Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ff300c0b-f5a2-4c88-b82d-c60c5bd8c8f3.roa
File:                     ff300c0b-f5a2-4c88-b82d-c60c5bd8c8f3.roa (raw, json)
Hash identifier:          DFk1FaGioJzoSretHdygEdYomG0EHYvFfOcp71sfwCw=
Subject key identifier:   62:B4:C7:AB:E9:03:5E:A7:2D:96:AE:91:AE:25:86:53:F5:EC:AC:6D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28806F8C5BD512BBBA49FB154AF2C41ADA8B4A8B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ff300c0b-f5a2-4c88-b82d-c60c5bd8c8f3.roa
Signing time:             Tue 29 Jul 2025 16:41:36 +0000
ROA not before:           Tue 29 Jul 2025 16:41:36 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.238.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:80:6f:8c:5b:d5:12:bb:ba:49:fb:15:4a:f2:c4:1a:da:8b:4a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 16:41:36 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=e8a744b36957295ed32ced5740183f28004c693dc7f107b3ca0ccf3b8e642744, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fd:45:15:1e:de:fa:fb:71:ab:ca:cd:96:55:
                    c4:e2:56:f3:84:6d:b8:4d:5f:a6:92:f1:de:cb:5e:
                    f3:01:44:d9:0b:16:5b:2f:2e:a1:24:39:07:0b:1d:
                    e8:31:fb:69:1c:fb:70:7e:0f:11:6a:ce:36:72:1d:
                    c1:f6:7b:bb:55:49:d4:13:db:36:c8:0c:02:b2:4c:
                    ed:b6:dc:9d:5f:15:f1:fd:cd:38:57:7f:02:ea:10:
                    59:8a:0e:ec:3a:ae:db:15:b8:e1:08:d9:e2:ff:02:
                    d4:66:d5:cd:3e:5b:0b:cd:3f:12:e3:21:8a:0e:2c:
                    e0:54:4d:4d:23:0d:1c:37:4c:0c:c0:76:39:74:fe:
                    76:da:ae:37:61:24:1f:09:c5:82:ed:90:b6:15:85:
                    17:85:97:78:b9:9a:f0:e6:8e:8a:67:66:aa:1b:0f:
                    20:e1:f3:94:b3:cd:1f:74:0b:0a:67:29:78:9d:10:
                    ff:b7:f4:a9:9f:c5:51:56:ae:db:0c:1c:d0:3c:f4:
                    db:6e:48:50:54:36:e5:56:83:15:28:1d:73:e4:cc:
                    25:02:a4:c5:55:26:dd:e8:fe:3a:91:2a:29:7b:25:
                    f0:12:b0:1a:af:6b:ea:e3:b9:94:a7:e2:a2:76:6f:
                    04:fb:7d:74:6f:cb:3b:d8:33:92:a9:ed:ea:9c:39:
                    4b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B4:C7:AB:E9:03:5E:A7:2D:96:AE:91:AE:25:86:53:F5:EC:AC:6D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ff300c0b-f5a2-4c88-b82d-c60c5bd8c8f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.238.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:de:01:62:3d:f4:aa:bd:1b:e8:2d:aa:44:46:50:91:4f:f7:
         90:50:ea:28:1c:93:c6:ff:54:2d:2e:c4:05:46:3b:f8:bf:a1:
         3a:46:c2:4f:36:c3:6b:f4:78:66:52:44:c5:24:d7:ce:10:47:
         35:51:23:7c:d3:57:57:e8:f7:22:93:2f:fd:c5:65:25:44:dc:
         e1:1e:9d:f0:88:d0:e2:e9:10:ef:b6:f3:98:32:5d:73:b4:cf:
         c2:77:7f:98:b9:30:63:e7:0b:e5:ff:9a:2c:0f:af:1a:30:18:
         c9:80:57:b7:c6:9f:ea:a1:98:0e:8e:4b:20:84:ec:47:24:d5:
         bd:7b:36:30:02:af:13:9e:92:32:36:50:68:41:97:b1:01:8c:
         79:b8:cc:1e:52:c7:3b:19:1e:c1:17:f5:e3:d6:6c:5f:47:bf:
         94:f6:52:ce:53:3a:a6:34:d0:6c:81:ca:27:4c:52:8f:20:e7:
         97:95:1f:21:63:80:2a:14:d9:97:fa:fb:d2:84:39:aa:95:4d:
         76:ba:cf:e1:68:0e:69:2b:ff:e2:e3:bb:52:3f:af:5c:2f:9c:
         40:4c:29:6f:e8:3f:8a:d4:39:87:df:2d:c4:fd:2d:04:78:cc:
         18:fb:70:f6:57:4e:cd:10:c2:ba:c8:31:d4:e2:16:5a:43:32:
         1b:ec:58:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKIBvjFvVEru6SfsVSvLEGtqLSoswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTY0MTM2WhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOGE3NDRiMzY5NTcyOTVlZDMyY2VkNTc0MDE4M2YyODAw
NGM2OTNkYzdmMTA3YjNjYTBjY2YzYjhlNjQyNzQ0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK/UUVHt76+3Grys2WVcTiVvOEbbhNX6aS8d7LXvMBRNkL
FlsvLqEkOQcLHegx+2kc+3B+DxFqzjZyHcH2e7tVSdQT2zbIDAKyTO223J1fFfH9
zThXfwLqEFmKDuw6rtsVuOEI2eL/AtRm1c0+WwvNPxLjIYoOLOBUTU0jDRw3TAzA
djl0/nbarjdhJB8JxYLtkLYVhReFl3i5mvDmjopnZqobDyDh85SzzR90CwpnKXid
EP+39KmfxVFWrtsMHNA89NtuSFBUNuVWgxUoHXPkzCUCpMVVJt3o/jqRKil7JfAS
sBqva+rjuZSn4qJ2bwT7fXRvyzvYM5Kp7eqcOUs7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYrTHq+kDXqctlq6RriWGU/XsrG0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZmMzAwYzBiLWY1YTItNGM4OC1iODJkLWM2MGM1YmQ4YzhmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI27ngwDQYJKoZIhvcNAQELBQADggEBAHzeAWI99Kq9G+gtqkRGUJFP95BQ
6igck8b/VC0uxAVGO/i/oTpGwk82w2v0eGZSRMUk184QRzVRI3zTV1fo9yKTL/3F
ZSVE3OEenfCI0OLpEO+285gyXXO0z8J3f5i5MGPnC+X/miwPrxowGMmAV7fGn+qh
mA6OSyCE7Eck1b17NjACrxOekjI2UGhBl7EBjHm4zB5SxzsZHsEX9ePWbF9Hv5T2
Us5TOqY00GyByidMUo8g55eVHyFjgCoU2Zf6+9KEOaqVTXa6z+FoDmkr/+Lju1I/
r1wvnEBMKW/oP4rUOYffLcT9LQR4zBj7cPZXTs0QwrrIMdTiFlpDMhvsWGU=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:38:25 2025 by rpki-client