Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/df881b71-0435-4a4d-91f0-3d9796d1e92b.roa
File:                     df881b71-0435-4a4d-91f0-3d9796d1e92b.roa (raw, json)
Hash identifier:          b4mQJP67JZXnZzj/QYvKztXERS8gtJH0wpfya+ks8pk=
Subject key identifier:   AE:7A:49:E5:1F:E6:92:1E:80:58:19:3C:42:04:AE:3B:F6:46:C7:9E
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       6DD18DA00DDC000A677D68A357C0A20BE70ECC9D
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/df881b71-0435-4a4d-91f0-3d9796d1e92b.roa
Signing time:             Mon 13 Oct 2025 16:38:12 +0000
ROA not before:           Mon 13 Oct 2025 16:38:12 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.137.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 22 Oct 2025 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:d1:8d:a0:0d:dc:00:0a:67:7d:68:a3:57:c0:a2:0b:e7:0e:cc:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Oct 13 16:38:12 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=00713081fe4306ceb863db4cbabeeb00b4484ee20b3dd0d23880ef441651acd2, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:cf:03:d3:36:81:4f:29:95:08:43:d8:5b:cf:
                    c9:c3:a1:fc:88:c9:31:f0:d9:4e:7a:2a:7c:67:cb:
                    c4:b4:ea:1c:eb:ef:18:74:a5:4c:6e:c2:04:c5:96:
                    dc:a4:c5:1a:10:90:e7:e9:a4:65:35:05:d3:46:39:
                    71:6d:cf:5b:b9:b9:e0:7f:2f:af:ab:28:c0:97:4f:
                    09:aa:9c:15:de:0c:66:6f:ec:f1:4c:cf:c8:49:72:
                    40:8f:0e:98:43:3a:2a:df:87:bd:9c:ce:35:d1:14:
                    08:e2:de:cb:e1:f6:80:24:16:fe:72:0c:26:0b:c3:
                    16:bf:4a:d6:4b:f7:3a:f8:9a:18:d2:ce:b6:4c:6a:
                    be:30:ef:6e:6b:e5:55:ae:fd:09:ed:50:92:ec:89:
                    44:7a:a1:17:72:9b:c7:86:8d:50:3c:e3:4b:0e:fe:
                    da:e5:22:c0:6d:ca:7e:f5:99:a0:3c:75:37:3d:be:
                    04:ae:7b:88:38:2c:bd:4d:ab:de:f5:88:a0:b6:11:
                    e3:7e:3b:28:73:b3:11:ee:b8:c5:b5:90:a1:40:f0:
                    65:b8:e5:ea:13:d3:21:91:0b:d0:ba:e1:d9:09:ff:
                    29:b2:73:0f:e8:47:6a:68:f2:24:20:0b:24:cd:cd:
                    ee:c0:02:a1:a8:1a:8f:97:32:85:b4:5f:17:0b:ba:
                    70:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:7A:49:E5:1F:E6:92:1E:80:58:19:3C:42:04:AE:3B:F6:46:C7:9E
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/df881b71-0435-4a4d-91f0-3d9796d1e92b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.137.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:06:33:2f:3c:8c:20:29:b5:39:c5:c3:c0:82:fe:20:bc:52:
         de:7b:c2:5a:2f:83:92:2d:50:02:e0:fe:40:4f:af:1f:7e:70:
         36:c2:14:89:2b:40:82:6f:5e:86:4a:f7:40:87:c9:cb:a3:bd:
         1e:14:42:78:7d:92:0d:a7:1d:cd:07:3c:7c:94:de:5e:8f:0c:
         33:56:e0:a2:64:34:94:f3:6e:59:b6:e9:d3:90:f9:29:5e:93:
         c6:e6:aa:a7:e6:f7:aa:2f:da:38:9e:19:50:22:5a:e3:db:99:
         a5:23:5f:6b:40:d8:08:b5:78:c0:43:92:f7:21:51:ac:8b:29:
         9a:66:d9:cf:5c:19:f5:e5:b3:7a:09:f0:60:4b:a8:f2:8f:8a:
         e1:9f:1f:a6:7c:ce:2e:fb:5d:fc:d0:ca:51:c0:03:dd:b3:fc:
         fd:71:7f:94:46:d8:1b:b5:b4:9c:8c:d4:f5:f4:a8:f6:8b:7f:
         f0:92:c4:09:95:8a:de:9b:b4:e3:4a:bb:94:69:f2:38:de:19:
         aa:99:20:7c:f1:5a:5d:81:65:df:f7:1d:b4:a7:a0:0b:35:c3:
         02:eb:af:29:34:33:fd:bf:04:5d:90:ee:0b:3b:44:3b:76:03:
         f2:22:56:02:89:2e:87:b1:45:cb:f0:70:5c:ac:07:92:ad:75:
         c4:bd:b7:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbdGNoA3cAApnfWijV8CiC+cOzJ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUxMDEzMTYzODEyWhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDcxMzA4MWZlNDMwNmNlYjg2M2RiNGNiYWJlZWIwMGI0
NDg0ZWUyMGIzZGQwZDIzODgwZWY0NDE2NTFhY2QyMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQzwPTNoFPKZUIQ9hbz8nDofyIyTHw2U56Knxny8S06hzr
7xh0pUxuwgTFltykxRoQkOfppGU1BdNGOXFtz1u5ueB/L6+rKMCXTwmqnBXeDGZv
7PFMz8hJckCPDphDOirfh72czjXRFAji3svh9oAkFv5yDCYLwxa/StZL9zr4mhjS
zrZMar4w725r5VWu/QntUJLsiUR6oRdym8eGjVA840sO/trlIsBtyn71maA8dTc9
vgSue4g4LL1Nq971iKC2EeN+OyhzsxHuuMW1kKFA8GW45eoT0yGRC9C64dkJ/ymy
cw/oR2po8iQgCyTNze7AAqGoGo+XMoW0XxcLunBpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrnpJ5R/mkh6AWBk8QgSuO/ZGx54wHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2RmODgxYjcxLTA0MzUtNGE0ZC05MWYwLTNkOTc5NmQxZTkyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADYiSswDQYJKoZIhvcNAQELBQADggEBADwGMy88jCAptTnFw8CC/iC8Ut57
wlovg5ItUALg/kBPrx9+cDbCFIkrQIJvXoZK90CHycujvR4UQnh9kg2nHc0HPHyU
3l6PDDNW4KJkNJTzblm26dOQ+Slek8bmqqfm96ov2jieGVAiWuPbmaUjX2tA2Ai1
eMBDkvchUayLKZpm2c9cGfXls3oJ8GBLqPKPiuGfH6Z8zi77XfzQylHAA92z/P1x
f5RG2Bu1tJyM1PX0qPaLf/CSxAmVit6btONKu5Rp8jjeGaqZIHzxWl2BZd/3HbSn
oAs1wwLrryk0M/2/BF2Q7gs7RDt2A/IiVgKJLoexRcvwcFysB5KtdcS9t+s=
-----END CERTIFICATE-----