Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/a36ac229-d07f-4fcf-ac41-46b2fc8fa9f4.roa
File:                     a36ac229-d07f-4fcf-ac41-46b2fc8fa9f4.roa (raw, json)
Hash identifier:          culJHnDjlqTPlp5X3IP5yx0Wiui9jwSFQhRk1eVIqUs=
Subject key identifier:   C5:7B:2E:8D:A6:CD:45:7C:FB:A6:EF:8F:C7:BF:93:86:24:9B:B5:C5
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       608A42EB29466A798381FB9574E3311E37788EAB
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/a36ac229-d07f-4fcf-ac41-46b2fc8fa9f4.roa
Signing time:             Mon 13 Oct 2025 16:00:45 +0000
ROA not before:           Mon 13 Oct 2025 16:00:45 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.246.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:8a:42:eb:29:46:6a:79:83:81:fb:95:74:e3:31:1e:37:78:8e:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 13 16:00:45 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=d2ffc31c784f363436c49d3c3519547479c51c528e117e2443d349b822ff1d68, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:74:b5:ea:f8:fb:32:f3:9a:61:ed:c0:d2:82:
                    bb:a4:ef:72:1e:c6:d6:4b:c6:7b:b7:8f:88:17:88:
                    77:2d:fc:47:c0:51:e6:fb:bc:21:a4:cd:f6:1f:e8:
                    40:91:df:be:24:84:e4:fd:94:3e:10:c1:15:44:06:
                    67:a0:de:66:8f:5e:5e:ff:60:41:36:ca:cb:76:81:
                    4a:22:b9:88:cc:a4:51:1a:60:99:d0:e8:ea:50:e9:
                    0c:dc:46:fb:6b:48:9d:1e:cc:2c:8d:63:3a:e6:10:
                    38:7d:68:ef:f9:d8:a7:a6:e7:04:31:10:33:23:dd:
                    cc:db:00:86:9a:17:b3:20:b4:43:11:5d:14:58:1c:
                    fc:b8:ed:af:3b:63:fa:f4:44:91:91:02:32:61:7c:
                    38:9e:86:11:18:65:ae:33:bf:aa:0c:41:cb:36:6a:
                    b8:d9:59:9b:1a:69:75:57:1e:58:f2:69:89:de:bf:
                    1d:65:15:6f:44:53:0d:94:cf:a2:d2:b1:c5:c3:e4:
                    76:44:52:50:89:e0:e3:ee:8e:14:31:be:98:85:e0:
                    f7:23:d0:2e:91:16:8a:fa:d2:0d:cb:47:67:6a:63:
                    88:99:61:24:6d:a8:9a:0f:69:ec:06:e9:99:6f:38:
                    54:26:4f:ed:c3:62:3b:70:4b:80:6d:0b:da:07:5c:
                    0f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:7B:2E:8D:A6:CD:45:7C:FB:A6:EF:8F:C7:BF:93:86:24:9B:B5:C5
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/a36ac229-d07f-4fcf-ac41-46b2fc8fa9f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.246.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:5d:bf:a3:b7:8f:b0:95:c6:32:f7:30:48:3c:df:01:a9:d8:
         81:06:d2:28:c8:87:af:c9:8c:69:b4:03:05:9c:76:93:5c:a1:
         3b:39:12:e8:58:93:47:95:66:c7:a6:14:ba:47:bc:69:88:b7:
         5e:00:4e:a4:58:22:f7:f8:51:7f:7b:62:2d:fe:02:3e:25:e6:
         f5:08:29:7c:42:7a:c3:36:4b:4c:8a:94:a2:7c:ff:c1:63:f5:
         55:89:94:30:74:18:17:cf:58:af:c1:81:47:84:46:69:3d:56:
         50:34:f9:ba:6b:61:fa:59:c8:63:b2:7c:7d:ac:d6:1e:08:c8:
         b3:66:a4:1a:d3:6c:1e:15:cf:5c:eb:37:0a:a3:80:49:5b:1a:
         26:c3:26:59:75:c1:4c:3b:7d:d0:d3:cc:f5:87:95:50:03:c8:
         51:c1:a7:4d:07:8d:ab:1a:f6:0c:7b:f1:02:56:c2:ed:e5:fd:
         60:f6:0e:b2:39:06:85:ef:bb:42:4c:6c:f4:79:7e:93:6e:ad:
         58:43:ec:04:ed:95:f5:a6:e3:92:0f:77:b6:43:2b:b7:ed:3e:
         0e:7e:1f:cc:09:09:0c:20:0e:77:e8:5b:f4:58:90:51:21:f7:
         c9:8a:a5:83:83:86:c6:86:c4:5c:fa:8c:11:38:20:48:d8:42:
         54:ea:31:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYIpC6ylGanmDgfuVdOMxHjd4jqswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDEzMTYwMDQ1WhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMmZmYzMxYzc4NGYzNjM0MzZjNDlkM2MzNTE5NTQ3NDc5
YzUxYzUyOGUxMTdlMjQ0M2QzNDliODIyZmYxZDY4MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjdLXq+Psy85ph7cDSgruk73IextZLxnu3j4gXiHct/EfA
Ueb7vCGkzfYf6ECR374khOT9lD4QwRVEBmeg3maPXl7/YEE2yst2gUoiuYjMpFEa
YJnQ6OpQ6QzcRvtrSJ0ezCyNYzrmEDh9aO/52Kem5wQxEDMj3czbAIaaF7MgtEMR
XRRYHPy47a87Y/r0RJGRAjJhfDiehhEYZa4zv6oMQcs2arjZWZsaaXVXHljyaYne
vx1lFW9EUw2Uz6LSscXD5HZEUlCJ4OPujhQxvpiF4Pcj0C6RFor60g3LR2dqY4iZ
YSRtqJoPaewG6ZlvOFQmT+3DYjtwS4BtC9oHXA8dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxXsujabNRXz7pu+Px7+ThiSbtcUwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2EzNmFjMjI5LWQwN2YtNGZjZi1hYzQxLTQ2YjJmYzhmYTlmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADM9rEwDQYJKoZIhvcNAQELBQADggEBAHNdv6O3j7CVxjL3MEg83wGp2IEG
0ijIh6/JjGm0AwWcdpNcoTs5EuhYk0eVZsemFLpHvGmIt14ATqRYIvf4UX97Yi3+
Aj4l5vUIKXxCesM2S0yKlKJ8/8Fj9VWJlDB0GBfPWK/BgUeERmk9VlA0+bprYfpZ
yGOyfH2s1h4IyLNmpBrTbB4Vz1zrNwqjgElbGibDJll1wUw7fdDTzPWHlVADyFHB
p00Hjasa9gx78QJWwu3l/WD2DrI5BoXvu0JMbPR5fpNurVhD7ATtlfWm45IPd7ZD
K7ftPg5+H8wJCQwgDnfoW/RYkFEh98mKpYODhsaGxFz6jBE4IEjYQlTqMUo=
-----END CERTIFICATE-----