Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/717d8d60-b812-4321-a774-df7920ae17ef.roa
File:                     717d8d60-b812-4321-a774-df7920ae17ef.roa (raw, json)
Hash identifier:          /OzJ4iDNJPp7SwDn/2clSOrMHxs9XLWI4L7oc0JSKro=
Subject key identifier:   50:5B:1C:1E:88:A4:00:28:FE:C3:7E:06:98:AA:68:91:E3:69:08:01
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2E014EB3BB8BD34F2DCC5AE02005EFF7019F92E6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/717d8d60-b812-4321-a774-df7920ae17ef.roa
Signing time:             Tue 04 Nov 2025 01:30:13 +0000
ROA not before:           Tue 04 Nov 2025 01:30:13 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.160.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:01:4e:b3:bb:8b:d3:4f:2d:cc:5a:e0:20:05:ef:f7:01:9f:92:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:30:13 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=c73ade5522dfaf18c47a5e231a8efec348fadef954ba2fd5b26caa99f3455569, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:62:65:b9:3c:7e:23:14:ea:8a:b6:45:c0:
                    40:d3:c0:e4:6d:0c:20:32:2f:af:cb:a3:14:83:62:
                    0a:4c:00:a3:f8:5d:af:f3:34:fb:5d:db:2a:56:18:
                    c5:99:46:ad:bd:2a:dc:22:ff:d5:87:e8:ee:c4:2f:
                    48:17:a2:97:a7:53:e3:fa:1d:9e:fc:df:75:3a:1b:
                    a6:a1:17:42:3b:ec:20:3f:3e:34:e0:d4:46:3c:6b:
                    62:e9:44:93:b2:6a:5b:52:53:c8:e4:58:b2:4f:54:
                    60:21:aa:8c:38:81:51:bf:af:c9:3d:dc:fb:8c:bf:
                    54:02:be:5b:f2:ba:54:eb:f4:b3:e2:d1:13:6d:01:
                    a5:a1:71:71:6f:99:8d:c9:e6:51:b2:b5:85:43:ea:
                    6b:fd:d4:71:97:95:50:72:8b:d7:43:c4:ed:7e:85:
                    b6:76:d5:e5:c1:3a:53:00:da:be:76:69:88:63:7e:
                    57:b4:57:61:da:5e:42:ff:a1:30:f3:9f:32:90:c7:
                    d2:48:c1:9f:b3:df:6c:7b:e4:e5:94:75:f0:e4:a5:
                    65:3d:7f:0a:a5:ca:59:6c:d7:00:32:8a:c4:d6:dd:
                    31:c3:a1:c3:bc:c0:72:4c:6f:db:b4:05:62:dd:65:
                    e2:81:b3:23:97:6c:7d:18:b9:58:d8:e7:a2:42:7c:
                    b7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:5B:1C:1E:88:A4:00:28:FE:C3:7E:06:98:AA:68:91:E3:69:08:01
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/717d8d60-b812-4321-a774-df7920ae17ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.160.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5b:10:83:55:9b:11:b8:e2:e1:de:a4:37:6f:1e:36:56:d0:84:
         b0:a6:b7:b5:e1:d5:e2:fd:b1:ab:65:1b:ef:3e:f8:62:d7:ea:
         7e:f5:8b:65:77:e5:7d:4f:10:04:32:78:9d:9b:90:30:d0:3d:
         b9:59:f0:27:aa:77:c8:b3:26:c5:e0:0c:2f:e4:94:00:a3:16:
         98:f2:4f:74:49:fc:6b:f6:0e:2c:39:fe:48:5e:ae:7a:1f:a9:
         27:4e:23:5e:70:45:ee:19:de:74:aa:c4:07:1f:1a:2f:48:89:
         64:9b:d3:f1:0d:02:fa:40:86:a8:e0:37:9d:a1:46:d5:ef:72:
         97:44:8d:84:72:7a:58:51:e0:c4:75:12:9a:60:b1:d6:77:6c:
         f3:7b:9d:ba:1f:9f:53:cd:07:7f:13:ea:58:02:3b:67:90:01:
         fb:a6:f6:e1:ff:09:f5:a6:dc:8b:eb:e7:91:0a:6a:77:2f:ba:
         b7:56:6a:6f:d9:c6:c9:63:7e:e0:6d:b6:0a:23:b1:8d:f8:9d:
         cf:84:8a:fc:36:e8:d9:a3:d9:03:a5:64:fc:77:8f:ab:a0:82:
         38:8c:c0:52:71:ab:3b:cf:6a:ec:88:63:c4:f4:74:bf:7b:53:
         3b:cb:a4:ac:74:f3:a7:cb:87:d8:b0:36:1d:4b:d1:86:4b:b7:
         48:8b:bc:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULgFOs7uL008tzFrgIAXv9wGfkuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDEzMDEzWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzNhZGU1NTIyZGZhZjE4YzQ3YTVlMjMxYThlZmVjMzQ4
ZmFkZWY5NTRiYTJmZDViMjZjYWE5OWYzNDU1NTY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZgmJluTx+IxTqirZFwEDTwORtDCAyL6/LoxSDYgpMAKP4
Xa/zNPtd2ypWGMWZRq29Ktwi/9WH6O7EL0gXopenU+P6HZ7833U6G6ahF0I77CA/
PjTg1EY8a2LpRJOyaltSU8jkWLJPVGAhqow4gVG/r8k93PuMv1QCvlvyulTr9LPi
0RNtAaWhcXFvmY3J5lGytYVD6mv91HGXlVByi9dDxO1+hbZ21eXBOlMA2r52aYhj
fle0V2HaXkL/oTDznzKQx9JIwZ+z32x75OWUdfDkpWU9fwqlylls1wAyisTW3THD
ocO8wHJMb9u0BWLdZeKBsyOXbH0YuVjY56JCfLeBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUFscHoikACj+w34GmKpokeNpCAEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxN2Q4ZDYwLWI4MTItNDMyMS1hNzc0LWRmNzkyMGFlMTdlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2oEAwDQYJKoZIhvcNAQELBQADggEBAFsQg1WbEbji4d6kN28eNlbQhLCm
t7Xh1eL9satlG+8++GLX6n71i2V35X1PEAQyeJ2bkDDQPblZ8Ceqd8izJsXgDC/k
lACjFpjyT3RJ/Gv2Diw5/khernofqSdOI15wRe4Z3nSqxAcfGi9IiWSb0/ENAvpA
hqjgN52hRtXvcpdEjYRyelhR4MR1EppgsdZ3bPN7nbofn1PNB38T6lgCO2eQAfum
9uH/CfWm3Ivr55EKancvurdWam/ZxsljfuBttgojsY34nc+Eivw26Nmj2QOlZPx3
j6uggjiMwFJxqzvPauyIY8T0dL97UzvLpKx086fLh9iwNh1L0YZLt0iLvFE=
-----END CERTIFICATE-----