Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa
File:                     5509b865-3941-4094-bf73-1b07caf81ab7.roa (raw, json)
Hash identifier:          Igfsivp/9f50bfchFkVJ7iuY6CxKtaNVdRZpUdJdoDE=
Subject key identifier:   4C:E1:DE:3B:A9:EC:15:76:9A:E4:9F:DA:ED:F7:BF:B6:68:8B:EF:0C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1003A8FA610CDE902797A9A9A0460FE2BEF0F3E1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa
Signing time:             Tue 05 Aug 2025 17:31:39 +0000
ROA not before:           Tue 05 Aug 2025 17:31:39 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.66.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 08 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:03:a8:fa:61:0c:de:90:27:97:a9:a9:a0:46:0f:e2:be:f0:f3:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 17:31:39 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=80b632b8e82831eebea9c048c24922d8786c8da997500d1c9d75a419bda97be3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fa:db:49:cf:85:12:48:be:ff:d4:65:63:98:
                    cb:38:00:31:b1:47:6d:d0:37:f9:26:cf:76:d4:e1:
                    f2:00:5d:c6:b0:3d:ac:a0:be:36:33:fc:31:33:be:
                    68:7f:37:33:23:33:db:17:5a:b8:7f:f6:17:3d:6e:
                    73:f4:d7:ff:61:7b:84:16:40:33:dc:5a:61:bc:50:
                    13:6a:80:7c:0a:a5:5f:86:a6:4e:d4:f5:2d:d2:81:
                    0b:21:16:a0:89:d0:08:f4:13:a4:4f:41:0d:85:c3:
                    87:d5:23:b0:cc:34:8c:79:e6:95:9d:53:ef:1d:76:
                    c6:bb:3a:d9:10:da:23:ff:83:f9:2e:9d:02:2d:61:
                    47:8c:1c:66:a4:25:98:e3:4c:4d:bf:c4:be:34:70:
                    b0:32:bd:40:25:ac:0c:6d:55:19:79:4a:3a:c7:8b:
                    36:b1:c9:e5:42:16:9a:1f:89:ac:a4:3d:cc:96:61:
                    85:b6:ac:f9:72:ba:99:fa:2f:07:bf:50:ed:34:20:
                    a6:88:62:e6:8f:b4:46:50:b6:91:d2:e3:c6:74:4a:
                    53:b2:ee:d2:d9:b3:03:8d:a1:db:42:27:1c:5d:79:
                    de:52:43:19:fe:bc:57:84:06:b4:c8:7e:24:1a:98:
                    ad:fa:f3:30:ae:c4:ff:54:43:52:ed:64:11:e9:e1:
                    bb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E1:DE:3B:A9:EC:15:76:9A:E4:9F:DA:ED:F7:BF:B6:68:8B:EF:0C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.66.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         94:29:3b:24:37:04:f5:e7:1e:79:b1:84:f2:be:2c:73:f6:a1:
         41:13:0d:5a:be:49:80:90:56:cb:68:6f:f0:1e:87:55:da:80:
         12:78:fc:19:54:c9:47:64:42:62:60:d4:ff:10:0a:36:1d:bc:
         c1:ff:6d:54:a0:cc:55:f9:c5:20:86:c4:d7:d4:44:55:bc:dd:
         9f:e0:80:48:4b:40:bc:20:c6:f4:a0:b7:86:11:d9:63:7a:45:
         12:63:57:20:e6:f5:10:2e:b3:31:5f:e4:be:5b:61:f3:23:81:
         66:b0:3e:51:81:dc:5a:65:e2:45:0a:1b:ba:24:4a:3f:20:12:
         0b:23:3b:f9:1e:de:c9:28:0a:3c:8b:6a:bc:57:82:52:fb:58:
         66:31:92:be:72:72:c1:6a:9d:fb:96:f3:8f:75:8e:52:3a:83:
         91:ac:55:20:c3:98:bc:0f:ee:de:c6:38:ce:27:ea:d5:2a:05:
         94:69:41:0e:32:67:77:b9:b6:66:a8:42:5e:dc:ef:41:c0:1c:
         fb:6c:2f:51:a5:f1:3e:68:1a:46:f2:ef:ab:92:60:aa:5a:1d:
         ac:82:4b:97:5f:4a:04:1e:4f:f0:5f:f7:be:a1:14:fb:c7:9f:
         0d:09:0c:fe:26:d1:7b:d1:57:b8:b7:95:45:63:c1:92:ff:5e:
         a6:2c:cd:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEAOo+mEM3pAnl6mpoEYP4r7w8+EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTczMTM5WhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MGI2MzJiOGU4MjgzMWVlYmVhOWMwNDhjMjQ5MjJkODc4
NmM4ZGE5OTc1MDBkMWM5ZDc1YTQxOWJkYTk3YmUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0+ttJz4USSL7/1GVjmMs4ADGxR23QN/kmz3bU4fIAXcaw
PaygvjYz/DEzvmh/NzMjM9sXWrh/9hc9bnP01/9he4QWQDPcWmG8UBNqgHwKpV+G
pk7U9S3SgQshFqCJ0Aj0E6RPQQ2Fw4fVI7DMNIx55pWdU+8ddsa7OtkQ2iP/g/ku
nQItYUeMHGakJZjjTE2/xL40cLAyvUAlrAxtVRl5SjrHizaxyeVCFpofiaykPcyW
YYW2rPlyupn6Lwe/UO00IKaIYuaPtEZQtpHS48Z0SlOy7tLZswONodtCJxxded5S
Qxn+vFeEBrTIfiQamK368zCuxP9UQ1LtZBHp4bs/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTOHeO6nsFXaa5J/a7fe/tmiL7wwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1MDliODY1LTM5NDEtNDA5NC1iZjczLTFiMDdjYWY4MWFiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2QgAwDQYJKoZIhvcNAQELBQADggEBAJQpOyQ3BPXnHnmxhPK+LHP2oUET
DVq+SYCQVstob/Aeh1XagBJ4/BlUyUdkQmJg1P8QCjYdvMH/bVSgzFX5xSCGxNfU
RFW83Z/ggEhLQLwgxvSgt4YR2WN6RRJjVyDm9RAuszFf5L5bYfMjgWawPlGB3Fpl
4kUKG7okSj8gEgsjO/ke3skoCjyLarxXglL7WGYxkr5ycsFqnfuW8491jlI6g5Gs
VSDDmLwP7t7GOM4n6tUqBZRpQQ4yZ3e5tmaoQl7c70HAHPtsL1Gl8T5oGkby76uS
YKpaHayCS5dfSgQeT/Bf976hFPvHnw0JDP4m0XvRV7i3lUVjwZL/XqYszT8=
-----END CERTIFICATE-----