Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbacf636-ea8a-4d61-a985-109683cc4a86.roa
File:                     bbacf636-ea8a-4d61-a985-109683cc4a86.roa (raw, json)
Hash identifier:          mDFMnNdZphmyezkDpJEvEt6EQMpiJY9LRyCWZCngtE4=
Subject key identifier:   6C:58:69:3D:9E:D1:EE:CD:C9:65:E8:E8:AE:76:0E:E7:2D:9C:83:A4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       69170026B5DB680BFB60161EC3ECAAD66A5D4E2D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbacf636-ea8a-4d61-a985-109683cc4a86.roa
Signing time:             Tue 04 Nov 2025 01:41:03 +0000
ROA not before:           Tue 04 Nov 2025 01:41:03 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.218.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:17:00:26:b5:db:68:0b:fb:60:16:1e:c3:ec:aa:d6:6a:5d:4e:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:41:03 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=4fb640ff474084a93559d771d85a9d40a5f960422baa44de897008984772fac6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d7:3f:20:57:32:7d:ee:ab:eb:69:f6:c6:fe:
                    ca:38:82:2f:5b:64:77:b6:5a:c3:54:73:4b:d8:5d:
                    cf:1a:58:37:5e:f2:5c:01:08:82:9c:a7:9d:2c:61:
                    bb:c9:3c:eb:b3:43:4b:25:51:0c:c5:b2:45:ab:bf:
                    44:fc:ba:f3:83:60:00:22:21:85:e4:de:ed:c8:0d:
                    16:92:76:33:ba:61:04:0c:77:02:f4:2e:63:c4:d4:
                    a3:24:00:71:d8:f6:b2:71:a3:a0:54:d4:79:ee:f7:
                    1b:95:24:ac:63:03:61:ff:2d:5b:66:ff:e3:e5:e6:
                    0b:a1:b6:dc:03:2c:c4:8e:89:51:36:34:5d:92:a7:
                    d5:40:32:d5:51:fa:82:02:8c:39:d4:20:8a:bb:7f:
                    70:d2:e6:80:80:1d:df:74:2e:78:bc:e3:f8:56:23:
                    19:ff:2c:87:0e:8f:5c:6a:d1:2d:90:1a:33:f5:5f:
                    96:f8:bf:b4:02:c7:a9:51:31:a5:d7:9c:c2:9a:06:
                    aa:a7:30:aa:d4:c7:a9:b0:f3:94:cb:2f:fa:4c:39:
                    69:71:d3:f9:c6:6c:76:29:ec:1f:7f:f1:8b:de:6d:
                    0e:54:ee:25:2d:42:b0:b5:85:d4:5f:d9:cf:35:b9:
                    47:20:20:8f:d3:70:47:04:c8:ee:37:a9:5c:db:a7:
                    e8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:58:69:3D:9E:D1:EE:CD:C9:65:E8:E8:AE:76:0E:E7:2D:9C:83:A4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bbacf636-ea8a-4d61-a985-109683cc4a86.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.218.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         35:c5:01:de:98:9d:d2:ee:85:63:64:9b:73:c5:f8:67:69:b0:
         0b:35:dd:3e:72:8d:91:36:ac:cd:12:8b:94:dc:ae:ff:ce:c8:
         7e:e8:6d:da:a9:7a:f6:6c:f1:22:6c:3c:c6:3d:6d:a2:b7:d2:
         6b:f9:f0:d4:c0:1e:81:13:2a:87:7c:64:49:d4:24:25:f3:4f:
         2a:3d:97:00:4c:59:a0:e0:28:35:7c:ee:03:82:3b:bf:2f:3a:
         20:7c:9a:87:6f:32:f6:09:76:7f:40:b7:d2:33:57:cd:4a:15:
         69:a1:63:36:52:d9:9a:7e:a3:31:3a:30:ea:a2:16:16:e6:44:
         42:3f:7a:22:c9:f8:a9:61:f2:91:22:59:92:a4:cb:0c:15:d1:
         b6:d5:d3:9a:7a:a9:e3:b7:01:5f:8b:9b:eb:bf:53:bf:85:b4:
         a1:cf:fa:24:5b:f5:6d:6c:34:30:8f:50:ea:98:12:21:21:a6:
         b3:8c:b5:92:39:4a:eb:8b:44:dd:1a:33:74:c0:8a:ea:88:da:
         3e:1b:14:6c:83:3c:ea:2f:3b:65:a7:27:4a:37:53:36:42:43:
         8c:3b:1e:c1:2d:a2:73:e0:fa:1e:87:a5:8d:a9:cd:7b:9c:10:
         a0:96:f4:72:32:92:a4:fd:49:2d:92:35:8e:bc:aa:ec:45:c3:
         2f:48:c5:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaRcAJrXbaAv7YBYew+yq1mpdTi0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDE0MTAzWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmI2NDBmZjQ3NDA4NGE5MzU1OWQ3NzFkODVhOWQ0MGE1
Zjk2MDQyMmJhYTQ0ZGU4OTcwMDg5ODQ3NzJmYWM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt1z8gVzJ97qvrafbG/so4gi9bZHe2WsNUc0vYXc8aWDde
8lwBCIKcp50sYbvJPOuzQ0slUQzFskWrv0T8uvODYAAiIYXk3u3IDRaSdjO6YQQM
dwL0LmPE1KMkAHHY9rJxo6BU1Hnu9xuVJKxjA2H/LVtm/+Pl5guhttwDLMSOiVE2
NF2Sp9VAMtVR+oICjDnUIIq7f3DS5oCAHd90Lni84/hWIxn/LIcOj1xq0S2QGjP1
X5b4v7QCx6lRMaXXnMKaBqqnMKrUx6mw85TLL/pMOWlx0/nGbHYp7B9/8YvebQ5U
7iUtQrC1hdRf2c81uUcgII/TcEcEyO43qVzbp+jFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbFhpPZ7R7s3JZejornYO5y2cg6QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JiYWNmNjM2LWVhOGEtNGQ2MS1hOTg1LTEwOTY4M2NjNGE4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc22oAwDQYJKoZIhvcNAQELBQADggEBADXFAd6YndLuhWNkm3PF+GdpsAs1
3T5yjZE2rM0Si5Tcrv/OyH7obdqpevZs8SJsPMY9baK30mv58NTAHoETKod8ZEnU
JCXzTyo9lwBMWaDgKDV87gOCO78vOiB8modvMvYJdn9At9IzV81KFWmhYzZS2Zp+
ozE6MOqiFhbmREI/eiLJ+Klh8pEiWZKkywwV0bbV05p6qeO3AV+Lm+u/U7+FtKHP
+iRb9W1sNDCPUOqYEiEhprOMtZI5SuuLRN0aM3TAiuqI2j4bFGyDPOovO2WnJ0o3
UzZCQ4w7HsEtonPg+h6HpY2pzXucEKCW9HIykqT9SS2SNY68quxFwy9Ixd8=
-----END CERTIFICATE-----