Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c72bf97b-4056-4db5-a228-f41620fca20a.roa
File:                     c72bf97b-4056-4db5-a228-f41620fca20a.roa (raw, json)
Hash identifier:          QtJepiJUNMrCsndeJT/bwQoQK3Adp58LSdSNt+kNM/I=
Subject key identifier:   59:77:C0:AD:43:1E:17:69:36:92:36:4E:2C:A6:4F:BA:CE:A0:B0:B0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       62627CB8F5BA6106321965F53209C9E50B4974BD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c72bf97b-4056-4db5-a228-f41620fca20a.roa
Signing time:             Tue 29 Jul 2025 15:20:10 +0000
ROA not before:           Tue 29 Jul 2025 15:20:10 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.197.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:62:7c:b8:f5:ba:61:06:32:19:65:f5:32:09:c9:e5:0b:49:74:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 15:20:10 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=1179053bafdb183783700a3fc32d84903d836ecb22c26c88da2fa46e048d74e1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d5:b0:e9:4d:2f:be:ce:c7:05:00:f9:51:75:
                    03:01:19:e6:d4:72:85:42:50:bc:37:89:4b:27:b9:
                    c3:4f:df:a8:60:f9:8f:47:67:cb:43:c3:37:69:10:
                    1b:12:10:6d:b5:5e:8e:6d:db:92:5e:e4:d5:49:4c:
                    3d:4c:77:fa:98:df:30:d8:85:94:04:3c:08:30:32:
                    b6:5a:8c:1b:65:d7:80:41:cd:d2:e6:f5:38:dc:d1:
                    f6:45:69:cf:0b:85:aa:a1:14:86:a7:12:13:58:86:
                    cd:ad:87:b7:de:26:ca:f3:82:f2:cc:6e:8d:56:87:
                    84:ec:a0:e5:3c:1f:cc:2e:24:cd:6b:42:80:43:78:
                    0e:fd:a1:47:74:07:87:eb:d2:04:56:8a:a3:12:2e:
                    a8:f2:c5:76:5c:e9:4d:a5:b6:2f:42:fb:37:d7:1c:
                    ab:cd:ab:28:ef:38:ff:0d:33:56:02:71:ea:0d:48:
                    36:01:22:50:b6:d7:d5:b2:c9:de:6b:99:55:c6:8d:
                    2d:a4:68:2b:3f:e4:d6:91:2f:d8:84:ea:0e:f5:7c:
                    23:7e:ca:7d:1a:0d:79:c9:88:82:1c:2c:12:90:8c:
                    58:35:d2:9e:d5:ab:37:bc:ac:dc:82:9f:51:71:e8:
                    eb:49:05:b8:25:5c:7c:e7:21:e3:7c:d5:92:c0:d4:
                    74:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:77:C0:AD:43:1E:17:69:36:92:36:4E:2C:A6:4F:BA:CE:A0:B0:B0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c72bf97b-4056-4db5-a228-f41620fca20a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.197.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:44:12:79:5c:1c:7e:fe:68:ea:59:65:ab:0e:44:52:91:18:
         91:54:39:44:15:48:df:7e:8b:fd:ec:a9:ec:a6:cd:25:b9:f3:
         2d:28:a8:dd:7e:24:79:39:6e:68:9f:b2:70:c9:b7:24:84:bd:
         e1:f5:15:ef:bb:bc:3b:dd:03:ed:f4:04:6f:4a:e2:77:1e:93:
         7b:4f:ce:00:63:30:57:e3:b7:f0:f2:df:cc:67:c4:bf:23:c6:
         e0:c7:4b:33:f2:2a:00:7d:ca:a2:ca:82:a0:80:6d:9c:31:ca:
         a0:a8:4e:3c:c9:b3:ed:ce:a5:a7:37:d8:7d:86:78:b7:6a:79:
         5c:8b:e8:ca:96:ae:c4:fe:fa:1a:41:a3:bd:e6:75:f9:5b:f6:
         b0:8b:6b:79:94:1c:1b:b8:3c:42:c4:db:38:e0:ef:cb:2e:62:
         20:67:e1:bd:30:85:3d:a9:7c:af:74:a6:44:6e:87:e4:37:21:
         ed:69:5a:16:ce:0d:a4:46:ee:08:96:ad:65:21:db:2d:8c:34:
         43:8a:db:26:16:eb:f1:26:5b:ef:27:08:ee:9d:70:f0:64:cc:
         1a:e7:1f:6c:71:af:0b:b0:27:00:e1:35:73:42:3d:a5:33:89:
         9a:7b:a2:ce:b3:0d:95:bc:d4:61:24:23:2d:08:a6:b2:ae:11:
         14:92:78:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYmJ8uPW6YQYyGWX1MgnJ5QtJdL0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTUyMDEwWhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTc5MDUzYmFmZGIxODM3ODM3MDBhM2ZjMzJkODQ5MDNk
ODM2ZWNiMjJjMjZjODhkYTJmYTQ2ZTA0OGQ3NGUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK1bDpTS++zscFAPlRdQMBGebUcoVCULw3iUsnucNP36hg
+Y9HZ8tDwzdpEBsSEG21Xo5t25Je5NVJTD1Md/qY3zDYhZQEPAgwMrZajBtl14BB
zdLm9Tjc0fZFac8LhaqhFIanEhNYhs2th7feJsrzgvLMbo1Wh4TsoOU8H8wuJM1r
QoBDeA79oUd0B4fr0gRWiqMSLqjyxXZc6U2lti9C+zfXHKvNqyjvOP8NM1YCceoN
SDYBIlC219Wyyd5rmVXGjS2kaCs/5NaRL9iE6g71fCN+yn0aDXnJiIIcLBKQjFg1
0p7Vqze8rNyCn1Fx6OtJBbglXHznIeN81ZLA1HTTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWXfArUMeF2k2kjZOLKZPus6gsLAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M3MmJmOTdiLTQwNTYtNGRiNS1hMjI4LWY0MTYyMGZjYTIwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2xd4wDQYJKoZIhvcNAQELBQADggEBADpEEnlcHH7+aOpZZasORFKRGJFU
OUQVSN9+i/3sqeymzSW58y0oqN1+JHk5bmifsnDJtySEveH1Fe+7vDvdA+30BG9K
4ncek3tPzgBjMFfjt/Dy38xnxL8jxuDHSzPyKgB9yqLKgqCAbZwxyqCoTjzJs+3O
pac32H2GeLdqeVyL6MqWrsT++hpBo73mdflb9rCLa3mUHBu4PELE2zjg78suYiBn
4b0whT2pfK90pkRuh+Q3Ie1pWhbODaRG7giWrWUh2y2MNEOK2yYW6/EmW+8nCO6d
cPBkzBrnH2xxrwuwJwDhNXNCPaUziZp7os6zDZW81GEkIy0IprKuERSSeMY=
-----END CERTIFICATE-----