Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa
File:                     b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa (raw, json)
Hash identifier:          /qrH0rCoem7k/do36xH2aC4ZqxlIn54SNf/ycQYfRls=
Subject key identifier:   73:56:43:F1:F1:68:43:7F:43:81:1A:2D:74:1C:3C:FC:E9:8F:79:7F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       12505DF6D9DB66495E9848289D53C6B086DA6255
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa
Signing time:             Tue 29 Jul 2025 17:41:10 +0000
ROA not before:           Tue 29 Jul 2025 17:41:10 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:50:5d:f6:d9:db:66:49:5e:98:48:28:9d:53:c6:b0:86:da:62:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 17:41:10 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=0fc53c7f17cda19b66fcf5042f9a963564bfb0e38b249b7bafbbf3db37ad1953, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a1:00:6a:c2:9a:bf:65:1f:9a:7d:4d:2f:0f:
                    16:9f:64:93:7f:2c:c5:54:71:81:95:20:14:49:a9:
                    7b:ac:a6:d3:cb:85:c0:bc:50:5c:c8:87:3b:c9:16:
                    eb:86:42:54:e3:5f:ca:57:34:0a:83:cb:bf:23:e3:
                    72:0a:58:ad:dc:cd:04:1f:28:a6:a5:7e:ad:ab:7a:
                    5f:ef:74:c5:78:5b:11:df:5b:fc:12:aa:d5:0f:e1:
                    e1:12:31:3b:b2:6c:99:99:7f:20:bf:79:99:f2:66:
                    19:b1:30:b8:88:38:58:0f:76:cc:0d:5f:74:93:ff:
                    09:7a:2a:62:8c:56:d0:e8:65:98:06:28:0d:0a:83:
                    69:d6:39:0a:ad:25:e4:56:75:98:2d:91:73:3d:10:
                    b6:39:ec:db:70:cf:b7:5e:55:73:72:dc:1a:6a:33:
                    e9:ee:e8:50:5b:db:c4:f6:1f:11:9c:e8:90:c8:f7:
                    3b:71:24:ce:52:25:0d:8d:30:e6:92:cf:01:61:22:
                    e3:5c:7c:d2:00:fa:8d:3f:18:ed:fa:38:0b:24:6b:
                    8a:08:59:78:4b:72:d3:e7:4a:e5:28:f2:ae:00:fc:
                    d7:33:08:49:e2:3c:59:28:56:0f:f7:39:eb:fe:23:
                    56:17:c1:7b:b7:90:7b:5b:9b:a1:f7:7a:66:c5:03:
                    49:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:56:43:F1:F1:68:43:7F:43:81:1A:2D:74:1C:3C:FC:E9:8F:79:7F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         40:44:7f:e4:6b:81:1e:4c:e9:a3:df:fe:d3:ae:71:1d:43:a6:
         48:5a:49:93:f9:31:27:36:c4:c5:fe:4b:a7:ab:7c:a1:12:bd:
         cf:9f:22:3b:59:b1:39:61:de:e9:c1:35:35:8e:77:4a:a3:8e:
         46:66:13:70:7e:ec:26:00:d2:e4:c9:4a:a6:62:c9:bb:32:d5:
         f6:1e:d2:9a:62:ed:52:bd:4e:34:c2:91:22:79:39:b8:23:6d:
         ce:e7:c5:04:ca:d2:76:a5:a5:ab:04:55:35:56:4b:71:31:fc:
         97:2c:3d:c0:50:b2:6b:a1:df:05:08:91:32:88:e2:f3:7a:ac:
         75:52:0a:24:fa:72:97:a3:e8:4c:a3:a8:c1:e6:84:43:ec:ea:
         c4:c6:6f:6e:82:10:fa:ea:f5:ca:cb:46:4a:64:84:2b:44:4d:
         a0:71:a6:78:e5:cd:58:d3:e4:71:f1:a8:07:ed:03:cd:f8:20:
         46:5a:9e:dc:cd:c2:7d:50:54:eb:e2:a4:37:96:af:8a:18:49:
         c1:66:f4:92:49:81:d5:be:97:52:19:f4:63:db:99:a0:fd:76:
         d4:3d:d3:cc:21:11:f2:f1:53:eb:b6:a9:39:ad:62:77:42:3d:
         65:98:60:d9:84:11:33:bb:42:8d:f7:02:45:d5:37:11:ff:5a:
         d3:a0:52:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUElBd9tnbZklemEgonVPGsIbaYlUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTc0MTEwWhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmM1M2M3ZjE3Y2RhMTliNjZmY2Y1MDQyZjlhOTYzNTY0
YmZiMGUzOGIyNDliN2JhZmJiZjNkYjM3YWQxOTUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvoQBqwpq/ZR+afU0vDxafZJN/LMVUcYGVIBRJqXusptPL
hcC8UFzIhzvJFuuGQlTjX8pXNAqDy78j43IKWK3czQQfKKalfq2rel/vdMV4WxHf
W/wSqtUP4eESMTuybJmZfyC/eZnyZhmxMLiIOFgPdswNX3ST/wl6KmKMVtDoZZgG
KA0Kg2nWOQqtJeRWdZgtkXM9ELY57Ntwz7deVXNy3BpqM+nu6FBb28T2HxGc6JDI
9ztxJM5SJQ2NMOaSzwFhIuNcfNIA+o0/GO36OAska4oIWXhLctPnSuUo8q4A/Ncz
CEniPFkoVg/3Oev+I1YXwXu3kHtbm6H3embFA0n3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc1ZD8fFoQ39DgRotdBw8/OmPeX8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzYmY3NGY4LWY4ZWQtNDcxNC1hOWVhLTY4OTA0MDZiZGZmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ29UAwDQYJKoZIhvcNAQELBQADggEBAEBEf+RrgR5M6aPf/tOucR1Dpkha
SZP5MSc2xMX+S6erfKESvc+fIjtZsTlh3unBNTWOd0qjjkZmE3B+7CYA0uTJSqZi
ybsy1fYe0ppi7VK9TjTCkSJ5Obgjbc7nxQTK0nalpasEVTVWS3Ex/JcsPcBQsmuh
3wUIkTKI4vN6rHVSCiT6cpej6EyjqMHmhEPs6sTGb26CEPrq9crLRkpkhCtETaBx
pnjlzVjT5HHxqAftA834IEZantzNwn1QVOvipDeWr4oYScFm9JJJgdW+l1IZ9GPb
maD9dtQ908whEfLxU+u2qTmtYndCPWWYYNmEETO7Qo33AkXVNxH/WtOgUiQ=
-----END CERTIFICATE-----