Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa
File:                     74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa (raw, json)
Hash identifier:          lUCxBW5CDVUu1GXQOvLGjpI+FV8SKMwOAd9sXHVslw4=
Subject key identifier:   09:FE:1F:2A:FA:33:06:0F:9E:48:0D:1C:B5:30:60:4D:9E:F0:9E:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       780434A5B7DB6D12FDD4A01954186BA542240168
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa
Signing time:             Fri 17 Oct 2025 22:01:22 +0000
ROA not before:           Fri 17 Oct 2025 22:01:22 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.204.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:04:34:a5:b7:db:6d:12:fd:d4:a0:19:54:18:6b:a5:42:24:01:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 17 22:01:22 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=2b7afe873c4fcf5b544b0e6cb664dc31223cd85b0ae94cfe13dfb5c5bfb44b37, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8b:f5:fd:5e:fe:76:56:a4:5a:a8:8e:ad:73:
                    6e:15:06:3c:50:21:ed:62:6f:2e:5d:75:6a:0b:39:
                    ca:ac:a6:23:c8:4e:a9:83:dd:cf:a8:9d:15:1a:b8:
                    4a:db:83:f9:70:b7:46:fc:c0:7c:5b:dd:2a:06:cb:
                    00:d5:99:7d:a9:0a:b6:50:e7:ef:9f:64:55:32:be:
                    5c:a9:41:3d:bc:4e:60:f8:10:4d:ec:85:08:01:6f:
                    ed:eb:af:ff:d6:13:6e:bf:68:dc:70:62:ea:e3:5b:
                    37:0d:95:c6:a7:c6:0a:ad:c5:a0:a7:f2:91:49:21:
                    31:5e:66:62:99:75:97:f7:bd:98:b2:b5:38:d9:6e:
                    0e:3e:22:0e:08:59:ad:a8:04:2c:23:d4:15:56:7f:
                    e0:15:2d:4b:55:1e:99:04:e3:c2:fe:d8:5d:26:30:
                    98:17:d9:c1:8f:0f:df:bc:6f:69:8e:17:ba:6a:c0:
                    a1:0d:87:2f:27:c4:6d:22:8f:0e:45:19:3a:d8:d4:
                    95:a1:0d:26:38:1e:1e:8f:c3:d2:1a:fc:03:7d:39:
                    7c:1e:a4:7f:9e:ea:7f:2d:ae:12:43:24:54:7a:7c:
                    31:e7:b6:cc:ec:ce:0d:1f:a6:01:07:cb:2f:43:29:
                    8a:5e:cb:50:83:d4:6d:59:ce:0b:93:46:f7:cc:f0:
                    66:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FE:1F:2A:FA:33:06:0F:9E:48:0D:1C:B5:30:60:4D:9E:F0:9E:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.204.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         34:14:a3:0f:d6:65:e0:41:d1:31:08:eb:a0:5a:58:84:75:b9:
         6a:97:f9:a9:51:0e:ec:e7:b8:e2:75:8b:4f:83:3c:62:04:47:
         30:3f:43:3c:0d:e7:ce:57:18:29:25:a5:51:3e:6d:5f:7c:54:
         7e:05:7e:37:39:b2:47:67:94:c3:d0:ed:ed:22:f5:7a:8f:d1:
         d9:2c:6e:a1:3d:3d:13:77:78:dd:c8:e7:1d:c0:17:b9:a1:3a:
         2e:c8:55:e7:43:b9:47:cf:c0:19:ae:99:ba:a6:db:f9:44:7e:
         e4:93:02:5b:ce:d1:fd:64:58:fb:b1:e5:04:5e:cf:a4:e9:0d:
         a7:d7:da:98:bc:7a:fe:9a:be:72:07:78:8c:20:c0:5e:4d:22:
         5d:97:30:63:28:e2:fc:d5:99:6f:06:b6:05:0e:99:66:b3:cd:
         39:bc:39:5f:a6:c8:ab:c0:d0:72:6e:e4:1e:8a:24:b9:96:35:
         a0:93:2a:4a:c5:a3:1c:c8:b0:e9:db:b0:ab:74:36:db:62:cd:
         70:e0:83:25:90:a0:66:23:65:b0:13:3f:8c:27:55:2a:1e:c1:
         26:ff:f7:db:bf:ff:75:e3:4e:8a:8c:58:14:d9:3c:45:00:60:
         cf:d8:47:69:6c:8e:d8:0c:85:27:86:e5:70:f3:2f:37:ea:8b:
         f4:48:22:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeAQ0pbfbbRL91KAZVBhrpUIkAWgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE3MjIwMTIyWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjdhZmU4NzNjNGZjZjViNTQ0YjBlNmNiNjY0ZGMzMTIy
M2NkODViMGFlOTRjZmUxM2RmYjVjNWJmYjQ0YjM3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCji/X9Xv52VqRaqI6tc24VBjxQIe1iby5ddWoLOcqspiPI
TqmD3c+onRUauErbg/lwt0b8wHxb3SoGywDVmX2pCrZQ5++fZFUyvlypQT28TmD4
EE3shQgBb+3rr//WE26/aNxwYurjWzcNlcanxgqtxaCn8pFJITFeZmKZdZf3vZiy
tTjZbg4+Ig4IWa2oBCwj1BVWf+AVLUtVHpkE48L+2F0mMJgX2cGPD9+8b2mOF7pq
wKENhy8nxG0ijw5FGTrY1JWhDSY4Hh6Pw9Ia/AN9OXwepH+e6n8trhJDJFR6fDHn
tszszg0fpgEHyy9DKYpey1CD1G1ZzguTRvfM8Gb3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCf4fKvozBg+eSA0ctTBgTZ7wnsUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0ZjJlY2RmLWQ1ZDUtNGI0Mi05MmE0LTA0ZmNmZDE5ZjY5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ2zCAwDQYJKoZIhvcNAQELBQADggEBADQUow/WZeBB0TEI66BaWIR1uWqX
+alRDuznuOJ1i0+DPGIERzA/QzwN585XGCklpVE+bV98VH4Ffjc5skdnlMPQ7e0i
9XqP0dksbqE9PRN3eN3I5x3AF7mhOi7IVedDuUfPwBmumbqm2/lEfuSTAlvO0f1k
WPux5QRez6TpDafX2pi8ev6avnIHeIwgwF5NIl2XMGMo4vzVmW8GtgUOmWazzTm8
OV+myKvA0HJu5B6KJLmWNaCTKkrFoxzIsOnbsKt0NttizXDggyWQoGYjZbATP4wn
VSoewSb/99u//3XjToqMWBTZPEUAYM/YR2lsjtgMhSeG5XDzLzfqi/RIIkc=
-----END CERTIFICATE-----