Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa
File:                     d725f87f-a86a-4fc5-843b-fa61c0834c10.roa (raw, json)
Hash identifier:          0JsW3kg2zn0ljXYTvdKArpX527f0rPbCC5SJxLS7e2c=
Subject key identifier:   CF:BA:CB:8B:78:F7:77:5D:FE:6C:CC:5E:27:37:53:17:EA:20:5F:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5F3E4D2593B6FFC025BC34CF26E219B62CCE01CA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa
Signing time:             Tue 29 Jul 2025 15:11:59 +0000
ROA not before:           Tue 29 Jul 2025 15:11:59 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.159.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:3e:4d:25:93:b6:ff:c0:25:bc:34:cf:26:e2:19:b6:2c:ce:01:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 15:11:59 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=5c7da93d2d368e4075cca50d7097a688275792b5baa7d8beef1ec4e266460e29, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2f:61:1a:36:71:15:23:50:c8:6e:23:a9:52:
                    d4:85:d4:71:b1:87:05:e8:bb:f1:34:d9:c8:f9:b4:
                    da:04:83:1c:b6:23:e9:72:6e:e4:ba:c4:9c:59:e6:
                    37:59:52:12:27:d6:d8:f2:63:01:90:a6:74:6d:f9:
                    02:9b:25:e4:a5:ea:12:dc:f5:f2:08:8c:e8:70:c6:
                    f7:ff:3c:36:70:a1:9a:8b:cf:87:cd:3b:8b:bd:f8:
                    b4:2d:c4:8b:80:1b:de:91:ff:1e:33:a5:6b:c2:23:
                    19:6b:36:b3:41:fe:75:c0:61:95:7b:0b:92:04:7d:
                    66:9b:b7:01:72:e9:b7:fa:df:9e:bd:7f:52:77:58:
                    d1:41:0f:d8:aa:44:93:9a:a2:01:7b:69:7f:e4:ae:
                    0c:e6:ba:0f:f3:db:39:d0:d6:5e:41:2c:4a:14:0b:
                    57:eb:14:06:c9:44:65:78:5b:ed:f3:ea:8a:82:41:
                    7b:b9:dc:00:3e:77:af:70:cf:e2:fd:6a:0b:a6:45:
                    58:ff:11:ce:ef:f4:6d:0d:e4:99:b0:78:88:f8:c6:
                    38:ff:cc:67:ff:11:c2:18:85:ca:f2:23:13:d8:2d:
                    05:cf:e5:12:9e:76:87:49:20:9e:0a:32:e9:f4:80:
                    9b:0f:74:51:8f:db:cd:ef:18:bc:72:26:99:02:fd:
                    f1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:BA:CB:8B:78:F7:77:5D:FE:6C:CC:5E:27:37:53:17:EA:20:5F:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d725f87f-a86a-4fc5-843b-fa61c0834c10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.159.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9b:b3:42:1a:9d:b3:02:78:f1:1c:7d:7f:56:a0:b5:69:ee:35:
         64:59:25:33:02:54:2b:c2:44:8f:a4:63:ed:5b:a9:48:03:00:
         2f:3c:33:b2:9c:29:1c:e8:db:84:9d:3e:7d:f2:a7:80:32:f5:
         85:f3:df:4d:2d:56:81:b5:42:21:f4:f3:a5:1a:1a:79:29:24:
         cd:e7:7e:0e:c5:25:d4:7d:64:34:3d:72:37:14:e8:28:cb:cf:
         9a:fd:c6:3b:41:f8:5e:c9:9c:e0:12:f9:d6:9e:7f:6c:01:d1:
         d2:cc:49:f5:20:ea:34:99:b3:df:77:05:38:3d:61:7b:3d:a0:
         ca:3c:e4:fe:6c:a5:61:82:05:31:52:74:27:0a:aa:e5:41:74:
         b0:ad:d1:3e:ec:c3:65:be:36:9b:ac:b0:9c:f4:10:55:0f:d3:
         f1:0c:b9:98:f7:a1:35:54:5e:a9:74:d6:ac:3e:21:98:d4:dc:
         75:ed:35:c5:07:29:21:32:35:95:34:35:59:93:c5:26:37:bf:
         03:c9:f9:33:96:f4:21:f6:23:de:da:0d:a2:62:de:9f:77:8a:
         e2:95:96:3e:95:30:19:64:14:16:fe:61:e0:9a:7f:a4:3c:78:
         aa:8c:55:23:a5:09:7d:db:47:44:85:10:81:ec:ac:44:c2:71:
         9e:83:18:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXz5NJZO2/8AlvDTPJuIZtizOAcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTUxMTU5WhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzdkYTkzZDJkMzY4ZTQwNzVjY2E1MGQ3MDk3YTY4ODI3
NTc5MmI1YmFhN2Q4YmVlZjFlYzRlMjY2NDYwZTI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGL2EaNnEVI1DIbiOpUtSF1HGxhwXou/E02cj5tNoEgxy2
I+lybuS6xJxZ5jdZUhIn1tjyYwGQpnRt+QKbJeSl6hLc9fIIjOhwxvf/PDZwoZqL
z4fNO4u9+LQtxIuAG96R/x4zpWvCIxlrNrNB/nXAYZV7C5IEfWabtwFy6bf63569
f1J3WNFBD9iqRJOaogF7aX/krgzmug/z2znQ1l5BLEoUC1frFAbJRGV4W+3z6oqC
QXu53AA+d69wz+L9agumRVj/Ec7v9G0N5JmweIj4xjj/zGf/EcIYhcryIxPYLQXP
5RKedodJIJ4KMun0gJsPdFGP283vGLxyJpkC/fEBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz7rLi3j3d13+bMxeJzdTF+ogXzowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q3MjVmODdmLWE4NmEtNGZjNS04NDNiLWZhNjFjMDgzNGMxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2nwAwDQYJKoZIhvcNAQELBQADggEBAJuzQhqdswJ48Rx9f1agtWnuNWRZ
JTMCVCvCRI+kY+1bqUgDAC88M7KcKRzo24SdPn3yp4Ay9YXz300tVoG1QiH086Ua
GnkpJM3nfg7FJdR9ZDQ9cjcU6CjLz5r9xjtB+F7JnOAS+daef2wB0dLMSfUg6jSZ
s993BTg9YXs9oMo85P5spWGCBTFSdCcKquVBdLCt0T7sw2W+NpussJz0EFUP0/EM
uZj3oTVUXql01qw+IZjU3HXtNcUHKSEyNZU0NVmTxSY3vwPJ+TOW9CH2I97aDaJi
3p93iuKVlj6VMBlkFBb+YeCaf6Q8eKqMVSOlCX3bR0SFEIHsrETCcZ6DGJA=
-----END CERTIFICATE-----