Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/06e7bcbd-89bd-40c9-894a-14f26587a7ed.roa
File:                     06e7bcbd-89bd-40c9-894a-14f26587a7ed.roa (raw, json)
Hash identifier:          XiBNFCo1pzZAy38JcjuCzFljnJysgQca7DuGNioEizA=
Subject key identifier:   A4:16:7C:B6:83:17:0F:CC:65:60:1D:50:0C:2A:C3:D5:89:37:64:66
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3E5185F0353E2AFA4A51E05AEF88A8DE5096A370
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/06e7bcbd-89bd-40c9-894a-14f26587a7ed.roa
Signing time:             Sun 19 Oct 2025 07:51:31 +0000
ROA not before:           Sun 19 Oct 2025 07:51:31 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:51:85:f0:35:3e:2a:fa:4a:51:e0:5a:ef:88:a8:de:50:96:a3:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 07:51:31 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=0a02fccf7c4db845e0a864bfef623a6a196e09842c140a5a909f31aa9c573277, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a8:dd:44:d6:ca:aa:72:14:c8:54:c9:71:19:
                    5d:6c:46:b8:3e:2e:ce:ac:00:5b:ff:e6:c7:79:cd:
                    b1:72:34:6a:07:df:ab:32:f3:6f:34:d7:f1:e3:dd:
                    fa:3e:00:da:4a:6f:d2:ce:c5:a9:d1:3d:9f:a2:97:
                    68:eb:1b:cf:d8:c3:83:93:23:d2:c5:df:c3:37:1c:
                    3e:57:a0:4f:5f:5a:f1:83:fd:1a:1d:be:5d:9e:7a:
                    7a:ff:90:e4:1d:4e:44:21:f9:33:8d:89:a3:d5:4c:
                    58:89:2c:9c:b2:95:da:6c:72:41:74:d2:0f:4f:dd:
                    9b:4b:5d:11:69:3b:a5:40:75:14:31:ae:7a:64:b1:
                    06:21:42:d1:4d:3e:96:30:12:ad:49:55:6a:ec:5f:
                    6c:02:4b:92:94:60:7f:4f:43:ee:24:71:af:08:c3:
                    36:14:69:ca:63:12:af:7b:3a:ce:17:9f:20:f0:00:
                    d6:cd:a5:84:b5:ba:cf:80:6c:7a:74:ee:73:a9:dc:
                    47:d7:c8:0d:84:f0:fe:be:dc:f8:c1:3e:e3:a9:64:
                    a7:ad:c3:d0:35:e1:a8:91:d5:24:21:14:ba:9d:90:
                    85:70:dd:fa:b3:55:2c:e2:44:9f:63:53:ab:08:f6:
                    af:79:e5:71:af:52:36:a6:5c:8c:07:7d:b2:cb:7a:
                    de:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:16:7C:B6:83:17:0F:CC:65:60:1D:50:0C:2A:C3:D5:89:37:64:66
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/06e7bcbd-89bd-40c9-894a-14f26587a7ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:1c:7c:ec:de:1c:fc:26:a9:75:1f:62:66:b9:03:87:f6:1d:
         50:d0:37:0a:75:8c:c5:7d:8a:18:ca:57:fd:91:f6:5b:c1:21:
         08:f1:74:9a:de:c2:67:94:e2:49:4f:08:94:84:45:5a:35:65:
         78:58:36:8e:19:0c:ba:e6:45:d8:14:56:d3:66:2f:ba:2b:7a:
         86:f0:d2:4f:44:21:b7:89:e2:44:c4:23:d6:94:35:0e:4f:62:
         26:99:80:f9:02:52:53:3b:45:35:94:5e:d2:6c:6b:19:84:1c:
         7e:62:6a:4a:4b:0a:db:c0:b9:3e:66:a5:52:53:9b:ee:d4:13:
         de:43:2f:0c:d7:db:95:33:26:21:85:63:c2:aa:fe:c5:d9:4a:
         c2:ec:ff:b4:99:df:e1:0b:8e:85:d2:13:5b:a7:b9:0a:33:f8:
         64:42:ef:90:0e:70:54:3b:91:40:16:92:ca:37:d5:f4:84:2a:
         e2:99:1d:76:52:7e:63:53:33:bd:cc:e6:1a:2a:2f:f8:79:0c:
         22:3b:05:f2:55:df:fd:3a:c8:91:63:6e:be:da:a2:c7:84:f6:
         6e:76:52:0e:d7:df:c1:d5:09:4e:83:13:4f:11:bb:f0:14:2f:
         9f:14:6d:fe:f6:15:a4:a9:60:f4:8a:a4:de:43:84:10:ac:24:
         c9:18:06:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPlGF8DU+KvpKUeBa74io3lCWo3AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDc1MTMxWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTAyZmNjZjdjNGRiODQ1ZTBhODY0YmZlZjYyM2E2YTE5
NmUwOTg0MmMxNDBhNWE5MDlmMzFhYTljNTczMjc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLqN1E1sqqchTIVMlxGV1sRrg+Ls6sAFv/5sd5zbFyNGoH
36sy82801/Hj3fo+ANpKb9LOxanRPZ+il2jrG8/Yw4OTI9LF38M3HD5XoE9fWvGD
/Rodvl2eenr/kOQdTkQh+TONiaPVTFiJLJyyldpsckF00g9P3ZtLXRFpO6VAdRQx
rnpksQYhQtFNPpYwEq1JVWrsX2wCS5KUYH9PQ+4kca8IwzYUacpjEq97Os4XnyDw
ANbNpYS1us+AbHp07nOp3EfXyA2E8P6+3PjBPuOpZKetw9A14aiR1SQhFLqdkIVw
3fqzVSziRJ9jU6sI9q955XGvUjamXIwHfbLLet6xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpBZ8toMXD8xlYB1QDCrD1Yk3ZGYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA2ZTdiY2JkLTg5YmQtNDBjOS04OTRhLTE0ZjI2NTg3YTdlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VeAwDQYJKoZIhvcNAQELBQADggEBADQcfOzeHPwmqXUfYma5A4f2HVDQ
Nwp1jMV9ihjKV/2R9lvBIQjxdJrewmeU4klPCJSERVo1ZXhYNo4ZDLrmRdgUVtNm
L7oreobw0k9EIbeJ4kTEI9aUNQ5PYiaZgPkCUlM7RTWUXtJsaxmEHH5iakpLCtvA
uT5mpVJTm+7UE95DLwzX25UzJiGFY8Kq/sXZSsLs/7SZ3+ELjoXSE1unuQoz+GRC
75AOcFQ7kUAWkso31fSEKuKZHXZSfmNTM73M5hoqL/h5DCI7BfJV3/06yJFjbr7a
oseE9m52Ug7X38HVCU6DE08Ru/AUL58Ubf72FaSpYPSKpN5DhBCsJMkYBmk=
-----END CERTIFICATE-----