Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e86b23d-fed3-4663-bfb7-4a378de50020.roa
File:                     5e86b23d-fed3-4663-bfb7-4a378de50020.roa (raw, json)
Hash identifier:          wb/IF8VxWJhk4zDfi1P6GNRxQ+Imk/iApgN/JzeKyC4=
Subject key identifier:   9B:49:60:84:7D:A7:08:16:3A:AF:A3:BA:50:E9:38:1D:97:ED:60:7A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       46F94198C517FF7037D92D7256B458E258097C71
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e86b23d-fed3-4663-bfb7-4a378de50020.roa
Signing time:             Wed 22 Oct 2025 23:25:31 +0000
ROA not before:           Wed 22 Oct 2025 23:25:31 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.182.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f9:41:98:c5:17:ff:70:37:d9:2d:72:56:b4:58:e2:58:09:7c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 22 23:25:31 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=ff18f973e279a641c26cf1451c7bee46d3c377091b3ddb8f51e1a82324ff6db3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d8:81:dc:38:45:ba:12:b5:d0:2b:65:32:02:
                    df:02:5f:24:ba:fa:bd:fa:59:f6:a1:da:af:94:d7:
                    27:0b:61:95:09:48:62:9f:bb:eb:35:dd:b8:dd:2a:
                    28:56:eb:2f:c5:98:a4:17:bc:47:81:f1:72:52:84:
                    17:d0:ee:0d:c8:1a:08:fe:32:20:36:fe:12:4e:52:
                    41:f1:4e:23:30:32:15:0d:4d:4c:fc:00:ea:16:9b:
                    7c:18:b1:bf:01:1f:58:ff:ee:a7:03:7d:34:a7:c5:
                    68:60:df:42:a1:0a:a9:6f:40:9f:58:2d:ad:7b:98:
                    14:89:7a:0a:d3:5d:05:99:eb:f4:f8:ce:08:32:e2:
                    bd:dc:06:cb:5c:cc:1f:7c:e8:4b:cd:ed:64:d1:91:
                    5c:70:bf:3f:21:79:f4:94:db:17:5a:ea:d1:32:77:
                    94:e9:29:63:02:43:54:15:bb:50:0e:fa:b4:f3:d8:
                    1a:bc:35:af:0a:9f:db:e8:07:42:0f:c9:33:d3:60:
                    e3:8a:34:1d:7f:c5:7c:d1:e8:5b:4b:1a:1d:92:69:
                    5c:ee:b1:31:27:81:61:5f:f2:d9:32:80:48:87:4b:
                    31:df:a7:86:e9:6d:c6:32:aa:7f:3b:95:d3:c3:28:
                    fd:41:ef:06:a5:d1:02:02:89:c8:ad:a9:23:76:ad:
                    9b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:49:60:84:7D:A7:08:16:3A:AF:A3:BA:50:E9:38:1D:97:ED:60:7A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e86b23d-fed3-4663-bfb7-4a378de50020.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.182.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:e1:14:47:b3:b9:78:3a:08:4f:4d:06:b5:f4:d7:4a:8a:f6:
         1b:d1:4a:62:39:b6:d8:76:bd:08:c6:56:2c:cb:12:eb:31:29:
         44:f2:0f:89:5a:29:74:20:3c:48:ca:a9:6c:79:83:53:82:ba:
         f5:53:30:3d:c9:7b:20:c5:35:40:d6:ed:5c:8c:1d:58:07:84:
         eb:cf:2f:9a:88:fb:4e:e7:2d:87:41:35:dc:b4:7a:d7:ec:76:
         3e:d8:af:32:96:c5:b6:af:92:28:d0:32:ea:58:f2:21:e9:e9:
         c4:9d:c9:c4:14:47:d3:6c:03:a7:bb:c8:dc:aa:b9:0b:df:ad:
         f4:05:65:a3:1b:63:22:74:26:78:8c:e0:90:07:4f:6a:9e:0b:
         43:95:ab:fe:3c:7f:c0:1c:6e:a4:b7:a0:31:b0:76:b6:e8:b9:
         b8:82:2d:b9:17:cd:ac:a9:74:67:78:ae:2f:4d:69:db:55:41:
         3b:c4:83:4f:d0:84:74:d6:74:0b:c3:d9:b4:63:52:f5:ee:b6:
         2a:d5:27:18:1c:10:32:3e:95:28:38:bd:40:c9:df:73:8d:9b:
         7a:25:61:38:8b:84:b7:ee:de:f2:08:e1:36:1c:0c:60:94:c4:
         62:78:d4:42:65:2d:92:51:1a:74:b7:db:54:3d:c1:f4:a4:3f:
         c4:72:43:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURvlBmMUX/3A32S1yVrRY4lgJfHEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIyMjMyNTMxWhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjE4Zjk3M2UyNzlhNjQxYzI2Y2YxNDUxYzdiZWU0NmQz
YzM3NzA5MWIzZGRiOGY1MWUxYTgyMzI0ZmY2ZGIzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd2IHcOEW6ErXQK2UyAt8CXyS6+r36Wfah2q+U1ycLYZUJ
SGKfu+s13bjdKihW6y/FmKQXvEeB8XJShBfQ7g3IGgj+MiA2/hJOUkHxTiMwMhUN
TUz8AOoWm3wYsb8BH1j/7qcDfTSnxWhg30KhCqlvQJ9YLa17mBSJegrTXQWZ6/T4
zggy4r3cBstczB986EvN7WTRkVxwvz8hefSU2xda6tEyd5TpKWMCQ1QVu1AO+rTz
2Bq8Na8Kn9voB0IPyTPTYOOKNB1/xXzR6FtLGh2SaVzusTEngWFf8tkygEiHSzHf
p4bpbcYyqn87ldPDKP1B7wal0QICicitqSN2rZtlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm0lghH2nCBY6r6O6UOk4HZftYHowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVlODZiMjNkLWZlZDMtNDY2My1iZmI3LTRhMzc4ZGU1MDAyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2tugwDQYJKoZIhvcNAQELBQADggEBAGLhFEezuXg6CE9NBrX010qK9hvR
SmI5tth2vQjGVizLEusxKUTyD4laKXQgPEjKqWx5g1OCuvVTMD3JeyDFNUDW7VyM
HVgHhOvPL5qI+07nLYdBNdy0etfsdj7YrzKWxbavkijQMupY8iHp6cSdycQUR9Ns
A6e7yNyquQvfrfQFZaMbYyJ0JniM4JAHT2qeC0OVq/48f8AcbqS3oDGwdrboubiC
LbkXzaypdGd4ri9NadtVQTvEg0/QhHTWdAvD2bRjUvXutirVJxgcEDI+lSg4vUDJ
33ONm3olYTiLhLfu3vII4TYcDGCUxGJ41EJlLZJRGnS321Q9wfSkP8RyQzQ=
-----END CERTIFICATE-----