Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa
File:                     dce2d640-0c72-4a73-be9b-14511c9175aa.roa (raw, json)
Hash identifier:          Ky1xwJZadm+vhEK+OEy9sFebAT1Bm91ICWCaEVu782Q=
Subject key identifier:   AC:DC:41:3B:15:74:BD:EA:57:D9:17:E2:3A:D7:45:25:04:E3:34:5B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4D915BBF7C72D4B6C49CDB647DC01D54B5BFFA55
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa
Signing time:             Fri 25 Jul 2025 16:31:09 +0000
ROA not before:           Fri 25 Jul 2025 16:31:09 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.217.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:91:5b:bf:7c:72:d4:b6:c4:9c:db:64:7d:c0:1d:54:b5:bf:fa:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 16:31:09 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=91fe706c2c65792c9110b27ea63c7bfd76a4d8f90c957b88ea72c6f41573c438, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:0f:fa:de:bd:2d:c3:92:a7:10:e5:16:03:a6:
                    54:5f:46:0c:b1:20:80:7a:26:2a:b0:8f:e5:db:b1:
                    b9:50:6d:f0:27:97:31:6a:30:da:a6:20:77:41:df:
                    fc:73:a4:47:64:de:be:b2:77:5c:a6:cf:9c:6b:4b:
                    c3:ce:68:75:29:60:70:5f:f0:e1:5a:c0:ea:90:c5:
                    41:4f:9f:2d:b5:ca:8b:be:93:88:b3:77:a0:ee:42:
                    10:c3:e6:88:d7:05:bd:2e:b1:07:b0:b0:28:10:33:
                    04:cc:51:c5:fe:37:b6:d6:8f:39:3e:7b:68:06:6e:
                    65:ef:f0:9f:dc:c9:91:59:95:c4:7d:cb:33:76:16:
                    57:bb:02:78:7b:8a:ab:d2:73:88:f7:8e:e4:74:8b:
                    c3:0d:87:ae:9f:44:db:87:30:90:b6:72:41:3c:70:
                    a7:01:13:0b:1d:b5:0e:dc:f4:bf:48:9c:93:e8:3a:
                    80:47:b2:ed:6b:9e:db:1b:b8:ed:0e:f8:e3:0e:e8:
                    3b:d0:c5:2c:17:f0:02:42:67:a6:86:c0:d6:89:a8:
                    4a:7a:e3:41:70:91:62:8a:dc:85:36:c0:70:9f:ac:
                    11:26:a4:26:6f:06:69:cf:28:8a:d8:74:8d:f7:c7:
                    ef:e3:26:5d:c5:da:e8:55:b0:fe:a2:41:36:ea:f5:
                    97:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DC:41:3B:15:74:BD:EA:57:D9:17:E2:3A:D7:45:25:04:E3:34:5B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dce2d640-0c72-4a73-be9b-14511c9175aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.217.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7b:76:f5:13:eb:45:75:ee:f5:87:5d:c5:da:d1:d5:a4:41:0f:
         d5:36:b0:81:bb:6f:80:f8:6e:a8:12:5a:09:9b:88:d8:41:1f:
         6a:28:4d:d8:59:05:02:ef:4d:d3:a9:65:a3:d6:da:19:b8:9c:
         3e:50:a9:2a:55:3c:84:33:d8:0a:9c:07:a1:83:a1:39:06:f0:
         8f:8e:3e:4e:e2:be:41:6d:a3:f3:86:c3:e0:0b:1f:85:82:29:
         8e:f3:92:be:e0:9f:49:38:30:c4:e0:31:f0:15:50:3d:6a:e3:
         df:56:62:52:87:dd:6d:c3:d0:bc:d9:c8:aa:df:2e:92:73:0f:
         73:db:fa:5d:7b:74:6c:c5:0d:02:f5:10:e4:a9:82:e1:22:a9:
         36:c0:8d:8d:b4:f1:c2:4c:87:f4:cc:00:97:d2:d8:d8:75:0e:
         29:02:45:69:d4:cb:56:da:68:43:6a:fc:b5:bd:72:df:96:48:
         fb:a2:bf:19:03:f9:22:fc:e3:99:33:c8:f2:2b:1f:76:e0:14:
         63:27:3d:b4:f6:6f:33:d6:9c:96:91:6f:d2:a1:08:40:88:dd:
         85:dc:01:2f:f1:24:f5:7e:5a:18:4a:55:74:71:d2:c5:3a:38:
         40:52:17:cc:73:25:78:3d:87:4c:f0:a6:e8:22:35:85:f6:86:
         5d:ac:85:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTZFbv3xy1LbEnNtkfcAdVLW/+lUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTYzMTA5WhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWZlNzA2YzJjNjU3OTJjOTExMGIyN2VhNjNjN2JmZDc2
YTRkOGY5MGM5NTdiODhlYTcyYzZmNDE1NzNjNDM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhD/revS3DkqcQ5RYDplRfRgyxIIB6Jiqwj+XbsblQbfAn
lzFqMNqmIHdB3/xzpEdk3r6yd1ymz5xrS8POaHUpYHBf8OFawOqQxUFPny21you+
k4izd6DuQhDD5ojXBb0usQewsCgQMwTMUcX+N7bWjzk+e2gGbmXv8J/cyZFZlcR9
yzN2Fle7Anh7iqvSc4j3juR0i8MNh66fRNuHMJC2ckE8cKcBEwsdtQ7c9L9InJPo
OoBHsu1rntsbuO0O+OMO6DvQxSwX8AJCZ6aGwNaJqEp640FwkWKK3IU2wHCfrBEm
pCZvBmnPKIrYdI33x+/jJl3F2uhVsP6iQTbq9ZfjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrNxBOxV0vepX2RfiOtdFJQTjNFswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RjZTJkNjQwLTBjNzItNGE3My1iZTliLTE0NTExYzkxNzVhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ22WAwDQYJKoZIhvcNAQELBQADggEBAHt29RPrRXXu9YddxdrR1aRBD9U2
sIG7b4D4bqgSWgmbiNhBH2ooTdhZBQLvTdOpZaPW2hm4nD5QqSpVPIQz2AqcB6GD
oTkG8I+OPk7ivkFto/OGw+ALH4WCKY7zkr7gn0k4MMTgMfAVUD1q499WYlKH3W3D
0LzZyKrfLpJzD3Pb+l17dGzFDQL1EOSpguEiqTbAjY208cJMh/TMAJfS2Nh1DikC
RWnUy1baaENq/LW9ct+WSPuivxkD+SL845kzyPIrH3bgFGMnPbT2bzPWnJaRb9Kh
CECI3YXcAS/xJPV+WhhKVXRx0sU6OEBSF8xzJXg9h0zwpugiNYX2hl2shWE=
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:10:26 2025 by rpki-client