Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da582ca6-2c06-4b1e-8b99-3e314735161b.roa
File:                     da582ca6-2c06-4b1e-8b99-3e314735161b.roa (raw, json)
Hash identifier:          yOm3x9dNd4z/a5o/ExogKSXpfkymuAOgAAYoUGVoIqM=
Subject key identifier:   6B:68:05:D5:F1:DF:FD:70:C9:0B:EE:30:4C:F1:F2:CA:BE:91:24:61
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2BDD63FD246D86BD2CF5043EAE3A71BAA66A7694
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da582ca6-2c06-4b1e-8b99-3e314735161b.roa
Signing time:             Fri 25 Jul 2025 15:41:01 +0000
ROA not before:           Fri 25 Jul 2025 15:41:01 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.20.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:dd:63:fd:24:6d:86:bd:2c:f5:04:3e:ae:3a:71:ba:a6:6a:76:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 15:41:01 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=12e9579f89a34b60c96c1b940f180b2d19ab88f8e9825b88010b166f0d620ba2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:89:cd:ac:70:38:db:08:31:df:ed:eb:c4:34:
                    71:30:09:0f:c8:b1:c7:eb:fe:20:c0:21:17:c5:cf:
                    67:e2:76:7c:00:ab:4b:f1:c6:b7:4d:5b:5d:22:bc:
                    e7:85:c4:c0:1d:91:74:d9:5d:94:01:5b:80:8b:6c:
                    0a:e7:f7:cd:0a:51:1e:dd:f3:5c:73:1a:22:dc:f7:
                    a4:bf:97:32:22:fe:be:df:40:65:42:f3:bf:77:82:
                    9e:09:8e:15:4c:9a:d1:47:80:00:b0:c2:8d:8f:51:
                    7d:a4:d7:8c:05:65:7c:e9:4a:eb:ee:c8:cb:c7:ac:
                    03:a0:12:60:a1:62:6d:47:3d:e0:c1:f5:fe:ff:ed:
                    ec:c4:a5:0c:03:14:d5:01:c1:5d:3d:41:32:b2:5c:
                    d7:38:3a:51:a0:f3:75:d6:5e:22:81:ec:3d:ff:03:
                    25:c0:e5:23:47:bb:82:49:2c:e3:26:23:b4:12:df:
                    75:45:92:c6:3d:df:8b:9b:9f:dd:c9:2d:63:51:45:
                    7b:b7:9a:f0:61:b3:f0:77:6d:52:1a:bc:21:be:c3:
                    3f:71:9f:04:72:d2:22:07:58:33:61:d1:7e:a7:ff:
                    f8:ef:4a:a3:e3:df:2e:79:3c:01:21:a5:e3:86:e2:
                    3e:c5:23:a6:f8:87:b0:16:f3:3b:a0:5c:37:d8:b4:
                    15:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:68:05:D5:F1:DF:FD:70:C9:0B:EE:30:4C:F1:F2:CA:BE:91:24:61
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da582ca6-2c06-4b1e-8b99-3e314735161b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.20.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         36:f9:30:ec:ae:8c:c5:74:b6:f2:ed:94:28:e6:b7:32:9c:26:
         d2:af:93:3c:b2:30:ec:19:ee:5b:19:18:3b:dc:d7:6b:14:b8:
         e7:fa:0b:47:08:a5:3f:25:20:be:1c:52:5d:6f:bd:ce:85:0b:
         f2:91:e8:28:9b:2d:7a:bf:ee:b9:1a:60:ee:54:18:57:3c:c4:
         79:4e:36:a3:b3:4d:e3:2d:9f:4a:d6:33:85:0c:96:20:cf:97:
         a2:38:d6:70:71:57:66:2b:58:46:40:6b:66:2c:40:0d:78:32:
         45:f5:5d:14:82:33:0e:f9:7c:93:7b:ee:f7:4c:d6:14:9b:7d:
         f2:cf:63:c1:12:cd:6c:e5:98:c8:ce:90:25:a3:a7:1f:03:80:
         28:c1:9f:b2:94:27:2d:2a:ae:d5:b8:6f:9d:18:b6:a4:06:f4:
         e6:c6:54:1d:88:67:5b:f3:38:24:cd:25:7f:9e:bc:2d:e0:2e:
         d1:fd:1f:fe:e9:4d:38:66:81:9c:37:15:c8:52:81:1c:49:01:
         69:6c:67:75:3e:83:db:c7:32:23:0e:be:fd:3b:42:84:f8:f7:
         3c:54:80:35:ce:6e:0d:fb:0e:57:25:43:54:84:6c:6a:0e:43:
         86:2e:f4:ca:6c:ba:17:98:4f:05:14:25:49:a6:cd:20:75:15:
         d6:c6:d8:e4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUK91j/SRthr0s9QQ+rjpxuqZqdpQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTU0MTAxWhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmU5NTc5Zjg5YTM0YjYwYzk2YzFiOTQwZjE4MGIyZDE5
YWI4OGY4ZTk4MjViODgwMTBiMTY2ZjBkNjIwYmEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDsic2scDjbCDHf7evENHEwCQ/Iscfr/iDAIRfFz2fidnwA
q0vxxrdNW10ivOeFxMAdkXTZXZQBW4CLbArn980KUR7d81xzGiLc96S/lzIi/r7f
QGVC8793gp4JjhVMmtFHgACwwo2PUX2k14wFZXzpSuvuyMvHrAOgEmChYm1HPeDB
9f7/7ezEpQwDFNUBwV09QTKyXNc4OlGg83XWXiKB7D3/AyXA5SNHu4JJLOMmI7QS
33VFksY934ubn93JLWNRRXu3mvBhs/B3bVIavCG+wz9xnwRy0iIHWDNh0X6n//jv
SqPj3y55PAEhpeOG4j7FI6b4h7AW8zugXDfYtBX9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUa2gF1fHf/XDJC+4wTPHyyr6RJGEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RhNTgyY2E2LTJjMDYtNGIxZS04Yjk5LTNlMzE0NzM1MTYxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI0FDANBgkqhkiG9w0BAQsFAAOCAQEANvkw7K6MxXS28u2UKOa3Mpwm0q+T
PLIw7BnuWxkYO9zXaxS45/oLRwilPyUgvhxSXW+9zoUL8pHoKJster/uuRpg7lQY
VzzEeU42o7NN4y2fStYzhQyWIM+XojjWcHFXZitYRkBrZixADXgyRfVdFIIzDvl8
k3vu90zWFJt98s9jwRLNbOWYyM6QJaOnHwOAKMGfspQnLSqu1bhvnRi2pAb05sZU
HYhnW/M4JM0lf568LeAu0f0f/ulNOGaBnDcVyFKBHEkBaWxndT6D28cyIw6+/TtC
hPj3PFSANc5uDfsOVyVDVIRsag5Dhi70ymy6F5hPBRQlSabNIHUV1sbY5A==
-----END CERTIFICATE-----