Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d3f8440-e28a-449a-b9ef-778f39d106c6.roa
File:                     7d3f8440-e28a-449a-b9ef-778f39d106c6.roa (raw, json)
Hash identifier:          9lRantoH6yKWm3+KYc3K9Og6xPHO/Drp9+BIO6eC5rQ=
Subject key identifier:   08:61:2F:B1:82:CF:8A:13:9B:7C:E7:E5:95:AF:BF:FF:D8:5E:DB:AA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       228B2BCF0131F0B6819C9DEF6B145EEE5F294607
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d3f8440-e28a-449a-b9ef-778f39d106c6.roa
Signing time:             Tue 21 Oct 2025 10:20:08 +0000
ROA not before:           Tue 21 Oct 2025 10:20:08 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:8b:2b:cf:01:31:f0:b6:81:9c:9d:ef:6b:14:5e:ee:5f:29:46:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 10:20:08 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=83a629054b90fc2fde2db5c69252e81c4b0b7c553ae46813b1e254d028b18ec5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:98:41:33:a2:47:a9:c4:7f:b1:ce:6b:aa:0a:
                    d1:20:5d:67:f0:74:44:9b:fd:26:a1:2f:4a:51:64:
                    03:1e:ff:c3:fd:a0:7a:91:b4:47:13:ae:53:50:6d:
                    97:63:ae:30:ba:fe:3c:1c:2c:1c:cb:84:f1:0e:27:
                    6e:52:ae:51:4f:d8:ad:2f:e4:93:18:9d:75:ed:0e:
                    25:52:d8:7a:80:d6:c8:86:77:17:c4:80:6c:ac:6b:
                    ad:7a:b5:fc:66:ce:b5:cb:c5:7c:05:fb:03:b4:35:
                    ba:5b:57:e0:ab:53:a2:dd:f7:36:94:08:8e:b9:50:
                    f6:bc:31:d5:93:8e:a3:82:bc:97:8b:f7:8a:b7:43:
                    cb:70:32:4a:a8:4b:1b:e0:fb:85:d2:09:56:70:b6:
                    c8:1c:b8:9b:f6:0b:e1:33:2a:0a:f1:13:52:d4:21:
                    4e:a6:95:3d:7b:31:b1:a6:ba:be:fb:09:c7:a7:f6:
                    71:33:cc:79:47:e5:bb:58:bc:d1:34:45:51:4d:d0:
                    e4:a7:6d:40:92:a8:a1:c9:df:62:c4:95:68:f0:cc:
                    f6:c6:10:a0:a1:38:e3:b7:7e:61:e4:f2:e5:7a:67:
                    a2:c8:ad:f4:59:72:17:5c:1a:95:c7:c5:62:34:d6:
                    d6:72:7f:ff:98:32:3c:95:9a:02:32:11:7a:9b:66:
                    3f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:61:2F:B1:82:CF:8A:13:9B:7C:E7:E5:95:AF:BF:FF:D8:5E:DB:AA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d3f8440-e28a-449a-b9ef-778f39d106c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:32:a5:48:9f:29:31:19:1a:60:ba:69:18:b5:1d:98:d9:f3:
         cf:1b:fb:6d:fb:71:fe:82:23:84:ea:0a:a8:d0:5e:07:21:70:
         74:90:25:19:0d:8d:d8:df:62:db:87:1a:3a:c9:e7:9c:d7:0f:
         36:31:c6:b2:0a:7c:5c:1c:1f:1c:7b:a7:e0:80:c8:2a:5c:37:
         80:1b:6f:4b:da:29:74:93:f0:80:14:8b:cb:ea:f0:64:b0:31:
         10:6d:a3:35:c2:27:9f:f2:d4:29:12:25:cf:60:cd:39:05:09:
         8a:c6:e2:a7:c1:84:46:7a:e3:85:97:19:55:08:77:13:ad:a9:
         cf:0d:37:9a:57:9e:68:10:2e:06:80:05:2a:14:78:e1:d3:7a:
         f0:58:ab:05:fe:93:11:3c:40:73:19:3e:50:0a:45:4d:a2:3d:
         58:66:fd:51:d3:03:05:ab:ab:d6:39:98:53:85:ff:df:1e:51:
         76:fe:c8:9f:50:6d:8b:ef:af:30:33:e4:3c:81:65:1b:94:b2:
         2a:8d:1b:50:82:0b:13:00:04:81:ef:62:5e:a6:d1:b9:bb:79:
         56:9a:78:bc:5c:46:b5:e5:94:d1:75:78:d4:97:95:c7:e6:31:
         02:1e:f0:21:f9:f4:40:b4:13:f8:72:48:7a:65:d9:ae:ae:83:
         b6:5b:a9:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIosrzwEx8LaBnJ3vaxRe7l8pRgcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMTAyMDA4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2E2MjkwNTRiOTBmYzJmZGUyZGI1YzY5MjUyZTgxYzRi
MGI3YzU1M2FlNDY4MTNiMWUyNTRkMDI4YjE4ZWM1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGmEEzokepxH+xzmuqCtEgXWfwdESb/SahL0pRZAMe/8P9
oHqRtEcTrlNQbZdjrjC6/jwcLBzLhPEOJ25SrlFP2K0v5JMYnXXtDiVS2HqA1siG
dxfEgGysa616tfxmzrXLxXwF+wO0NbpbV+CrU6Ld9zaUCI65UPa8MdWTjqOCvJeL
94q3Q8twMkqoSxvg+4XSCVZwtsgcuJv2C+EzKgrxE1LUIU6mlT17MbGmur77Ccen
9nEzzHlH5btYvNE0RVFN0OSnbUCSqKHJ32LElWjwzPbGEKChOOO3fmHk8uV6Z6LI
rfRZchdcGpXHxWI01tZyf/+YMjyVmgIyEXqbZj8jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCGEvsYLPihObfOflla+//9he26owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdkM2Y4NDQwLWUyOGEtNDQ5YS1iOWVmLTc3OGYzOWQxMDZjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XpIwDQYJKoZIhvcNAQELBQADggEBACMypUifKTEZGmC6aRi1HZjZ888b
+237cf6CI4TqCqjQXgchcHSQJRkNjdjfYtuHGjrJ55zXDzYxxrIKfFwcHxx7p+CA
yCpcN4Abb0vaKXST8IAUi8vq8GSwMRBtozXCJ5/y1CkSJc9gzTkFCYrG4qfBhEZ6
44WXGVUIdxOtqc8NN5pXnmgQLgaABSoUeOHTevBYqwX+kxE8QHMZPlAKRU2iPVhm
/VHTAwWrq9Y5mFOF/98eUXb+yJ9QbYvvrzAz5DyBZRuUsiqNG1CCCxMABIHvYl6m
0bm7eVaaeLxcRrXllNF1eNSXlcfmMQIe8CH59EC0E/hySHpl2a6ug7ZbqYM=
-----END CERTIFICATE-----