Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa
File:                     a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa (raw, json)
Hash identifier:          YRF1q7oqqqBxIkJL83NukY/dalLKOxiL7VFGaZEySQg=
Subject key identifier:   3E:23:28:E7:D2:04:AF:2D:31:91:DB:0E:73:AF:FC:16:D4:2A:D2:06
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0DC2BF3A446E49EF7F54BE3A7F3634672152B29B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa
Signing time:             Tue 04 Nov 2025 02:20:12 +0000
ROA not before:           Tue 04 Nov 2025 02:20:12 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.214.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:c2:bf:3a:44:6e:49:ef:7f:54:be:3a:7f:36:34:67:21:52:b2:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 02:20:12 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=2ae878d094021b9305318a894d4266b8aab87fa6bc407aa2806d4a82f45d0501, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e3:72:e5:f9:5d:10:aa:17:a1:5f:7d:2e:ef:
                    8a:80:1e:3c:73:62:19:eb:14:b4:0d:b2:ed:eb:f5:
                    37:df:f4:34:ca:51:fb:6c:d9:1e:a3:e0:76:60:51:
                    e1:a3:04:39:f8:04:12:eb:bf:af:e0:d2:19:64:55:
                    24:59:56:2b:89:0a:d1:18:cd:86:25:e8:c0:d0:0c:
                    aa:16:6b:33:2e:23:ff:01:4e:c1:15:db:52:7f:8a:
                    2a:eb:c1:cf:7e:83:ef:6f:31:3b:ae:65:f2:1d:6e:
                    08:30:32:b8:a0:5b:c2:4d:69:98:58:cb:11:5f:45:
                    ea:8f:34:e7:f4:27:ae:2c:ec:06:69:15:d1:93:04:
                    a1:e6:10:b7:35:9c:5f:4f:b0:d5:32:73:8b:16:36:
                    65:4b:57:6f:f7:59:73:bb:1e:b9:ba:99:3b:ef:9a:
                    38:d1:94:df:1a:64:e7:ba:f8:21:c0:fa:aa:84:b2:
                    0c:d4:3d:0e:b1:de:80:d0:00:47:0f:4b:98:a9:38:
                    57:5b:75:03:a4:50:01:1c:78:5c:ec:94:f6:db:34:
                    5b:5a:c6:cd:25:36:cb:73:39:d8:a1:2a:50:06:20:
                    07:f0:f9:85:87:e8:c4:cd:be:c7:80:68:87:f0:e9:
                    5b:75:09:20:bd:49:b0:c1:4e:7b:0c:5d:eb:8b:f4:
                    b8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:23:28:E7:D2:04:AF:2D:31:91:DB:0E:73:AF:FC:16:D4:2A:D2:06
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a8da99a1-9b93-4e3e-98d2-a2d003ec40d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.214.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:ad:dd:ed:f6:04:69:8c:b2:8f:24:b7:1b:cb:e4:07:f4:f3:
         f3:15:c0:7e:9b:82:1a:86:a7:eb:70:0b:3f:6d:96:e8:e8:13:
         a1:13:03:ba:bb:72:74:fa:85:17:61:d0:08:5f:c4:33:27:a4:
         75:33:3d:80:14:7d:42:94:9b:1e:03:2c:6d:e6:db:30:25:51:
         32:eb:20:cd:7b:26:47:06:01:1f:47:f8:3a:72:1a:26:a6:a5:
         09:e9:35:90:68:6e:4d:d9:a0:8f:3c:88:b7:73:34:4f:ff:5f:
         e6:4b:60:3e:88:41:41:a4:eb:c6:bf:82:3b:16:91:dc:39:1d:
         92:b6:6f:ae:42:00:59:5f:c0:53:c0:c1:f2:f8:01:21:b1:31:
         7c:57:0e:08:34:44:59:3b:6a:c3:48:97:c7:ce:14:7d:06:a4:
         cd:1e:f3:7e:fe:11:d5:64:25:ef:c0:cd:9e:76:78:ad:80:f2:
         0a:7b:f2:cb:6d:1b:05:3c:23:d0:21:44:7f:2b:1a:86:a2:8d:
         b9:00:d6:e1:34:fd:d4:5f:1b:ab:e5:e1:b3:58:7d:a0:6c:38:
         c9:4f:3c:bb:6b:a6:59:e3:9e:f4:c2:7a:e1:dc:b0:6a:df:90:
         aa:fa:ce:bb:8a:bc:73:a2:c8:f0:93:ca:f3:7a:89:0f:66:06:
         37:5b:54:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDcK/OkRuSe9/VL46fzY0ZyFSspswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDIyMDEyWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYWU4NzhkMDk0MDIxYjkzMDUzMThhODk0ZDQyNjZiOGFh
Yjg3ZmE2YmM0MDdhYTI4MDZkNGE4MmY0NWQwNTAxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDi43Ll+V0QqhehX30u74qAHjxzYhnrFLQNsu3r9Tff9DTK
Ufts2R6j4HZgUeGjBDn4BBLrv6/g0hlkVSRZViuJCtEYzYYl6MDQDKoWazMuI/8B
TsEV21J/iirrwc9+g+9vMTuuZfIdbggwMrigW8JNaZhYyxFfReqPNOf0J64s7AZp
FdGTBKHmELc1nF9PsNUyc4sWNmVLV2/3WXO7Hrm6mTvvmjjRlN8aZOe6+CHA+qqE
sgzUPQ6x3oDQAEcPS5ipOFdbdQOkUAEceFzslPbbNFtaxs0lNstzOdihKlAGIAfw
+YWH6MTNvseAaIfw6Vt1CSC9SbDBTnsMXeuL9LgxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPiMo59IEry0xkdsOc6/8FtQq0gYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E4ZGE5OWExLTliOTMtNGUzZS05OGQyLWEyZDAwM2VjNDBkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ21iAwDQYJKoZIhvcNAQELBQADggEBAJOt3e32BGmMso8ktxvL5Af08/MV
wH6bghqGp+twCz9tlujoE6ETA7q7cnT6hRdh0AhfxDMnpHUzPYAUfUKUmx4DLG3m
2zAlUTLrIM17JkcGAR9H+DpyGiampQnpNZBobk3ZoI88iLdzNE//X+ZLYD6IQUGk
68a/gjsWkdw5HZK2b65CAFlfwFPAwfL4ASGxMXxXDgg0RFk7asNIl8fOFH0GpM0e
837+EdVkJe/AzZ52eK2A8gp78sttGwU8I9AhRH8rGoaijbkA1uE0/dRfG6vl4bNY
faBsOMlPPLtrplnjnvTCeuHcsGrfkKr6zruKvHOiyPCTyvN6iQ9mBjdbVJo=
-----END CERTIFICATE-----