Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa
File:                     b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa (raw, json)
Hash identifier:          c1IOa/CZQkhlbfB/bYWlr9ubBaFRK/jVog/QSSqQzsA=
Subject key identifier:   51:A9:BD:BD:0C:FA:DE:24:6B:30:70:D8:55:D8:80:00:03:62:C4:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0E72F7C80A6C7F279DEED4D084A347C8980408F0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa
Signing time:             Fri 17 Oct 2025 23:22:30 +0000
ROA not before:           Fri 17 Oct 2025 23:22:30 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.241.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:72:f7:c8:0a:6c:7f:27:9d:ee:d4:d0:84:a3:47:c8:98:04:08:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 17 23:22:30 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=f42a26c0842885ae5cff3808695a521fb7f58783254b450befb2ad8cbb3dd714, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:90:6e:94:8f:0b:9c:82:e6:34:79:3a:e0:ca:
                    7e:a4:b9:e8:1e:98:30:12:3d:e3:0d:e2:88:ec:cf:
                    23:b5:a4:95:bf:72:14:27:3f:a0:03:a9:33:2d:ec:
                    8b:7e:92:bb:9f:e7:f4:51:d7:66:7f:da:42:d9:5a:
                    a7:73:36:eb:90:aa:ff:e6:4a:47:8a:f4:27:7a:26:
                    ba:c6:fa:88:82:b7:75:cb:bb:9d:1e:5b:d5:b6:53:
                    d0:15:50:4c:9e:29:f5:34:d9:8b:3f:86:7f:a0:8b:
                    2f:c0:02:c3:25:10:97:0c:07:56:c8:0b:cd:87:a8:
                    c5:56:e8:53:d2:20:75:9b:05:b3:92:f7:5a:87:41:
                    84:9c:6d:16:db:4c:9b:00:03:fb:53:e3:ce:ad:12:
                    fc:20:3e:0c:62:a5:1e:a5:b1:ed:1e:21:eb:4f:55:
                    25:97:6f:f3:6b:c5:ed:f4:3d:d2:14:51:97:b8:0f:
                    f3:91:5e:12:d0:80:d5:59:a9:7f:74:13:75:a9:b0:
                    e1:d4:c5:ea:42:de:9a:17:79:23:4c:f2:19:16:1a:
                    c4:95:cd:97:4c:1c:62:b0:6e:dd:46:00:74:d5:9b:
                    c0:bc:d2:68:55:f6:c5:4f:4d:36:e8:f0:e1:d1:ab:
                    2e:56:cf:94:24:97:bd:95:af:bf:f9:2c:18:07:77:
                    7c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A9:BD:BD:0C:FA:DE:24:6B:30:70:D8:55:D8:80:00:03:62:C4:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.241.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         71:18:4a:27:22:d3:12:dc:61:84:7a:57:ba:64:67:b8:99:45:
         8c:bf:69:dc:e9:33:d5:9b:42:28:0f:72:79:47:3b:9b:3d:be:
         c8:e2:c1:32:06:7f:f6:65:97:22:9a:e5:ff:61:1b:05:4b:f8:
         81:fb:04:b4:f8:01:ca:27:68:00:94:17:3e:4c:20:fc:01:7e:
         e0:48:50:40:ed:9a:c9:4f:0b:3d:b8:ad:4c:58:bf:b5:e1:88:
         02:0c:9c:b5:49:d1:3b:f8:e7:be:ad:26:38:e9:df:68:df:83:
         65:5f:ab:ca:8d:0d:ca:60:3c:c2:b0:48:77:70:2a:94:87:bc:
         27:a6:97:45:46:99:d2:64:9c:d7:28:b1:cb:6a:06:e3:bb:04:
         04:ea:87:fd:ae:9c:c4:80:2d:d1:af:38:9c:64:91:d7:65:4a:
         0d:79:39:5b:54:c7:b0:2f:51:95:91:ad:d8:5f:32:c7:07:6d:
         4c:37:87:90:d7:7f:0a:ce:56:33:52:df:fd:e0:9d:36:6e:2a:
         c2:d8:64:a8:ad:b2:79:70:ff:45:14:53:43:77:6a:3f:a9:71:
         75:42:ff:79:c1:b1:e4:30:16:4f:13:15:cd:a3:11:4c:83:76:
         9c:91:be:7a:2e:84:9e:24:24:f4:d0:d0:e4:fe:a0:e5:bc:eb:
         97:15:3e:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDnL3yApsfyed7tTQhKNHyJgECPAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE3MjMyMjMwWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDJhMjZjMDg0Mjg4NWFlNWNmZjM4MDg2OTVhNTIxZmI3
ZjU4NzgzMjU0YjQ1MGJlZmIyYWQ4Y2JiM2RkNzE0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDckG6UjwucguY0eTrgyn6kuegemDASPeMN4ojszyO1pJW/
chQnP6ADqTMt7It+kruf5/RR12Z/2kLZWqdzNuuQqv/mSkeK9Cd6JrrG+oiCt3XL
u50eW9W2U9AVUEyeKfU02Ys/hn+giy/AAsMlEJcMB1bIC82HqMVW6FPSIHWbBbOS
91qHQYScbRbbTJsAA/tT486tEvwgPgxipR6lse0eIetPVSWXb/Nrxe30PdIUUZe4
D/ORXhLQgNVZqX90E3WpsOHUxepC3poXeSNM8hkWGsSVzZdMHGKwbt1GAHTVm8C8
0mhV9sVPTTbo8OHRqy5Wz5Qkl72Vr7/5LBgHd3yHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUam9vQz63iRrMHDYVdiAAANixG8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzYjAxMGQ1LWJhOTItNDAyNi05YWU4LTBkY2NkMmY1NjE5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY28UAwDQYJKoZIhvcNAQELBQADggEBAHEYSici0xLcYYR6V7pkZ7iZRYy/
adzpM9WbQigPcnlHO5s9vsjiwTIGf/ZllyKa5f9hGwVL+IH7BLT4AconaACUFz5M
IPwBfuBIUEDtmslPCz24rUxYv7XhiAIMnLVJ0Tv4576tJjjp32jfg2Vfq8qNDcpg
PMKwSHdwKpSHvCeml0VGmdJknNcosctqBuO7BATqh/2unMSALdGvOJxkkddlSg15
OVtUx7AvUZWRrdhfMscHbUw3h5DXfwrOVjNS3/3gnTZuKsLYZKitsnlw/0UUU0N3
aj+pcXVC/3nBseQwFk8TFc2jEUyDdpyRvnouhJ4kJPTQ0OT+oOW865cVPs0=
-----END CERTIFICATE-----