Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/87c185ae-9dbb-4e48-818e-6a611c8874e1.roa
File:                     87c185ae-9dbb-4e48-818e-6a611c8874e1.roa (raw, json)
Hash identifier:          2t5flivDZFVgxFqSsAupqkfZYruW9sZ39nSH1ppsB/0=
Subject key identifier:   BC:33:7A:0C:7D:54:9F:A8:B7:96:0A:45:E3:B1:0A:F3:8F:98:74:A7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7B6B99BD14014CEDA282E53053404ECA23D19F66
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/87c185ae-9dbb-4e48-818e-6a611c8874e1.roa
Signing time:             Tue 21 Oct 2025 07:42:24 +0000
ROA not before:           Tue 21 Oct 2025 07:42:24 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.240.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:6b:99:bd:14:01:4c:ed:a2:82:e5:30:53:40:4e:ca:23:d1:9f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 07:42:24 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=9d836f74a82a38a95afb063e774dcc5671154c0dcd1a4ddf78fcaf318e2c16f0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:21:d7:84:d8:27:fc:e6:81:69:be:10:98:
                    95:7f:80:bd:df:16:39:08:74:31:7c:6e:6c:3e:4a:
                    1a:23:db:a7:53:a6:10:4e:4a:c7:4d:ed:fb:1b:1a:
                    94:1c:69:f0:5b:14:14:10:e6:84:7f:25:e4:53:a1:
                    d9:9a:ba:50:89:c7:be:63:a1:5b:c3:74:01:31:8c:
                    38:0d:ca:09:3b:f4:e7:cd:1c:9e:3b:71:32:11:5d:
                    34:fa:70:55:2e:a9:3f:25:37:ab:4d:e5:64:7d:9f:
                    3c:b2:63:d1:24:60:d7:1f:17:d4:83:f3:a3:13:49:
                    69:c2:fa:81:12:39:29:85:95:e7:7e:1a:4f:a3:b1:
                    12:80:0e:ff:66:4f:d3:d0:9e:7c:cd:fd:33:b9:fb:
                    66:1f:22:a4:d8:bc:3d:92:f8:af:db:70:2a:ee:c5:
                    7a:2f:f1:61:48:54:01:f0:c1:dd:36:20:50:c2:6d:
                    f6:06:e1:2d:dc:b0:50:ae:10:72:df:e3:06:fd:ec:
                    27:e2:87:46:e0:4b:eb:a8:10:69:1f:09:a0:89:91:
                    30:f0:5c:fe:c3:09:3a:a1:d9:32:b3:47:b5:94:18:
                    b4:5c:ef:be:86:06:76:a3:f4:ab:9a:1a:05:c0:a7:
                    7c:01:3d:4c:d6:2e:92:77:f3:76:74:65:af:32:5f:
                    35:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:33:7A:0C:7D:54:9F:A8:B7:96:0A:45:E3:B1:0A:F3:8F:98:74:A7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/87c185ae-9dbb-4e48-818e-6a611c8874e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5e:6e:d7:3d:75:44:5c:e3:57:97:7f:98:df:fc:22:b8:0b:70:
         aa:4b:57:71:37:1b:d6:54:eb:3f:9d:34:8c:c6:c0:01:24:14:
         37:77:6d:15:b0:4f:50:fb:4c:40:50:16:4f:63:a5:5f:2d:e6:
         3d:33:c9:53:2a:78:27:82:33:99:7c:75:d4:7c:da:70:d1:2f:
         04:d7:04:89:03:d5:3c:6a:f1:37:a4:b4:e6:c7:16:59:7f:95:
         b2:b9:aa:e3:4e:9c:4c:05:b3:63:97:25:3f:fa:84:cf:86:39:
         30:06:eb:a7:26:fa:48:2e:b5:46:cd:5c:10:58:2a:8a:6c:9b:
         0c:04:ad:80:e6:9d:c6:50:dd:f4:3f:44:ea:f0:98:52:1d:78:
         ef:1d:0f:90:9c:01:92:ba:fe:02:0b:1f:9a:37:0f:1b:d8:a6:
         2f:8f:ea:3a:97:91:34:fb:8e:52:05:dd:10:40:f2:af:3e:51:
         52:05:c9:86:82:f1:9a:c8:06:c4:c2:ae:9e:65:1b:15:d5:39:
         97:c9:c3:ae:bb:da:05:04:74:87:0c:47:ae:36:56:b1:69:b5:
         81:62:82:f7:52:86:f4:f7:4d:61:77:b9:fb:c3:25:63:1e:26:
         44:47:d6:2c:37:3c:81:ac:44:90:4b:cd:1d:dd:a8:5c:2c:8b:
         5e:d3:53:d7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe2uZvRQBTO2iguUwU0BOyiPRn2YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDc0MjI0WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDgzNmY3NGE4MmEzOGE5NWFmYjA2M2U3NzRkY2M1Njcx
MTU0YzBkY2QxYTRkZGY3OGZjYWYzMThlMmMxNmYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpEiHXhNgn/OaBab4QmJV/gL3fFjkIdDF8bmw+Shoj26dT
phBOSsdN7fsbGpQcafBbFBQQ5oR/JeRTodmaulCJx75joVvDdAExjDgNygk79OfN
HJ47cTIRXTT6cFUuqT8lN6tN5WR9nzyyY9EkYNcfF9SD86MTSWnC+oESOSmFled+
Gk+jsRKADv9mT9PQnnzN/TO5+2YfIqTYvD2S+K/bcCruxXov8WFIVAHwwd02IFDC
bfYG4S3csFCuEHLf4wb97Cfih0bgS+uoEGkfCaCJkTDwXP7DCTqh2TKzR7WUGLRc
776GBnaj9KuaGgXAp3wBPUzWLpJ383Z0Za8yXzVtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvDN6DH1Un6i3lgpF47EK84+YdKcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg3YzE4NWFlLTlkYmItNGU0OC04MThlLTZhNjExYzg4NzRlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ28EAwDQYJKoZIhvcNAQELBQADggEBAF5u1z11RFzjV5d/mN/8IrgLcKpL
V3E3G9ZU6z+dNIzGwAEkFDd3bRWwT1D7TEBQFk9jpV8t5j0zyVMqeCeCM5l8ddR8
2nDRLwTXBIkD1Txq8TektObHFll/lbK5quNOnEwFs2OXJT/6hM+GOTAG66cm+kgu
tUbNXBBYKopsmwwErYDmncZQ3fQ/ROrwmFIdeO8dD5CcAZK6/gILH5o3DxvYpi+P
6jqXkTT7jlIF3RBA8q8+UVIFyYaC8ZrIBsTCrp5lGxXVOZfJw6672gUEdIcMR642
VrFptYFigvdShvT3TWF3ufvDJWMeJkRH1iw3PIGsRJBLzR3dqFwsi17TU9c=
-----END CERTIFICATE-----