Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2bb4d61-f510-4dfd-a676-e78fce1d19d7.roa
File:                     d2bb4d61-f510-4dfd-a676-e78fce1d19d7.roa (raw, json)
Hash identifier:          7oNnh/9JkoT4JEFCFjbcJTZjSjsqaoJu5mJM7sdIqP4=
Subject key identifier:   89:93:B9:6B:80:86:23:82:3F:9F:28:66:7C:3A:40:0A:BE:E0:3F:6C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       286900B319796836E7CDA9D6FA7F31E0D5B8896A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2bb4d61-f510-4dfd-a676-e78fce1d19d7.roa
Signing time:             Tue 04 Nov 2025 01:41:31 +0000
ROA not before:           Tue 04 Nov 2025 01:41:31 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.253.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:69:00:b3:19:79:68:36:e7:cd:a9:d6:fa:7f:31:e0:d5:b8:89:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:41:31 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=5b1859399fd9b3f6a6fec00feb0b211fcaba697d2cfdeaa270428df0402ecb07, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:28:cb:70:2a:c6:95:9c:98:ab:4f:bd:99:e9:
                    28:ba:b8:7c:e4:13:83:0c:99:55:0b:c2:9c:8d:0d:
                    a3:f0:fc:6e:26:22:c8:ca:1b:4c:a3:d0:3f:52:ec:
                    05:87:24:41:89:c5:6f:59:37:cc:f3:16:e9:ab:36:
                    32:cd:d2:7b:2c:a0:a4:4f:80:89:60:59:05:48:72:
                    6b:75:b3:e7:6d:20:70:46:be:78:dd:b9:5a:2c:85:
                    47:77:af:db:e6:aa:f8:48:e2:8a:56:3d:27:03:b2:
                    e6:55:f0:97:c3:c9:3f:9c:7b:3e:fb:e8:9b:a0:85:
                    67:ad:14:6e:79:8a:de:61:6f:78:5d:91:86:d7:d5:
                    d6:5d:3b:53:f7:fc:96:26:70:8c:3c:8b:8c:a2:e5:
                    2a:71:b6:2c:75:f2:c2:c2:0d:99:ee:94:80:4f:81:
                    56:b8:3f:fd:75:8d:87:4e:34:43:f0:79:60:3d:d8:
                    d7:94:96:a9:ac:40:c5:01:f8:4c:4e:27:5e:c3:a4:
                    7a:db:b9:3e:7a:e4:d6:cb:9a:92:69:75:2a:69:f2:
                    8d:1a:3b:1f:b2:b2:e6:41:f6:78:52:97:48:9b:37:
                    45:65:4b:c8:96:3b:06:5f:c3:11:55:e4:ba:96:27:
                    b6:1f:d5:f3:2d:04:99:a2:36:5f:8f:41:6d:ef:88:
                    e0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:93:B9:6B:80:86:23:82:3F:9F:28:66:7C:3A:40:0A:BE:E0:3F:6C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2bb4d61-f510-4dfd-a676-e78fce1d19d7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.253.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         4a:2a:e4:a5:23:58:5e:67:a2:fe:c7:63:cd:21:12:be:fd:eb:
         fe:e5:8e:12:2d:e9:6e:23:f9:c5:9b:58:f9:4f:ec:e0:84:5c:
         36:9e:a0:02:d1:a3:58:8d:85:17:b7:78:15:ab:8e:3f:1f:c5:
         8e:02:8a:bb:29:28:20:6d:f6:12:70:a4:03:d5:1b:8c:ed:e7:
         b2:c4:08:07:c8:c3:8a:26:ac:42:bd:f1:f9:67:22:e4:4f:62:
         b3:a1:c9:b3:f0:ed:42:23:e7:41:a9:4e:4d:70:59:17:6b:d7:
         a9:3a:6d:f3:02:c1:d2:df:bd:97:b3:8a:e0:a6:4e:b2:1b:66:
         39:7c:19:e4:92:87:a6:47:37:cb:17:6c:a4:d5:c1:2b:94:c8:
         0d:db:d0:75:0e:d7:ac:e6:5c:0d:32:09:3b:46:2f:e2:89:4c:
         b5:bf:a1:9e:e0:a1:56:9d:d7:37:83:b8:b8:14:7d:c0:17:91:
         0e:3e:68:dd:3c:cf:c7:10:07:51:d6:07:34:97:0a:8f:d9:65:
         ad:c8:33:ae:50:2f:54:f9:db:8a:26:cb:db:e2:14:db:e2:04:
         4c:de:7f:24:65:44:0d:dc:fc:fe:59:b6:71:9d:47:70:11:33:
         cd:4d:d8:60:c2:98:35:8d:cf:46:63:6b:20:47:80:99:b7:fb:
         0c:36:b6:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKGkAsxl5aDbnzanW+n8x4NW4iWowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDE0MTMxWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjE4NTkzOTlmZDliM2Y2YTZmZWMwMGZlYjBiMjExZmNh
YmE2OTdkMmNmZGVhYTI3MDQyOGRmMDQwMmVjYjA3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTKMtwKsaVnJirT72Z6Si6uHzkE4MMmVULwpyNDaPw/G4m
IsjKG0yj0D9S7AWHJEGJxW9ZN8zzFumrNjLN0nssoKRPgIlgWQVIcmt1s+dtIHBG
vnjduVoshUd3r9vmqvhI4opWPScDsuZV8JfDyT+cez776JughWetFG55it5hb3hd
kYbX1dZdO1P3/JYmcIw8i4yi5Spxtix18sLCDZnulIBPgVa4P/11jYdONEPweWA9
2NeUlqmsQMUB+ExOJ17DpHrbuT565NbLmpJpdSpp8o0aOx+ysuZB9nhSl0ibN0Vl
S8iWOwZfwxFV5LqWJ7Yf1fMtBJmiNl+PQW3viOBrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiZO5a4CGI4I/nyhmfDpACr7gP2wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QyYmI0ZDYxLWY1MTAtNGRmZC1hNjc2LWU3OGZjZTFkMTlkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi/UAwDQYJKoZIhvcNAQELBQADggEBAEoq5KUjWF5nov7HY80hEr796/7l
jhIt6W4j+cWbWPlP7OCEXDaeoALRo1iNhRe3eBWrjj8fxY4CirspKCBt9hJwpAPV
G4zt57LECAfIw4omrEK98flnIuRPYrOhybPw7UIj50GpTk1wWRdr16k6bfMCwdLf
vZeziuCmTrIbZjl8GeSSh6ZHN8sXbKTVwSuUyA3b0HUO16zmXA0yCTtGL+KJTLW/
oZ7goVad1zeDuLgUfcAXkQ4+aN08z8cQB1HWBzSXCo/ZZa3IM65QL1T524omy9vi
FNviBEzefyRlRA3c/P5ZtnGdR3ARM81N2GDCmDWNz0ZjayBHgJm3+ww2tmY=
-----END CERTIFICATE-----