Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76a36ab9-ada7-4025-9224-bcf99f3e1a8c.roa
File:                     76a36ab9-ada7-4025-9224-bcf99f3e1a8c.roa (raw, json)
Hash identifier:          DeiY0lH6xy0re4H8XUlj1MH4cZdgGgLyxYX5+FHnbp0=
Subject key identifier:   A5:80:6B:24:6C:4B:53:96:99:1C:1E:93:1E:3F:D1:61:4B:50:2D:8E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       226948B81374BC6FCE83447B62A7DD12C30AE5AE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76a36ab9-ada7-4025-9224-bcf99f3e1a8c.roa
Signing time:             Tue 21 Oct 2025 07:02:33 +0000
ROA not before:           Tue 21 Oct 2025 07:02:33 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        152.137.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:69:48:b8:13:74:bc:6f:ce:83:44:7b:62:a7:dd:12:c3:0a:e5:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 07:02:33 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=bc428177ca7db0174ac1f42f046180f7146e949a87422597293675d42d3d3e6d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f5:0b:b5:66:77:c4:78:80:12:e7:1d:17:d2:
                    d7:c0:ee:b0:dc:72:88:36:63:5f:cd:49:94:03:f7:
                    08:a7:98:69:8e:68:a0:d0:85:eb:6e:9f:b8:b8:72:
                    2e:23:32:e4:aa:c2:f8:f3:b4:cd:3c:5d:35:33:d6:
                    9d:c3:e8:d1:79:48:72:84:2e:ce:df:41:3b:60:5f:
                    c2:eb:07:b7:d6:ad:f9:5a:ce:c5:87:7e:d5:6e:42:
                    00:ff:0e:1f:1b:31:7c:5c:ad:ce:07:b8:64:f9:80:
                    8d:91:52:09:0e:1e:a2:fd:e6:c6:5d:49:77:92:db:
                    51:22:db:01:e8:c1:58:74:01:cd:d1:4f:e6:a7:a8:
                    91:48:1a:6c:84:21:95:9e:a2:e0:93:cf:d3:a8:45:
                    90:00:24:57:c3:5b:7d:bb:4d:39:e8:61:db:c2:25:
                    a3:41:b6:ff:46:4d:d4:77:28:bd:5f:f9:07:21:49:
                    64:2f:ff:4a:60:e4:cb:39:0b:5e:91:84:35:37:a7:
                    e8:49:3e:89:a1:5c:5d:11:b2:2d:de:bf:55:bf:b8:
                    01:b2:4f:39:b5:e5:5d:fe:8e:b0:e5:a7:b9:e2:58:
                    69:23:f2:24:ff:47:f1:07:02:24:52:ee:93:ba:62:
                    f1:86:4a:e8:df:1e:33:f8:90:c6:7a:37:e3:6a:d7:
                    4a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:80:6B:24:6C:4B:53:96:99:1C:1E:93:1E:3F:D1:61:4B:50:2D:8E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/76a36ab9-ada7-4025-9224-bcf99f3e1a8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.137.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:ff:b3:ab:08:00:63:25:6f:b5:3a:b8:39:3e:13:18:e1:14:
         d6:25:7c:36:d4:4c:c1:15:a4:4e:d1:29:ea:72:e5:c3:fb:13:
         45:4b:ac:ae:83:e8:08:d6:f7:bd:0c:3d:47:38:6c:70:9a:27:
         f3:ec:97:e1:65:ce:3d:5d:29:46:f0:a0:23:5e:97:49:b8:1c:
         56:02:b1:53:c7:7d:ec:b8:04:3d:e4:64:21:79:16:6f:63:fb:
         2a:6f:e8:d0:b4:6a:16:f2:89:1f:e6:50:65:7e:e8:d9:be:88:
         33:79:e2:11:4b:b0:ea:ae:c8:be:66:d4:63:c3:8f:7c:bb:da:
         33:08:14:ee:ce:ef:33:7d:12:cf:48:e8:d8:73:34:17:28:3b:
         dc:91:81:c7:98:a3:64:c9:90:32:65:82:81:d5:5f:5d:fa:b6:
         4e:34:97:c1:3d:b0:dc:c9:73:71:58:ea:5f:ef:2c:53:14:a4:
         70:c0:f8:72:d7:de:04:28:84:58:4b:d9:ed:a7:b6:2c:eb:a0:
         1a:d9:27:e6:4e:2d:e7:98:89:1f:b2:8e:e8:32:83:2c:5d:d3:
         57:fc:83:f7:53:62:e3:ef:69:94:75:d6:77:70:96:d6:d5:5d:
         ee:4d:3e:83:90:ca:f7:e4:d9:eb:1b:da:70:b5:14:47:9d:c9:
         be:d2:c8:4b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUImlIuBN0vG/Og0R7YqfdEsMK5a4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDcwMjMzWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzQyODE3N2NhN2RiMDE3NGFjMWY0MmYwNDYxODBmNzE0
NmU5NDlhODc0MjI1OTcyOTM2NzVkNDJkM2QzZTZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCI9Qu1ZnfEeIAS5x0X0tfA7rDccog2Y1/NSZQD9winmGmO
aKDQhetun7i4ci4jMuSqwvjztM08XTUz1p3D6NF5SHKELs7fQTtgX8LrB7fWrfla
zsWHftVuQgD/Dh8bMXxcrc4HuGT5gI2RUgkOHqL95sZdSXeS21Ei2wHowVh0Ac3R
T+anqJFIGmyEIZWeouCTz9OoRZAAJFfDW327TTnoYdvCJaNBtv9GTdR3KL1f+Qch
SWQv/0pg5Ms5C16RhDU3p+hJPomhXF0Rsi3ev1W/uAGyTzm15V3+jrDlp7niWGkj
8iT/R/EHAiRS7pO6YvGGSujfHjP4kMZ6N+Nq10q/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpYBrJGxLU5aZHB6THj/RYUtQLY4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2YTM2YWI5LWFkYTctNDAyNS05MjI0LWJjZjk5ZjNlMWE4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCYiTANBgkqhkiG9w0BAQsFAAOCAQEAPf+zqwgAYyVvtTq4OT4TGOEU1iV8
NtRMwRWkTtEp6nLlw/sTRUusroPoCNb3vQw9RzhscJon8+yX4WXOPV0pRvCgI16X
SbgcVgKxU8d97LgEPeRkIXkWb2P7Km/o0LRqFvKJH+ZQZX7o2b6IM3niEUuw6q7I
vmbUY8OPfLvaMwgU7s7vM30Sz0jo2HM0Fyg73JGBx5ijZMmQMmWCgdVfXfq2TjSX
wT2w3MlzcVjqX+8sUxSkcMD4ctfeBCiEWEvZ7ae2LOugGtkn5k4t55iJH7KO6DKD
LF3TV/yD91Ni4+9plHXWd3CW1tVd7k0+g5DK9+TZ6xvacLUUR53JvtLISw==
-----END CERTIFICATE-----