Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa
File:                     b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa (raw, json)
Hash identifier:          YzRlMqvpv9pnkl54V8lKTBaAdlJy9xAAjX+lJEzxanU=
Subject key identifier:   D3:2F:DB:6A:35:39:5B:35:5A:1F:AB:EB:A1:DE:B8:94:43:A7:F7:5E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       296BE3B59DBA4797A58A12D0A4F1E9296C72FF61
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa
Signing time:             Tue 29 Jul 2025 18:11:22 +0000
ROA not before:           Tue 29 Jul 2025 18:11:22 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.241.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:6b:e3:b5:9d:ba:47:97:a5:8a:12:d0:a4:f1:e9:29:6c:72:ff:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 18:11:22 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=2b6e7bc237737fa7366a8433cd850ab2841a869479f5a878d804b17e91204e1e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:47:ef:1b:1b:53:6e:e1:b1:d2:c8:e2:46:2e:
                    8c:6a:60:c3:71:41:c3:1d:c2:60:8c:ad:25:44:77:
                    17:1a:f0:97:32:22:a1:1c:67:c8:1c:fd:4e:f6:28:
                    d3:fd:9d:d4:ce:2d:d6:43:eb:4c:43:cd:ff:a2:de:
                    90:7a:3c:fc:93:6e:37:15:3e:1b:2f:78:01:5b:bc:
                    48:c8:7a:1b:ab:ee:d1:0f:d4:1e:b6:c2:fa:12:0d:
                    bb:1d:eb:bc:a8:38:e5:df:09:f6:2c:db:c5:9e:02:
                    4a:ac:8a:5c:20:ae:2f:29:6d:52:c8:84:30:3c:b1:
                    12:8e:ca:67:05:91:1d:c5:b0:4c:40:69:ed:e6:e8:
                    2b:7e:25:28:f6:95:62:e8:6e:6a:e2:d1:7c:1d:23:
                    82:52:00:72:ee:0e:9e:bd:66:44:8d:dc:2a:ad:d3:
                    cd:7f:5d:e3:2e:33:7d:e1:43:ee:ff:79:1b:62:51:
                    46:91:5d:de:f3:5f:d4:fd:7e:89:bf:b9:47:6e:db:
                    ff:84:54:d1:4a:7f:01:fe:51:a3:e3:ec:61:29:41:
                    c2:39:9c:3e:6e:2d:bb:d1:9f:fa:49:0b:ff:34:d7:
                    3e:26:36:32:91:ce:12:6e:90:66:33:98:dd:79:1c:
                    e7:06:dd:08:c3:6c:d4:e9:88:37:4d:71:5d:7b:69:
                    21:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2F:DB:6A:35:39:5B:35:5A:1F:AB:EB:A1:DE:B8:94:43:A7:F7:5E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3b010d5-ba92-4026-9ae8-0dccd2f5619b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.241.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         29:fa:63:1b:d3:63:cb:97:20:0e:e8:0e:96:9a:a1:2e:f6:54:
         dc:97:5c:c4:d0:93:a8:b7:24:83:66:85:d7:03:a5:a6:8a:bf:
         0b:86:55:5a:39:f8:e3:94:74:37:ad:e9:3a:a0:29:dd:e7:b5:
         de:ef:c7:9b:f6:7e:f4:f7:12:fd:57:5e:26:eb:ca:90:f7:0b:
         70:f7:a6:a3:1c:cc:77:02:fd:2a:4c:df:85:46:3c:1c:98:81:
         03:92:9d:b3:d1:ba:b8:8f:1b:08:4d:6f:6c:e9:d1:5f:a4:c5:
         01:9a:37:18:d1:95:19:c7:4b:b5:96:4c:f1:77:3b:ee:a5:5d:
         52:12:bc:71:e1:1b:ec:50:ad:be:09:b9:38:71:48:e8:98:17:
         ce:1d:80:00:21:b9:f8:4d:96:da:8c:6b:40:cc:38:4e:aa:af:
         29:32:8e:2f:fd:44:9c:72:1c:e0:de:8b:0e:1d:fa:75:1c:24:
         98:6c:f5:fa:1d:2f:e9:9d:3f:f8:50:a2:13:40:02:96:78:f6:
         e0:a3:67:ba:70:10:ba:6c:d8:ea:5e:b0:28:c1:80:13:04:09:
         7d:da:20:fe:e4:20:9a:00:d3:b1:36:26:59:81:ba:74:77:01:
         62:ae:27:ce:bf:4a:51:af:cd:d2:b5:82:0c:e0:34:1b:4d:98:
         46:57:05:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKWvjtZ26R5elihLQpPHpKWxy/2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTgxMTIyWhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYjZlN2JjMjM3NzM3ZmE3MzY2YTg0MzNjZDg1MGFiMjg0
MWE4Njk0NzlmNWE4NzhkODA0YjE3ZTkxMjA0ZTFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcR+8bG1Nu4bHSyOJGLoxqYMNxQcMdwmCMrSVEdxca8Jcy
IqEcZ8gc/U72KNP9ndTOLdZD60xDzf+i3pB6PPyTbjcVPhsveAFbvEjIehur7tEP
1B62wvoSDbsd67yoOOXfCfYs28WeAkqsilwgri8pbVLIhDA8sRKOymcFkR3FsExA
ae3m6Ct+JSj2lWLobmri0XwdI4JSAHLuDp69ZkSN3Cqt081/XeMuM33hQ+7/eRti
UUaRXd7zX9T9fom/uUdu2/+EVNFKfwH+UaPj7GEpQcI5nD5uLbvRn/pJC/801z4m
NjKRzhJukGYzmN15HOcG3QjDbNTpiDdNcV17aSHhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0y/bajU5WzVaH6vrod64lEOn914wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzYjAxMGQ1LWJhOTItNDAyNi05YWU4LTBkY2NkMmY1NjE5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY28UAwDQYJKoZIhvcNAQELBQADggEBACn6YxvTY8uXIA7oDpaaoS72VNyX
XMTQk6i3JINmhdcDpaaKvwuGVVo5+OOUdDet6TqgKd3ntd7vx5v2fvT3Ev1XXibr
ypD3C3D3pqMczHcC/SpM34VGPByYgQOSnbPRuriPGwhNb2zp0V+kxQGaNxjRlRnH
S7WWTPF3O+6lXVISvHHhG+xQrb4JuThxSOiYF84dgAAhufhNltqMa0DMOE6qryky
ji/9RJxyHODeiw4d+nUcJJhs9fodL+mdP/hQohNAApZ49uCjZ7pwELps2OpesCjB
gBMECX3aIP7kIJoA07E2JlmBunR3AWKuJ86/SlGvzdK1ggzgNBtNmEZXBWg=
-----END CERTIFICATE-----