Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/753bfb8d-19c1-468a-9fe9-da4787da9f96.roa
File:                     753bfb8d-19c1-468a-9fe9-da4787da9f96.roa (raw, json)
Hash identifier:          3WbtFzhD9GGuA/vqwBCGNg2zCcjo5904wG/nYC1KCVU=
Subject key identifier:   05:66:F6:48:C8:CC:97:7C:68:59:6C:E2:44:9D:B8:4E:E7:29:D7:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       53FD021A73889A79296AAB1691F97F6F0CCB1DAA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/753bfb8d-19c1-468a-9fe9-da4787da9f96.roa
Signing time:             Tue 21 Oct 2025 01:30:13 +0000
ROA not before:           Tue 21 Oct 2025 01:30:13 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:fd:02:1a:73:88:9a:79:29:6a:ab:16:91:f9:7f:6f:0c:cb:1d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 01:30:13 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=b0db6de26060b5aee9785a8f0080d3c56aae84824b55bd3f919340c215d98699, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0d:39:9d:8a:11:2f:77:e1:cb:e6:76:84:aa:
                    b4:ce:e4:c9:fd:f6:f0:e1:90:98:20:18:0d:3f:f8:
                    dc:1a:64:da:85:df:8d:18:87:b3:2c:33:9a:03:07:
                    1b:e8:ae:fd:e9:fa:f7:ef:29:c2:90:b0:41:32:f3:
                    8a:c8:3c:72:6a:7a:d5:2b:f6:3a:24:25:df:99:e6:
                    7a:5c:f3:d4:a1:a3:36:bb:97:9c:5f:5f:76:f4:9d:
                    1b:08:5a:7a:43:9b:3b:06:55:29:5b:7f:7d:2a:f7:
                    46:fd:81:54:d9:e6:e4:a1:df:df:66:65:6c:cb:08:
                    30:36:09:1f:72:bf:77:0d:9b:14:c8:48:5e:ca:bc:
                    fb:0a:71:f8:4a:e1:23:1c:7b:91:68:72:69:da:a8:
                    2c:dd:c4:60:c4:53:58:a4:94:15:7b:d0:20:c2:6b:
                    12:5e:4a:28:2a:ae:a3:d2:0e:14:8f:c9:ef:54:05:
                    f1:b1:9e:6f:87:bf:9f:27:e5:fd:7a:eb:d4:57:25:
                    d6:e1:77:cb:c2:79:12:1c:55:28:11:5a:c0:31:53:
                    a1:88:15:ad:e0:9d:6f:e5:37:f9:62:80:aa:8a:fc:
                    b9:bd:7e:c7:bd:4a:97:fc:07:c2:d2:0d:34:1b:19:
                    1f:59:17:43:55:d1:1b:6d:ef:8d:1b:64:ae:97:b5:
                    b0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:66:F6:48:C8:CC:97:7C:68:59:6C:E2:44:9D:B8:4E:E7:29:D7:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/753bfb8d-19c1-468a-9fe9-da4787da9f96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:70:8e:2a:7d:be:38:12:39:ab:a8:f6:24:15:bd:ce:fd:26:
         42:d7:1d:51:17:59:93:b0:b6:85:c1:9e:a3:68:a5:65:a0:07:
         7e:dc:1b:fe:66:a3:ec:27:95:d5:9b:3d:00:85:d8:b2:fd:56:
         ca:a9:73:60:a3:5b:21:e6:fa:5e:0a:71:95:fc:2f:9d:cc:50:
         60:14:cc:4c:85:fc:19:5c:7a:8d:8c:f4:94:f5:c5:c4:aa:09:
         8b:47:88:4d:e9:d6:6f:fe:53:d3:8d:91:9a:8e:2a:0a:56:85:
         65:52:41:74:93:97:11:6c:9d:0d:b6:3e:1c:28:1e:f6:cb:a8:
         02:88:e1:3f:86:3a:05:66:b5:73:70:38:fa:32:6b:ce:41:9f:
         75:51:b5:f4:ae:29:18:e0:6d:54:84:a3:04:03:5c:a5:01:fe:
         d8:78:d9:7c:be:05:05:58:2b:76:d6:73:a0:d9:d7:e0:02:64:
         83:70:30:77:29:c0:fe:84:d7:a3:a0:2a:10:f3:9d:e7:0f:43:
         35:f3:13:6f:9a:f6:04:c6:76:a6:fd:d5:74:89:9e:99:1d:3b:
         92:24:b6:a3:6e:82:98:2f:62:90:a8:ce:b9:e7:4a:97:24:97:
         26:1e:75:6c:0a:b2:d7:91:cc:f4:79:bb:b5:83:74:93:7f:eb:
         8c:2e:9e:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU/0CGnOImnkpaqsWkfl/bwzLHaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDEzMDEzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGRiNmRlMjYwNjBiNWFlZTk3ODVhOGYwMDgwZDNjNTZh
YWU4NDgyNGI1NWJkM2Y5MTkzNDBjMjE1ZDk4Njk5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxDTmdihEvd+HL5naEqrTO5Mn99vDhkJggGA0/+NwaZNqF
340Yh7MsM5oDBxvorv3p+vfvKcKQsEEy84rIPHJqetUr9jokJd+Z5npc89Shoza7
l5xfX3b0nRsIWnpDmzsGVSlbf30q90b9gVTZ5uSh399mZWzLCDA2CR9yv3cNmxTI
SF7KvPsKcfhK4SMce5FocmnaqCzdxGDEU1iklBV70CDCaxJeSigqrqPSDhSPye9U
BfGxnm+Hv58n5f1669RXJdbhd8vCeRIcVSgRWsAxU6GIFa3gnW/lN/ligKqK/Lm9
fse9Spf8B8LSDTQbGR9ZF0NV0Rtt740bZK6XtbA9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBWb2SMjMl3xoWWziRJ24Tucp16IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc1M2JmYjhkLTE5YzEtNDY4YS05ZmU5LWRhNDc4N2RhOWY5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3uAwDQYJKoZIhvcNAQELBQADggEBAGBwjip9vjgSOauo9iQVvc79JkLX
HVEXWZOwtoXBnqNopWWgB37cG/5mo+wnldWbPQCF2LL9Vsqpc2CjWyHm+l4KcZX8
L53MUGAUzEyF/Blceo2M9JT1xcSqCYtHiE3p1m/+U9ONkZqOKgpWhWVSQXSTlxFs
nQ22PhwoHvbLqAKI4T+GOgVmtXNwOPoya85Bn3VRtfSuKRjgbVSEowQDXKUB/th4
2Xy+BQVYK3bWc6DZ1+ACZINwMHcpwP6E16OgKhDznecPQzXzE2+a9gTGdqb91XSJ
npkdO5IktqNugpgvYpCozrnnSpcklyYedWwKsteRzPR5u7WDdJN/64wuniY=
-----END CERTIFICATE-----