:43:21:e5:
                    36:99:8b:09:a2:95:d0:0a:5b:b6:40:1b:f3:06:dd:
                    40:50:4e:63:1e:4e:08:9e:08:86:d7:a7:0a:67:c1:
                    b2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:4C:64:0A:6B:BD:A9:AC:1A:41:8A:EB:38:D2:9E:74:FA:ED:62:10
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/546b59e3-3fdb-4211-a78c-99831ce62e34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8e:03:e2:42:3e:fb:2d:2a:fa:8a:37:2e:97:92:87:b6:5d:19:
         cc:26:4b:16:85:6f:8f:f0:53:ec:31:08:c5:89:4a:f5:16:d0:
         d2:3a:29:29:fa:21:b8:93:a9:c3:0c:44:46:bf:3f:4a:d4:64:
         a0:9d:58:e8:87:3b:c4:25:69:3e:8d:5f:32:86:ad:51:b5:68:
         54:5b:f6:f2:88:a3:55:0e:f2:14:3f:84:70:0a:2e:81:b8:c5:
         c3:c0:40:c9:58:27:65:68:02:cd:91:c9:ea:a0:3f:72:99:5f:
         5a:2a:c0:6d:6f:99:0b:5c:f6:36:ad:34:5a:0c:69:70:34:7e:
         c8:a1:1e:d1:01:f9:5c:f3:a3:eb:bd:02:51:8e:59:f2:4e:82:
         15:ba:3d:bb:f8:70:d8:41:1e:71:e6:31:13:38:0c:be:ef:d4:
         70:d2:4e:8a:d6:0d:22:9b:7d:70:6e:db:67:22:c2:c4:06:37:
         f0:f1:e7:48:8d:29:31:83:d0:cc:5e:1f:e8:ce:79:a5:b2:af:
         83:98:d8:70:f4:93:a7:48:b9:95:4f:af:18:ca:e9:4d:15:70:
         9a:26:1d:8c:fc:47:af:c8:76:ee:99:b2:09:9c:11:e2:fb:22:
         b5:b9:8f:fb:15:48:60:62:64:b3:7c:24:77:28:a6:b6:a3:61:
         38:64:63:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKM1RnRZT25irWptFedORw1wdlq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDEyMDEyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWNiMTE0YzI3MWFlZDc3ODJkYmU1YTUxYzA1NjJlMjY0
MDkxMjljZDljNDdkNjRmOTI0NWFjZjhhOThjZjAxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsGjqeUEwxgtMpoRALY5JxtWS+r9wQZC8JByRnqrBXRdna
XigAmEwPW3Ac5sIltPq2mI56DDJtU3pHBf6fpagkIdEcJ4oO5CDE79HF2fPUfAnJ
lIHoZa60k6C//hEeTG0REertV5ekGcOFY5tsBxzr9luGR51bU42DGHQKxOm/tgV6
V/saGuVej6iJaLGOyMVx5MxoYvQv/OQqnHdybV6Gr9P6RcNi6Pk+ZgsQZHl8y7dx
+nAsJAnDSt1IfPKEuZzKkz70xm0FBnDs5cAQxXDblwoxAsjatrBRr4VO20Mh5TaZ
iwmildAKW7ZAG/MG3UBQTmMeTgieCIbXpwpnwbIdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUe0xkCmu9qawaQYrrONKedPrtYhAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU0NmI1OWUzLTNmZGItNDIxMS1hNzhjLTk5ODMxY2U2MmUzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU25iAwDQYJKoZIhvcNAQELBQADggEBAI4D4kI++y0q+oo3LpeSh7ZdGcwm
SxaFb4/wU+wxCMWJSvUW0NI6KSn6IbiTqcMMREa/P0rUZKCdWOiHO8QlaT6NXzKG
rVG1aFRb9vKIo1UO8hQ/hHAKLoG4xcPAQMlYJ2VoAs2RyeqgP3KZX1oqwG1vmQtc
9jatNFoMaXA0fsihHtEB+Vzzo+u9AlGOWfJOghW6Pbv4cNhBHnHmMRM4DL7v1HDS
TorWDSKbfXBu22ciwsQGN/Dx50iNKTGD0MxeH+jOeaWyr4OY2HD0k6dIuZVPrxjK
6U0VcJomHYz8R6/Idu6ZsgmcEeL7IrW5j/sVSGBiZLN8JHcoprajYThkY+s=
-----END CERTIFICATE-----