Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a78423a-9c56-47a1-9157-947db4eabda9.roa
File:                     9a78423a-9c56-47a1-9157-947db4eabda9.roa (raw, json)
Hash identifier:          3j5wnXbNgA05vL23jb8ekDRjkRdNBCgLC6wwvasC2PE=
Subject key identifier:   5C:B3:7B:86:24:AA:CB:07:83:63:DA:A6:81:5F:38:48:64:54:A2:92
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       41DAB24362D60646CBD53EF6B45F56EF9C22408B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a78423a-9c56-47a1-9157-947db4eabda9.roa
Signing time:             Tue 29 Jul 2025 15:11:00 +0000
ROA not before:           Tue 29 Jul 2025 15:11:00 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.157.72.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:da:b2:43:62:d6:06:46:cb:d5:3e:f6:b4:5f:56:ef:9c:22:40:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 15:11:00 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=c0928bf613cec5d2411490cc9dbd80df80af0d5a125d9c007ce297489638e428, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b1:29:d9:38:43:8c:3a:a8:5c:4c:f5:08:0c:
                    c2:89:b0:18:9b:28:12:ab:09:7e:a8:85:d1:5a:af:
                    5e:88:75:34:67:23:bb:51:bb:3e:2f:18:77:59:91:
                    58:8d:58:35:99:bb:ea:4b:db:05:85:18:1e:15:fc:
                    0c:26:6c:67:b0:a2:d5:df:1c:b2:98:c9:ae:a2:a7:
                    23:98:bc:ee:38:18:ee:3e:c3:78:7c:35:c7:62:d8:
                    47:eb:d7:2c:94:cc:73:c0:e5:6b:d7:d9:ec:4b:a8:
                    ce:c4:de:d9:d8:96:85:e7:89:17:a5:7d:fc:2e:0f:
                    f9:21:7e:3a:de:5a:8b:ea:59:c2:56:89:5b:33:a2:
                    ca:89:9d:1f:ef:2f:bf:30:f0:6a:8f:24:53:75:aa:
                    d6:4c:6a:5e:08:14:77:4e:2f:47:2b:0a:3b:bf:00:
                    7b:76:29:51:10:0f:08:18:e7:cf:40:f0:10:e6:3b:
                    95:ed:46:6f:fe:b7:e4:8e:7f:23:5a:b0:95:81:7a:
                    66:b9:51:09:fd:e0:2c:a5:9c:09:88:9c:09:59:37:
                    4d:82:a0:cb:36:f4:4b:1f:8e:d6:b1:c7:69:a0:ee:
                    9a:b8:93:22:7e:e0:35:04:de:03:ea:81:ba:1a:93:
                    62:79:b2:61:50:bf:ee:c8:43:4f:81:a9:03:f0:ae:
                    d9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B3:7B:86:24:AA:CB:07:83:63:DA:A6:81:5F:38:48:64:54:A2:92
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a78423a-9c56-47a1-9157-947db4eabda9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.157.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:f4:96:cc:7a:16:1a:c1:a5:5f:68:7e:ee:e2:ce:72:d7:d1:
         15:96:e5:d7:fc:3e:a7:96:65:fd:10:e8:db:bf:72:f0:0a:0a:
         8f:a3:8b:76:71:9a:5a:31:2a:53:91:a1:af:87:fa:6e:71:59:
         34:0d:ab:c6:b1:f8:75:7a:bc:eb:fa:da:3a:81:ff:1f:57:a0:
         cf:32:ef:67:7a:30:f7:79:cd:72:ae:2f:24:cf:e3:b7:a4:c7:
         36:bf:d1:4c:63:d8:02:1d:9f:8c:0a:e7:64:58:d3:b6:88:78:
         41:ba:04:13:29:0d:1e:14:4d:99:69:19:22:c4:93:2a:b6:02:
         16:45:5a:69:bf:fc:61:b6:c6:44:51:0b:31:2a:55:b5:d7:ef:
         29:c2:83:3a:6a:41:22:9c:0d:9e:f5:9b:cf:bf:9e:22:bf:5a:
         90:2f:0c:90:da:fd:52:fd:2a:03:4a:1a:a2:9e:5a:a4:bf:91:
         28:8d:1c:1b:92:5b:0c:22:80:12:2c:fd:a5:4c:f4:51:d0:c1:
         e5:86:88:f6:b3:75:41:d0:21:31:fd:2d:cb:54:03:34:18:d5:
         ae:d8:c7:b4:d3:1f:b9:6d:ab:80:9a:17:86:e9:c8:bd:c9:2f:
         5e:bc:50:f3:8e:bb:7b:99:d3:df:4f:03:d7:38:f5:26:d3:b9:
         30:42:1b:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQdqyQ2LWBkbL1T72tF9W75wiQIswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTUxMTAwWhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDkyOGJmNjEzY2VjNWQyNDExNDkwY2M5ZGJkODBkZjgw
YWYwZDVhMTI1ZDljMDA3Y2UyOTc0ODk2MzhlNDI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgsSnZOEOMOqhcTPUIDMKJsBibKBKrCX6ohdFar16IdTRn
I7tRuz4vGHdZkViNWDWZu+pL2wWFGB4V/AwmbGewotXfHLKYya6ipyOYvO44GO4+
w3h8Ncdi2Efr1yyUzHPA5WvX2exLqM7E3tnYloXniRelffwuD/khfjreWovqWcJW
iVszosqJnR/vL78w8GqPJFN1qtZMal4IFHdOL0crCju/AHt2KVEQDwgY589A8BDm
O5XtRm/+t+SOfyNasJWBema5UQn94CylnAmInAlZN02CoMs29Esfjtaxx2mg7pq4
kyJ+4DUE3gPqgboak2J5smFQv+7IQ0+BqQPwrtl5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXLN7hiSqyweDY9qmgV84SGRUopIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlhNzg0MjNhLTljNTYtNDdhMS05MTU3LTk0N2RiNGVhYmRhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2nUgwDQYJKoZIhvcNAQELBQADggEBACX0lsx6FhrBpV9ofu7iznLX0RWW
5df8PqeWZf0Q6Nu/cvAKCo+ji3ZxmloxKlORoa+H+m5xWTQNq8ax+HV6vOv62jqB
/x9XoM8y72d6MPd5zXKuLyTP47ekxza/0Uxj2AIdn4wK52RY07aIeEG6BBMpDR4U
TZlpGSLEkyq2AhZFWmm//GG2xkRRCzEqVbXX7ynCgzpqQSKcDZ71m8+/niK/WpAv
DJDa/VL9KgNKGqKeWqS/kSiNHBuSWwwigBIs/aVM9FHQweWGiPazdUHQITH9LctU
AzQY1a7Yx7TTH7ltq4CaF4bpyL3JL168UPOOu3uZ099PA9c49SbTuTBCG1Q=
-----END CERTIFICATE-----