Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa
File:                     f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa (raw, json)
Hash identifier:          5JX+mEr6EWdwQ/cr6q7Tsnmr6WHKUbBYFeo1k85c3oo=
Subject key identifier:   E3:11:85:64:DC:FA:52:C2:07:49:C4:CC:A9:E2:72:9C:3A:F4:2F:36
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2630F0884F5C1D81A18622158B9F98476EDBA7F3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa
Signing time:             Tue 21 Oct 2025 11:03:49 +0000
ROA not before:           Tue 21 Oct 2025 11:03:49 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:30:f0:88:4f:5c:1d:81:a1:86:22:15:8b:9f:98:47:6e:db:a7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 11:03:49 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=50786edb8f83f6dab06069eb867c3707fa72fb6d5160322bcfed90461dd8ec48, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3d:b9:fa:33:97:17:d3:93:07:c9:ae:9f:da:
                    47:b0:16:d4:66:f6:1a:f3:1a:aa:9c:6d:67:68:3d:
                    4e:3f:b1:d5:98:04:eb:d7:ed:cc:46:2a:ed:5f:53:
                    a7:42:b7:06:d1:5b:c5:f2:a7:02:33:8d:ec:e1:f9:
                    83:2d:6f:d8:f9:f9:e0:96:28:22:2f:da:6e:a3:df:
                    2d:1a:7e:14:4c:d3:7e:a2:d2:fa:b9:d8:2a:2e:4f:
                    88:7f:37:01:d8:eb:29:a8:78:97:15:5d:21:6f:2d:
                    3c:61:bf:38:51:4e:ba:92:ab:59:f0:17:8e:12:93:
                    d7:3c:79:d3:b9:c1:26:6f:5b:59:aa:64:83:79:36:
                    52:7e:81:b3:40:d6:32:42:af:24:cc:f6:d9:cf:bd:
                    f2:96:25:bd:d2:15:6c:a3:df:cd:13:87:d6:68:fe:
                    dd:a9:ca:2f:d5:cf:2f:d0:12:41:11:90:eb:38:17:
                    fd:8d:bd:3c:f5:3d:99:87:4f:d6:37:61:b2:02:d2:
                    47:51:aa:47:8d:16:2f:3d:bc:f6:a2:3c:6f:96:6f:
                    74:c5:ad:00:21:88:e8:70:bd:9c:40:57:f5:85:63:
                    e1:c9:91:94:18:77:08:14:74:a7:4f:7e:28:f4:af:
                    8d:ee:16:16:8a:94:3b:ce:1e:46:c4:45:cd:6d:56:
                    ea:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:11:85:64:DC:FA:52:C2:07:49:C4:CC:A9:E2:72:9C:3A:F4:2F:36
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f185f8bb-54a6-4a09-8db9-eecdc9cec451.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         58:c9:ca:e0:60:b9:b8:87:1c:eb:dd:31:d2:76:d6:cf:ce:89:
         bb:ef:c1:2d:e4:93:59:eb:29:dc:d1:5a:57:29:b8:c8:eb:34:
         88:63:83:9a:31:c0:f9:cd:4f:71:b8:f7:0b:fe:43:48:fd:93:
         5c:24:c0:9f:a0:d5:e4:aa:3e:42:20:18:5f:a5:2c:99:12:96:
         95:e5:bf:0a:6b:9a:4d:7f:2d:16:86:2b:f8:7c:53:0f:91:37:
         2c:c4:95:2b:e6:b6:06:a3:cd:68:76:fe:0b:0a:a3:44:dd:e0:
         af:5d:7e:d4:cd:44:81:a7:3d:67:ee:ba:22:33:dd:e7:7e:59:
         db:f4:2f:5c:b1:2e:b2:00:c2:0a:ac:fd:e2:e2:c2:13:fb:9f:
         73:4c:b9:d8:42:b3:bb:bb:5a:1e:5f:c2:68:c0:6b:4a:e7:e9:
         c0:d5:57:4a:2b:b3:67:47:52:92:9e:7c:67:f2:da:62:c5:d9:
         90:05:03:b0:d6:51:7e:f7:db:99:26:10:77:a6:d9:ba:6e:0d:
         4b:ff:93:73:4b:51:46:3e:94:76:2e:b4:cb:88:30:a4:20:79:
         37:f0:a3:04:8f:48:7a:90:79:7b:eb:ec:fe:1f:d9:fe:7c:8f:
         47:ee:c2:99:45:d9:f8:ce:31:e3:df:b1:71:c2:e6:3d:81:eb:
         65:b1:a3:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJjDwiE9cHYGhhiIVi5+YR27bp/MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMTEwMzQ5WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDc4NmVkYjhmODNmNmRhYjA2MDY5ZWI4NjdjMzcwN2Zh
NzJmYjZkNTE2MDMyMmJjZmVkOTA0NjFkZDhlYzQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVPbn6M5cX05MHya6f2kewFtRm9hrzGqqcbWdoPU4/sdWY
BOvX7cxGKu1fU6dCtwbRW8XypwIzjezh+YMtb9j5+eCWKCIv2m6j3y0afhRM036i
0vq52CouT4h/NwHY6ymoeJcVXSFvLTxhvzhRTrqSq1nwF44Sk9c8edO5wSZvW1mq
ZIN5NlJ+gbNA1jJCryTM9tnPvfKWJb3SFWyj380Th9Zo/t2pyi/Vzy/QEkERkOs4
F/2NvTz1PZmHT9Y3YbIC0kdRqkeNFi89vPaiPG+Wb3TFrQAhiOhwvZxAV/WFY+HJ
kZQYdwgUdKdPfij0r43uFhaKlDvOHkbERc1tVuqjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4xGFZNz6UsIHScTMqeJynDr0LzYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YxODVmOGJiLTU0YTYtNGEwOS04ZGI5LWVlY2RjOWNlYzQ1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ0X3AwDQYJKoZIhvcNAQELBQADggEBAFjJyuBgubiHHOvdMdJ21s/Oibvv
wS3kk1nrKdzRWlcpuMjrNIhjg5oxwPnNT3G49wv+Q0j9k1wkwJ+g1eSqPkIgGF+l
LJkSlpXlvwprmk1/LRaGK/h8Uw+RNyzElSvmtgajzWh2/gsKo0Td4K9dftTNRIGn
PWfuuiIz3ed+Wdv0L1yxLrIAwgqs/eLiwhP7n3NMudhCs7u7Wh5fwmjAa0rn6cDV
V0ors2dHUpKefGfy2mLF2ZAFA7DWUX7325kmEHem2bpuDUv/k3NLUUY+lHYutMuI
MKQgeTfwowSPSHqQeXvr7P4f2f58j0fuwplF2fjOMePfsXHC5j2B62Wxo08=
-----END CERTIFICATE-----