Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5969520c-b3cb-46b1-8ab5-c52d87531106.roa
File:                     5969520c-b3cb-46b1-8ab5-c52d87531106.roa (raw, json)
Hash identifier:          j98LES+nWLhqeInTSKDVjhs2k2HbYejR01zy3EbJC4g=
Subject key identifier:   B6:FA:4B:68:4F:7E:12:F6:9F:40:16:55:2A:7C:78:D2:11:D0:1F:2A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6D8D2C688FE5E606C0103358A1F8E0576535E00F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5969520c-b3cb-46b1-8ab5-c52d87531106.roa
Signing time:             Tue 29 Jul 2025 17:31:47 +0000
ROA not before:           Tue 29 Jul 2025 17:31:47 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:8d:2c:68:8f:e5:e6:06:c0:10:33:58:a1:f8:e0:57:65:35:e0:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 17:31:47 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=2a3b27e48419e76f1548426b2c79d66246717660d7f065ae3cfda3333700e009, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0d:88:93:e7:90:6e:fc:76:53:06:35:66:7d:
                    76:3f:19:16:fd:f7:d5:46:98:7b:4f:96:57:bc:36:
                    0c:30:c8:66:b3:fe:ec:e9:a9:a6:9d:cc:3c:2e:e4:
                    ba:d1:5f:9f:08:5e:54:28:0a:3b:63:67:80:04:cc:
                    1d:4e:34:13:40:71:d7:d7:e7:1f:b4:76:c7:af:4f:
                    56:62:4b:11:66:4b:b8:c0:37:f9:55:24:dd:d6:3b:
                    76:37:a8:f4:64:4f:5e:89:cd:d8:67:57:b3:83:8b:
                    fb:89:4f:3e:8b:0e:6c:eb:da:bf:b9:70:75:3d:eb:
                    a1:59:cf:6f:54:0e:9a:ae:91:f3:94:e9:4f:d2:72:
                    19:ae:17:a1:c1:8c:19:fa:71:98:95:e8:dd:45:a2:
                    d2:65:e6:3f:55:e4:2f:dc:64:69:01:21:1a:d9:db:
                    df:e5:8e:d4:05:fe:1d:db:e0:a7:92:86:c4:1d:34:
                    45:03:24:d8:93:18:b9:2f:b9:9e:05:2f:82:9c:09:
                    c2:8c:c4:d9:83:9c:34:08:17:cd:65:22:ea:35:df:
                    12:8d:f6:a9:30:8d:e5:b2:ff:b5:9c:fe:f3:6c:c2:
                    d5:0c:f2:79:06:85:c4:be:67:99:80:2d:d2:64:c8:
                    dd:a3:df:b2:3f:f6:73:61:5d:c1:66:2e:73:aa:b0:
                    16:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:FA:4B:68:4F:7E:12:F6:9F:40:16:55:2A:7C:78:D2:11:D0:1F:2A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5969520c-b3cb-46b1-8ab5-c52d87531106.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         90:d7:27:be:db:0b:2e:4a:16:f0:29:d8:42:87:15:aa:8e:59:
         9e:2d:ce:4a:8e:c8:63:1e:2c:2a:f2:aa:7c:5d:d7:b1:d3:33:
         cd:7d:16:f3:db:9c:52:a3:e8:64:1c:a4:f3:a5:c2:c9:0b:b0:
         85:15:de:1b:e3:42:f6:24:f5:47:21:81:0b:e5:7c:3f:f2:3c:
         7f:e1:5b:f4:92:62:4b:4b:17:6f:e3:b9:96:e1:4c:a9:e4:08:
         16:53:88:b4:56:ec:cf:31:b6:4c:2a:58:d2:e2:b0:52:05:41:
         f2:53:93:10:1f:04:03:6a:46:f0:77:2b:2c:68:51:3a:28:e1:
         b2:22:cf:99:3b:0d:7d:32:db:3c:3a:60:13:e9:2d:f0:d2:84:
         f5:ac:d7:46:2c:99:6d:44:d0:50:2c:6a:5c:c7:10:4e:86:91:
         5b:66:2c:e1:f7:d5:93:b8:db:64:47:d5:d6:f0:c0:f5:84:ac:
         ad:db:e1:ea:ab:4c:6b:c4:de:63:cc:8a:cc:00:ce:e6:10:1d:
         c9:14:b6:4a:ca:b7:cf:29:10:ef:f7:f2:00:37:91:c0:0d:87:
         a0:fb:ed:08:94:2f:60:2b:ab:8a:2b:79:0b:51:39:e4:34:e0:
         f2:8d:3c:c2:08:09:24:a9:d1:71:db:99:ca:27:bc:21:0f:9d:
         06:12:fd:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbY0saI/l5gbAEDNYofjgV2U14A8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTczMTQ3WhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTNiMjdlNDg0MTllNzZmMTU0ODQyNmIyYzc5ZDY2MjQ2
NzE3NjYwZDdmMDY1YWUzY2ZkYTMzMzM3MDBlMDA5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdDYiT55Bu/HZTBjVmfXY/GRb999VGmHtPlle8NgwwyGaz
/uzpqaadzDwu5LrRX58IXlQoCjtjZ4AEzB1ONBNAcdfX5x+0dsevT1ZiSxFmS7jA
N/lVJN3WO3Y3qPRkT16JzdhnV7ODi/uJTz6LDmzr2r+5cHU966FZz29UDpqukfOU
6U/SchmuF6HBjBn6cZiV6N1FotJl5j9V5C/cZGkBIRrZ29/ljtQF/h3b4KeShsQd
NEUDJNiTGLkvuZ4FL4KcCcKMxNmDnDQIF81lIuo13xKN9qkwjeWy/7Wc/vNswtUM
8nkGhcS+Z5mALdJkyN2j37I/9nNhXcFmLnOqsBa5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtvpLaE9+EvafQBZVKnx40hHQHyowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5Njk1MjBjLWIzY2ItNDZiMS04YWI1LWM1MmQ4NzUzMTEwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM28AgwDQYJKoZIhvcNAQELBQADggEBAJDXJ77bCy5KFvAp2EKHFaqOWZ4t
zkqOyGMeLCryqnxd17HTM819FvPbnFKj6GQcpPOlwskLsIUV3hvjQvYk9UchgQvl
fD/yPH/hW/SSYktLF2/juZbhTKnkCBZTiLRW7M8xtkwqWNLisFIFQfJTkxAfBANq
RvB3KyxoUToo4bIiz5k7DX0y2zw6YBPpLfDShPWs10YsmW1E0FAsalzHEE6GkVtm
LOH31ZO422RH1dbwwPWErK3b4eqrTGvE3mPMiswAzuYQHckUtkrKt88pEO/38gA3
kcANh6D77QiUL2Arq4oreQtROeQ04PKNPMIICSSp0XHbmconvCEPnQYS/S8=
-----END CERTIFICATE-----