Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e28d298f-e48a-4aaf-bf51-472ca8677cc8.roa
File:                     e28d298f-e48a-4aaf-bf51-472ca8677cc8.roa (raw, json)
Hash identifier:          npvVmII9gaXef2YBOkwUCAA969xyvoz//kTtPfegIYM=
Subject key identifier:   1E:1B:0F:28:D7:64:09:47:4C:EE:90:F4:A1:2B:4A:4D:04:14:DA:58
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C3681168804DBF0C914B233BB91BCAC4032F0B7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e28d298f-e48a-4aaf-bf51-472ca8677cc8.roa
Signing time:             Tue 04 Nov 2025 01:00:09 +0000
ROA not before:           Tue 04 Nov 2025 01:00:09 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.161.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:36:81:16:88:04:db:f0:c9:14:b2:33:bb:91:bc:ac:40:32:f0:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:00:09 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=45a123a91d53f05efd037190712fa2232b67bb64de8a87a16b2e1dc6d9870ac0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ca:85:1e:24:11:af:40:8d:00:9a:34:d3:57:
                    30:a7:d0:7b:61:b0:5d:8f:5d:3a:34:b2:82:a6:f8:
                    1c:7f:95:f4:a5:5c:4b:dc:88:fb:97:e7:60:88:9c:
                    88:b6:00:23:87:f1:6c:2b:5d:72:9c:6d:bf:8f:65:
                    27:d0:db:8b:65:c8:98:0a:11:c0:45:2a:91:a1:8c:
                    41:54:af:99:0e:b8:1d:6d:0d:98:3e:78:d8:3c:3e:
                    6d:27:69:79:2d:38:68:d6:16:27:d4:21:96:71:73:
                    04:2f:e2:b7:62:cb:18:33:bb:b8:c8:47:79:a8:ca:
                    4e:d0:c9:34:28:2e:d7:17:a1:ca:3a:23:24:e3:8b:
                    06:fe:07:01:9e:4d:41:75:50:f7:10:f0:bd:62:35:
                    59:f0:af:e2:08:e2:d9:b4:b2:46:ff:1f:87:81:4a:
                    b2:58:51:d4:aa:8c:17:de:b4:ae:ad:ae:cc:7a:a4:
                    ea:96:a9:8e:f1:fa:de:d7:fd:2b:9d:c0:4d:26:b7:
                    85:a6:ab:fb:e4:f0:44:57:82:97:ea:10:6e:19:8e:
                    4f:1c:fd:80:b1:fa:d8:46:39:27:b1:c1:1f:60:2a:
                    d3:f5:bf:18:86:32:67:10:79:21:0e:96:5c:56:ad:
                    32:a2:cc:a5:4c:82:a0:0f:c3:0f:19:fa:62:8f:df:
                    35:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:1B:0F:28:D7:64:09:47:4C:EE:90:F4:A1:2B:4A:4D:04:14:DA:58
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e28d298f-e48a-4aaf-bf51-472ca8677cc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.161.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         83:2b:b3:36:d8:c3:b6:69:58:8f:1f:7d:ff:9e:26:57:11:b9:
         b5:52:9e:5c:00:3e:84:ec:63:15:32:5b:ce:0d:0f:52:7d:71:
         76:2c:ad:29:11:6b:10:93:0a:5f:96:8a:1a:a5:53:ae:86:4b:
         1e:dc:d0:08:fa:e9:41:a9:bf:ad:fb:73:77:af:39:0e:f3:7e:
         53:b9:01:23:85:48:87:ec:bc:2b:04:9f:ad:a1:09:ff:c4:1f:
         2e:38:c8:4c:77:95:8d:b7:d5:91:af:56:ee:35:d5:a3:c3:74:
         c0:1b:e7:67:d8:8a:e1:da:ff:47:b7:da:d1:f7:d0:84:45:35:
         b2:af:b1:3b:7f:1f:80:36:c0:6c:0f:0e:d3:06:3a:71:99:35:
         aa:ff:fc:02:c3:fd:34:80:90:a5:33:fc:ac:f8:1d:af:16:06:
         5a:eb:64:7d:66:06:29:45:b0:fb:62:03:d2:9f:d1:1a:67:59:
         98:54:c1:a9:0e:e7:53:36:fc:01:f1:d0:8d:47:d4:5a:a7:cb:
         0f:04:68:4b:0b:85:16:41:4b:06:f8:f3:10:e1:02:d1:79:9d:
         9b:fa:e2:46:16:bc:db:b0:6a:cb:2b:49:c8:77:9b:0c:68:09:
         a0:13:14:f3:61:0c:50:cd:d9:a0:ad:f6:af:4f:4f:46:3d:6a:
         de:03:af:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfDaBFogE2/DJFLIzu5G8rEAy8LcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDEwMDA5WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NWExMjNhOTFkNTNmMDVlZmQwMzcxOTA3MTJmYTIyMzJi
NjdiYjY0ZGU4YTg3YTE2YjJlMWRjNmQ5ODcwYWMwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtyoUeJBGvQI0AmjTTVzCn0HthsF2PXTo0soKm+Bx/lfSl
XEvciPuX52CInIi2ACOH8WwrXXKcbb+PZSfQ24tlyJgKEcBFKpGhjEFUr5kOuB1t
DZg+eNg8Pm0naXktOGjWFifUIZZxcwQv4rdiyxgzu7jIR3moyk7QyTQoLtcXoco6
IyTjiwb+BwGeTUF1UPcQ8L1iNVnwr+II4tm0skb/H4eBSrJYUdSqjBfetK6trsx6
pOqWqY7x+t7X/SudwE0mt4Wmq/vk8ERXgpfqEG4Zjk8c/YCx+thGOSexwR9gKtP1
vxiGMmcQeSEOllxWrTKizKVMgqAPww8Z+mKP3zWFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHhsPKNdkCUdM7pD0oStKTQQU2lgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UyOGQyOThmLWU0OGEtNGFhZi1iZjUxLTQ3MmNhODY3N2NjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2oYAwDQYJKoZIhvcNAQELBQADggEBAIMrszbYw7ZpWI8fff+eJlcRubVS
nlwAPoTsYxUyW84ND1J9cXYsrSkRaxCTCl+WihqlU66GSx7c0Aj66UGpv637c3ev
OQ7zflO5ASOFSIfsvCsEn62hCf/EHy44yEx3lY231ZGvVu411aPDdMAb52fYiuHa
/0e32tH30IRFNbKvsTt/H4A2wGwPDtMGOnGZNar//ALD/TSAkKUz/Kz4Ha8WBlrr
ZH1mBilFsPtiA9Kf0RpnWZhUwakO51M2/AHx0I1H1Fqnyw8EaEsLhRZBSwb48xDh
AtF5nZv64kYWvNuwassrSch3mwxoCaATFPNhDFDN2aCt9q9PT0Y9at4Dr5g=
-----END CERTIFICATE-----