Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/69b7eb6d-9d7c-4a85-a7fc-9332085e1aab.roa
File:                     69b7eb6d-9d7c-4a85-a7fc-9332085e1aab.roa (raw, json)
Hash identifier:          OuBQ8a88Y3bgCAq2+2Q0tQFtU/s5wUBAoh+02j5lyt4=
Subject key identifier:   48:BA:8E:5C:69:0E:16:4A:3A:90:3B:0A:2C:CA:27:A3:A1:CE:FA:11
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       03708511E028EA8AC60F780D1ABF31514B353B94
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/69b7eb6d-9d7c-4a85-a7fc-9332085e1aab.roa
Signing time:             Tue 21 Oct 2025 09:10:13 +0000
ROA not before:           Tue 21 Oct 2025 09:10:13 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.119.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:70:85:11:e0:28:ea:8a:c6:0f:78:0d:1a:bf:31:51:4b:35:3b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 09:10:13 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=5c5c479955a165bba76fc55edbc24e5b0eb947af9536bbddb42eb7c9c732820e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1d:06:5a:f6:df:1b:96:b3:71:d7:12:b4:09:
                    ec:bc:e4:19:f9:92:86:c0:ab:56:f5:b1:66:44:6f:
                    80:56:df:e4:9c:29:b4:ea:9a:e7:ed:a3:41:66:05:
                    af:c3:bc:70:40:d9:3a:45:3c:c8:e7:8a:01:d6:d7:
                    c2:81:ad:4d:09:30:49:f8:91:af:e7:72:7a:66:b2:
                    ad:2d:cd:73:47:e3:14:32:76:0b:40:9c:a9:00:5e:
                    7c:9a:44:0c:2b:d8:23:94:b3:54:bf:cb:0e:b1:f6:
                    0d:a5:18:82:1e:37:2d:97:eb:7a:b9:3d:f8:71:a0:
                    b7:99:39:dc:94:d2:bf:1e:b5:f2:82:71:85:a0:bb:
                    24:6d:76:99:5b:6b:5e:77:94:bd:50:d6:ce:86:2f:
                    7e:91:66:83:19:26:27:c2:17:69:ec:3d:b5:77:ad:
                    48:22:61:f7:ef:47:6f:55:86:eb:19:b6:e0:93:6a:
                    2d:e1:bf:89:ab:7f:12:29:c8:84:8d:8b:32:73:f3:
                    f0:45:7b:b3:bf:cf:a0:45:4e:62:3e:d2:cf:75:a8:
                    65:b7:e7:f4:41:b1:23:d2:7e:e5:46:22:61:5f:4a:
                    ee:25:f6:1c:16:66:ae:2f:31:69:8d:a1:05:c5:84:
                    d0:15:aa:b3:7c:dd:ab:19:c9:5d:52:80:37:bc:22:
                    8b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BA:8E:5C:69:0E:16:4A:3A:90:3B:0A:2C:CA:27:A3:A1:CE:FA:11
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/69b7eb6d-9d7c-4a85-a7fc-9332085e1aab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.119.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:ed:be:1a:34:35:f7:36:af:ab:fb:04:b3:cf:3c:15:7f:df:
         2c:f0:c2:7a:5c:68:ca:ca:36:f6:b5:cf:b1:54:4e:60:7a:22:
         23:5b:53:38:76:55:0e:61:55:81:f6:6e:d5:17:6f:4c:53:1d:
         54:ae:c5:58:ee:a4:0c:36:cb:ab:ad:f3:32:1e:b8:dc:0e:e8:
         cb:45:39:19:8e:9d:f6:f3:90:23:db:0d:ff:e6:3b:a6:65:26:
         d7:82:f1:b5:31:56:76:d5:51:e6:e0:6d:6b:a1:5b:c1:d9:2a:
         d7:4e:e8:e7:12:b6:ba:bd:99:97:f8:0d:ca:cc:48:51:d9:b6:
         e5:54:28:27:e1:01:08:86:f9:58:7e:4d:6c:dd:31:60:d1:d4:
         44:57:e9:d9:88:eb:f7:d7:cd:86:8d:72:00:65:f4:b4:d7:a0:
         9b:df:8b:34:59:1d:a7:cb:f9:28:9a:1d:ba:fb:7b:e0:f1:87:
         da:fa:8a:f0:ac:c1:7e:27:d6:c6:af:f1:65:2e:4d:f9:61:a8:
         73:5b:f9:0f:88:a7:e2:07:ba:08:64:ac:25:fc:ab:ca:72:29:
         ef:e8:8b:ad:4c:e2:75:1b:ab:fe:13:e0:c3:ab:cc:c7:6e:1f:
         96:67:03:b9:6c:90:60:01:e2:2a:e1:5c:ce:18:ef:30:95:be:
         fb:1a:52:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA3CFEeAo6orGD3gNGr8xUUs1O5QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDkxMDEzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzVjNDc5OTU1YTE2NWJiYTc2ZmM1NWVkYmMyNGU1YjBl
Yjk0N2FmOTUzNmJiZGRiNDJlYjdjOWM3MzI4MjBlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpHQZa9t8blrNx1xK0Cey85Bn5kobAq1b1sWZEb4BW3+Sc
KbTqmufto0FmBa/DvHBA2TpFPMjnigHW18KBrU0JMEn4ka/ncnpmsq0tzXNH4xQy
dgtAnKkAXnyaRAwr2COUs1S/yw6x9g2lGIIeNy2X63q5PfhxoLeZOdyU0r8etfKC
cYWguyRtdplba153lL1Q1s6GL36RZoMZJifCF2nsPbV3rUgiYffvR29VhusZtuCT
ai3hv4mrfxIpyISNizJz8/BFe7O/z6BFTmI+0s91qGW35/RBsSPSfuVGImFfSu4l
9hwWZq4vMWmNoQXFhNAVqrN83asZyV1SgDe8IouTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSLqOXGkOFko6kDsKLMono6HO+hEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY5YjdlYjZkLTlkN2MtNGE4NS1hN2ZjLTkzMzIwODVlMWFhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0d8AwDQYJKoZIhvcNAQELBQADggEBAE7tvho0Nfc2r6v7BLPPPBV/3yzw
wnpcaMrKNva1z7FUTmB6IiNbUzh2VQ5hVYH2btUXb0xTHVSuxVjupAw2y6ut8zIe
uNwO6MtFORmOnfbzkCPbDf/mO6ZlJteC8bUxVnbVUebgbWuhW8HZKtdO6OcStrq9
mZf4DcrMSFHZtuVUKCfhAQiG+Vh+TWzdMWDR1ERX6dmI6/fXzYaNcgBl9LTXoJvf
izRZHafL+SiaHbr7e+Dxh9r6ivCswX4n1sav8WUuTflhqHNb+Q+Ip+IHughkrCX8
q8pyKe/oi61M4nUbq/4T4MOrzMduH5ZnA7lskGAB4irhXM4Y7zCVvvsaUpA=
-----END CERTIFICATE-----