Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fd8582f2-711d-49f5-9208-ce76c6466e79.roa
File:                     fd8582f2-711d-49f5-9208-ce76c6466e79.roa (raw, json)
Hash identifier:          MJ+MFay4eLasjSWS86gOqyAnEJpZU4/qGNSBsUfapuQ=
Subject key identifier:   70:89:51:19:B3:78:C5:32:C0:78:F8:F7:6F:DE:62:F4:26:23:D0:E3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5D8B2E918C6C77B0A52A1C5EF22A31BD88FC7BD3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fd8582f2-711d-49f5-9208-ce76c6466e79.roa
Signing time:             Fri 11 Jul 2025 17:21:46 +0000
ROA not before:           Fri 11 Jul 2025 17:21:46 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:8b:2e:91:8c:6c:77:b0:a5:2a:1c:5e:f2:2a:31:bd:88:fc:7b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 17:21:46 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=083bca94290092ed4291b6b991ffbba6d54a51a0c2fc168189e2d614df7996c6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ea:b4:e2:ee:4e:7f:60:c3:8c:8a:8a:a6:f2:
                    87:11:09:a2:85:0e:95:c6:ae:c7:66:57:d2:e6:90:
                    7a:a5:b2:dc:b3:b3:4c:39:5c:ae:74:ce:40:3a:0b:
                    31:7a:7e:6d:ad:7c:9d:7c:76:7a:d1:19:eb:ab:8f:
                    9d:17:14:0f:f1:4e:e9:1d:86:f5:90:68:f5:25:01:
                    4d:ce:35:4c:ae:4b:40:ad:da:f4:bb:e6:46:45:35:
                    5f:47:6d:eb:05:f0:93:1d:89:58:1e:85:ca:2c:8d:
                    27:d0:e6:b4:98:18:c7:b9:3e:b4:d6:0e:42:03:7e:
                    82:f8:08:cf:75:7c:84:41:72:74:4f:20:39:30:26:
                    39:e4:fa:08:f2:18:06:5c:22:bf:3a:c3:93:b4:86:
                    09:17:4d:b1:38:82:ab:e5:b8:40:7c:e3:0e:d6:9b:
                    b6:01:a8:de:d0:58:7c:75:12:9e:0e:29:91:dd:2e:
                    e0:be:2b:58:84:6d:3b:0d:cf:00:56:16:5f:d5:c7:
                    55:71:45:1e:8e:0c:ec:fe:49:4f:e9:97:4b:4f:37:
                    80:ce:27:81:df:a8:cf:15:34:84:4e:5a:20:34:57:
                    e7:32:71:98:b9:60:1a:3e:0b:61:23:ee:13:25:b6:
                    fc:db:b8:94:59:fe:7b:63:02:05:8b:ee:c5:06:d1:
                    a1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:89:51:19:B3:78:C5:32:C0:78:F8:F7:6F:DE:62:F4:26:23:D0:E3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fd8582f2-711d-49f5-9208-ce76c6466e79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:70:03:46:61:f8:fa:ff:9a:f5:84:93:a9:b4:6b:27:31:4c:
         f2:79:58:05:e4:fb:da:e6:2b:31:38:d1:9b:9b:66:16:93:f7:
         aa:b7:3c:63:3a:40:12:30:7c:c9:3b:d3:f8:e9:65:2e:b6:9d:
         4b:d1:0b:13:68:3b:a6:d6:ec:21:e1:66:22:13:55:4f:c3:14:
         56:b9:15:7c:f1:40:48:13:da:f8:fe:5a:1b:7e:0f:f4:04:21:
         2e:5e:b7:63:7d:6f:76:69:3b:f1:ac:a9:47:4a:35:2e:90:87:
         5d:77:be:7c:6e:09:cb:c2:7a:a5:44:c9:67:0e:00:b5:95:e7:
         f6:03:19:21:22:f3:3d:46:01:43:5c:6a:6f:f4:5f:b8:83:3c:
         f2:89:e8:76:eb:86:6d:48:12:34:c0:eb:12:7a:2c:9a:d3:43:
         14:4c:bb:65:40:3f:21:28:2d:a9:91:14:df:3b:ae:c6:50:47:
         ba:22:25:58:83:46:01:ec:69:7c:cb:c9:e9:fc:71:33:53:0d:
         f5:b7:12:24:e5:94:b7:e3:3f:ec:22:37:9b:e5:cd:8e:85:6d:
         92:eb:a6:ac:cf:6f:0a:49:63:3a:86:80:3f:56:a4:93:d6:92:
         5f:e2:bb:18:87:73:bb:2d:0d:d8:4a:ae:d4:5b:14:89:8a:b7:
         d8:61:50:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXYsukYxsd7ClKhxe8ioxvYj8e9MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTcyMTQ2WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwODNiY2E5NDI5MDA5MmVkNDI5MWI2Yjk5MWZmYmJhNmQ1
NGE1MWEwYzJmYzE2ODE4OWUyZDYxNGRmNzk5NmM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw6rTi7k5/YMOMioqm8ocRCaKFDpXGrsdmV9LmkHqlstyz
s0w5XK50zkA6CzF6fm2tfJ18dnrRGeurj50XFA/xTukdhvWQaPUlAU3ONUyuS0Ct
2vS75kZFNV9HbesF8JMdiVgehcosjSfQ5rSYGMe5PrTWDkIDfoL4CM91fIRBcnRP
IDkwJjnk+gjyGAZcIr86w5O0hgkXTbE4gqvluEB84w7Wm7YBqN7QWHx1Ep4OKZHd
LuC+K1iEbTsNzwBWFl/Vx1VxRR6ODOz+SU/pl0tPN4DOJ4HfqM8VNIROWiA0V+cy
cZi5YBo+C2Ej7hMltvzbuJRZ/ntjAgWL7sUG0aHXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcIlRGbN4xTLAePj3b95i9CYj0OMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZkODU4MmYyLTcxMWQtNDlmNS05MjA4LWNlNzZjNjQ2NmU3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0XzgwDQYJKoZIhvcNAQELBQADggEBAJlwA0Zh+Pr/mvWEk6m0aycxTPJ5
WAXk+9rmKzE40ZubZhaT96q3PGM6QBIwfMk70/jpZS62nUvRCxNoO6bW7CHhZiIT
VU/DFFa5FXzxQEgT2vj+Wht+D/QEIS5et2N9b3ZpO/GsqUdKNS6Qh113vnxuCcvC
eqVEyWcOALWV5/YDGSEi8z1GAUNcam/0X7iDPPKJ6Hbrhm1IEjTA6xJ6LJrTQxRM
u2VAPyEoLamRFN87rsZQR7oiJViDRgHsaXzLyen8cTNTDfW3EiTllLfjP+wiN5vl
zY6FbZLrpqzPbwpJYzqGgD9WpJPWkl/iuxiHc7stDdhKrtRbFImKt9hhUK0=
-----END CERTIFICATE-----