Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa
File:                     ceeae408-2342-4712-b02b-4bd25196b1fa.roa (raw, json)
Hash identifier:          eGqGK+WOnR07VAOwpkwAucWdunwDlaRdNW6z1UkJJbs=
Subject key identifier:   8B:22:AD:EC:33:E8:80:D7:DF:1B:14:08:DA:09:BE:34:99:03:6B:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       03F31400366B8D2CE15460332815FF09003A11AD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa
Signing time:             Wed 05 Nov 2025 00:40:13 +0000
ROA not before:           Wed 05 Nov 2025 00:40:13 +0000
ROA not after:            Wed 10 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.60.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:f3:14:00:36:6b:8d:2c:e1:54:60:33:28:15:ff:09:00:3a:11:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  5 00:40:13 2025 GMT
            Not After : Dec 10 23:59:59 2025 GMT
        Subject: serialNumber=a643421791c54c20b35e33f54acbddccf307e2aa6aa962bf6b4d7ddcf67c6200, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:cc:b3:89:be:c9:c6:3c:e7:ba:7b:49:c6:4e:
                    8e:a3:1e:a7:09:04:9d:e9:0a:23:1d:47:6d:59:ca:
                    49:41:16:35:e5:62:42:81:6f:92:01:6f:16:e6:fe:
                    58:2c:69:6a:db:57:df:54:91:b8:85:0b:40:99:73:
                    09:b6:f6:c8:db:51:61:b9:41:2b:c9:7f:26:0d:77:
                    07:9d:00:20:ce:92:f6:50:81:1c:71:77:f4:9f:c2:
                    f5:32:b9:6f:fc:cc:ae:d7:73:77:00:77:b2:77:4e:
                    c4:df:72:10:49:e8:ab:1f:d3:d4:41:71:8c:d8:40:
                    5e:fc:f6:52:67:2e:64:0d:47:35:40:c9:2d:16:c4:
                    17:1c:73:a0:ec:eb:e8:5c:a6:a6:cc:16:ef:b8:69:
                    91:18:ea:26:3f:22:24:f6:6a:0d:9e:3a:95:7a:0e:
                    09:db:01:51:84:59:84:a3:9b:01:dd:65:6b:28:67:
                    61:94:1e:d0:a4:41:1b:30:11:61:53:77:58:c4:e6:
                    eb:f6:d2:54:d6:70:18:60:aa:39:c9:ce:1c:94:14:
                    39:d9:27:cc:e2:f7:a7:cd:f2:41:ba:bb:56:ab:3e:
                    d5:1a:83:37:5a:30:36:e3:bd:14:d2:e9:fc:51:d6:
                    cf:18:d4:12:2b:df:55:b3:ef:1e:9d:a5:2f:4d:14:
                    92:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:22:AD:EC:33:E8:80:D7:DF:1B:14:08:DA:09:BE:34:99:03:6B:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ceeae408-2342-4712-b02b-4bd25196b1fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.60.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         25:3c:14:e4:a2:05:71:dd:82:a9:6d:df:20:f3:e9:51:19:86:
         85:bb:bb:5d:25:da:dc:bc:97:08:e5:dd:e9:c6:bb:6b:cc:f8:
         0d:0c:b7:5c:72:96:ca:e4:81:ec:a5:b3:be:b1:ca:15:99:a0:
         12:b8:46:95:d7:7d:78:2d:a3:dc:24:28:67:69:8f:78:6a:43:
         57:30:82:88:a1:aa:3e:2b:0c:f1:25:8b:b8:0f:1d:62:ff:43:
         8a:42:2a:c5:7c:5c:64:af:3b:a8:a6:70:b6:55:4e:e2:58:de:
         a5:1c:d8:a7:51:a6:38:6a:fc:08:92:21:51:12:a7:ad:76:26:
         f5:c5:8d:ba:24:eb:0d:3d:3d:7a:84:62:f4:c9:73:c3:2d:b5:
         c8:31:eb:7b:45:f7:0e:fb:47:26:47:9a:79:b3:e7:9f:29:fc:
         45:60:2e:73:97:c6:cb:2c:b1:cd:3d:6e:da:ba:a6:b6:4e:d8:
         86:49:48:e0:dc:98:e8:25:80:67:35:64:90:fe:53:69:6a:19:
         b2:01:ab:29:35:5c:71:c7:c3:8b:b5:9e:a4:35:02:e3:14:a5:
         7f:55:33:94:1b:65:c5:76:7d:06:de:e9:14:3e:4a:45:b1:f7:
         86:c4:8c:06:b7:5d:ec:c4:62:fe:47:1d:30:fe:5c:f7:0a:35:
         8e:b3:2c:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA/MUADZrjSzhVGAzKBX/CQA6Ea0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA1MDA0MDEzWhcNMjUxMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjQzNDIxNzkxYzU0YzIwYjM1ZTMzZjU0YWNiZGRjY2Yz
MDdlMmFhNmFhOTYyYmY2YjRkN2RkY2Y2N2M2MjAwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfzLOJvsnGPOe6e0nGTo6jHqcJBJ3pCiMdR21ZyklBFjXl
YkKBb5IBbxbm/lgsaWrbV99UkbiFC0CZcwm29sjbUWG5QSvJfyYNdwedACDOkvZQ
gRxxd/SfwvUyuW/8zK7Xc3cAd7J3TsTfchBJ6Ksf09RBcYzYQF789lJnLmQNRzVA
yS0WxBccc6Ds6+hcpqbMFu+4aZEY6iY/IiT2ag2eOpV6DgnbAVGEWYSjmwHdZWso
Z2GUHtCkQRswEWFTd1jE5uv20lTWcBhgqjnJzhyUFDnZJ8zi96fN8kG6u1arPtUa
gzdaMDbjvRTS6fxR1s8Y1BIr31Wz7x6dpS9NFJLfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiyKt7DPogNffGxQI2gm+NJkDa6IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NlZWFlNDA4LTIzNDItNDcxMi1iMDJiLTRiZDI1MTk2YjFmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY0PEAwDQYJKoZIhvcNAQELBQADggEBACU8FOSiBXHdgqlt3yDz6VEZhoW7
u10l2ty8lwjl3enGu2vM+A0Mt1xylsrkgeyls76xyhWZoBK4RpXXfXgto9wkKGdp
j3hqQ1cwgoihqj4rDPEli7gPHWL/Q4pCKsV8XGSvO6imcLZVTuJY3qUc2KdRpjhq
/AiSIVESp612JvXFjbok6w09PXqEYvTJc8Mttcgx63tF9w77RyZHmnmz558p/EVg
LnOXxssssc09btq6prZO2IZJSODcmOglgGc1ZJD+U2lqGbIBqyk1XHHHw4u1nqQ1
AuMUpX9VM5QbZcV2fQbe6RQ+SkWx94bEjAa3XezEYv5HHTD+XPcKNY6zLKQ=
-----END CERTIFICATE-----
Generated at Wed Nov 5 03:43:45 2025 by rpki-client