Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa
File:                     29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa (raw, json)
Hash identifier:          LeJgUcZG0xfwf3jmw5r8TrzMhiz7cGwPlBd5jHzUz1I=
Subject key identifier:   67:D4:41:1D:11:7C:58:84:9C:40:D4:A8:4D:8F:2C:08:3E:B0:29:00
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       43D27DFB49C64D97DF23BAC4B9D6BDAD2AC409B9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa
Signing time:             Sat 18 Oct 2025 05:40:15 +0000
ROA not before:           Sat 18 Oct 2025 05:40:15 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.248.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 23 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:d2:7d:fb:49:c6:4d:97:df:23:ba:c4:b9:d6:bd:ad:2a:c4:09:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 05:40:15 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=1eb9f179c9f9a1994e9580c6ea102b6063ef13b4832d8a23cd0e7bd2c84a1c3d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:f7:40:48:65:3a:1a:96:18:c5:78:f3:6c:4f:
                    21:a8:cb:9a:0d:10:8c:34:97:cd:bd:17:5b:43:ca:
                    d2:df:67:ae:17:ff:ed:80:ed:f8:24:6a:30:fc:2d:
                    99:ea:5a:43:0d:22:b9:da:1d:7f:e6:7e:23:6e:2f:
                    40:0c:11:5d:b8:48:aa:ad:bb:20:44:ee:e1:94:bd:
                    dd:2b:6a:fc:4e:6a:af:8f:42:fc:1e:94:2a:80:4c:
                    6d:aa:dc:9f:9b:d1:3e:99:4e:3f:c3:e0:df:41:82:
                    c7:2b:ea:5e:c1:1c:26:65:49:af:dc:61:8e:eb:d6:
                    c0:c9:7c:97:8e:3b:4e:b8:90:23:07:e1:21:ba:37:
                    c1:ee:bc:4e:b4:b3:62:b7:d6:52:0c:5a:7f:4b:5b:
                    c3:e8:d8:f9:cc:9c:3b:53:e5:0a:87:16:1d:9a:1f:
                    fe:aa:bd:28:3c:2e:ad:5b:d1:4e:08:1c:f7:84:05:
                    c7:46:cc:84:ee:25:dc:52:e6:3d:53:e7:48:26:13:
                    60:c5:58:8f:33:df:7d:10:2e:bf:86:9f:cb:f7:42:
                    50:22:f2:ca:a3:a4:2c:18:b8:49:51:95:1e:05:60:
                    99:ae:33:2c:40:cc:7a:eb:f1:18:9e:5b:79:69:e0:
                    8e:e3:04:77:33:0c:3c:e8:8f:f9:83:8f:9f:97:08:
                    01:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:D4:41:1D:11:7C:58:84:9C:40:D4:A8:4D:8F:2C:08:3E:B0:29:00
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29c0fab5-5ca9-4d3b-90cc-71fae09fde3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.248.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         72:9d:05:a9:f9:74:4e:94:96:2c:b8:93:ba:17:71:e5:38:fb:
         64:a4:0a:58:89:1f:6f:cb:be:bf:8c:c2:48:e9:47:16:c8:cb:
         d9:8f:8a:c1:cf:c7:af:9a:b6:fd:2a:e3:7b:f3:df:7a:ad:b0:
         70:5a:0c:38:b3:01:d4:db:7a:d2:be:5e:31:6a:d4:f4:62:be:
         00:a3:89:86:7f:51:81:ac:f9:6a:fc:dd:76:46:bc:e3:80:3a:
         4d:40:4f:2e:41:ac:46:50:9c:37:ee:c3:28:ca:38:47:a9:ff:
         88:5d:ab:91:95:1f:1f:cc:41:21:e0:7e:1d:8d:1e:af:c6:b9:
         20:20:67:b2:e9:cd:43:c1:4e:a7:3f:12:0f:12:01:c2:a3:9b:
         71:df:88:ea:df:7b:b3:bd:7b:5d:b2:63:91:79:2f:f1:38:16:
         d7:66:56:3b:13:28:e2:a9:2a:c6:51:35:65:81:09:b2:21:e2:
         54:b9:f2:9e:df:9c:f6:95:50:b3:df:b7:65:9a:d6:62:70:63:
         a5:e8:27:7f:a9:8e:31:af:77:c7:1b:32:cc:b8:db:d4:19:9d:
         03:f1:2d:b1:13:2b:c7:23:7e:a6:e9:3f:7d:3f:af:2d:c3:a3:
         b2:9c:29:c7:6f:1e:8b:22:d9:71:5e:38:25:b5:49:90:d9:6d:
         7e:f0:9a:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ9J9+0nGTZffI7rEuda9rSrECbkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDU0MDE1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZWI5ZjE3OWM5ZjlhMTk5NGU5NTgwYzZlYTEwMmI2MDYz
ZWYxM2I0ODMyZDhhMjNjZDBlN2JkMmM4NGExYzNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDz90BIZToalhjFePNsTyGoy5oNEIw0l829F1tDytLfZ64X
/+2A7fgkajD8LZnqWkMNIrnaHX/mfiNuL0AMEV24SKqtuyBE7uGUvd0ravxOaq+P
QvwelCqATG2q3J+b0T6ZTj/D4N9Bgscr6l7BHCZlSa/cYY7r1sDJfJeOO064kCMH
4SG6N8HuvE60s2K31lIMWn9LW8Po2PnMnDtT5QqHFh2aH/6qvSg8Lq1b0U4IHPeE
BcdGzITuJdxS5j1T50gmE2DFWI8z330QLr+Gn8v3QlAi8sqjpCwYuElRlR4FYJmu
MyxAzHrr8RieW3lp4I7jBHczDDzoj/mDj5+XCAEFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ9RBHRF8WIScQNSoTY8sCD6wKQAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5YzBmYWI1LTVjYTktNGQzYi05MGNjLTcxZmFlMDlmZGUzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2+OAwDQYJKoZIhvcNAQELBQADggEBAHKdBan5dE6Uliy4k7oXceU4+2Sk
CliJH2/Lvr+MwkjpRxbIy9mPisHPx6+atv0q43vz33qtsHBaDDizAdTbetK+XjFq
1PRivgCjiYZ/UYGs+Wr83XZGvOOAOk1ATy5BrEZQnDfuwyjKOEep/4hdq5GVHx/M
QSHgfh2NHq/GuSAgZ7LpzUPBTqc/Eg8SAcKjm3HfiOrfe7O9e12yY5F5L/E4Ftdm
VjsTKOKpKsZRNWWBCbIh4lS58p7fnPaVULPft2Wa1mJwY6XoJ3+pjjGvd8cbMsy4
29QZnQPxLbETK8cjfqbpP30/ry3Do7KcKcdvHosi2XFeOCW1SZDZbX7wmoQ=
-----END CERTIFICATE-----