Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3f9ff43f-f6f2-4442-a9fe-6fc488dc2bf4.roa
File:                     3f9ff43f-f6f2-4442-a9fe-6fc488dc2bf4.roa (raw, json)
Hash identifier:          bRfS/qrcrBNAqWlbvlEjki5Sc/2yur+gYmYHYLGruVs=
Subject key identifier:   32:A2:0F:69:83:21:00:3C:A0:36:D7:FD:D3:51:87:C9:27:F3:F2:67
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1F882C9B7DA1182826B436CCB2FA5EF9CA7804F6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3f9ff43f-f6f2-4442-a9fe-6fc488dc2bf4.roa
Signing time:             Sun 19 Oct 2025 06:11:16 +0000
ROA not before:           Sun 19 Oct 2025 06:11:16 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.84.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:88:2c:9b:7d:a1:18:28:26:b4:36:cc:b2:fa:5e:f9:ca:78:04:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 06:11:16 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=75fa9d8ba076b6a37962c043a14327e5fa634549f8bf34d082a09b437bcdb6ed, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:16:75:6f:91:af:1d:6f:b1:01:0f:72:52:c6:
                    4c:6b:b2:2c:2b:db:e5:71:e5:f8:6f:d7:62:cf:9f:
                    ce:58:45:7d:d9:de:ac:1e:77:8f:d8:92:db:08:57:
                    67:5c:78:01:83:37:64:3b:0d:b3:74:8c:66:87:61:
                    cf:a2:2f:a6:17:51:37:40:a1:00:3a:37:74:a2:93:
                    d5:77:b0:d4:70:bf:44:e2:09:7f:97:c8:ac:3f:c0:
                    a5:09:29:2e:e0:b0:62:b2:36:61:41:5c:62:f4:1a:
                    33:08:71:fc:c0:ad:8c:f1:22:26:ec:4d:21:44:3f:
                    68:35:62:5f:2f:36:3e:84:74:df:f4:f4:45:90:cf:
                    19:db:97:f5:89:fd:8e:e0:e8:75:6c:88:7e:f8:4a:
                    28:7e:21:55:ec:23:87:57:62:59:41:8e:2c:aa:8c:
                    4c:26:5e:09:96:cb:d9:cd:c1:d0:14:b5:7c:6f:0c:
                    1f:1d:89:18:70:e7:51:5a:f6:09:0b:3b:9d:6a:93:
                    df:fe:1f:16:89:ed:a6:2b:7b:c7:b5:13:b8:d6:88:
                    dc:87:e9:ef:41:1b:21:ae:10:bb:fb:c0:37:37:bf:
                    1d:3b:c9:de:c8:5d:f7:b1:ad:3a:90:d4:6f:d1:45:
                    95:15:b4:ee:4e:70:89:d0:59:f2:c9:52:98:e1:95:
                    5b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:A2:0F:69:83:21:00:3C:A0:36:D7:FD:D3:51:87:C9:27:F3:F2:67
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3f9ff43f-f6f2-4442-a9fe-6fc488dc2bf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.84.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:70:bd:a1:05:ab:fd:65:ca:8c:b5:15:1b:f2:98:84:cb:60:
         19:11:48:c8:f8:cb:8e:60:32:72:57:bc:71:e8:d8:ca:9c:70:
         72:cf:6e:97:9e:25:ef:91:13:c3:5a:57:89:f4:38:91:9f:47:
         a3:5e:ef:4b:e4:48:1c:4f:0c:22:11:ad:66:73:49:5a:31:45:
         77:53:ff:5c:35:2b:3a:fa:21:e1:57:fc:bc:6a:07:b1:c9:62:
         72:7f:c0:69:63:42:a4:ac:9a:ed:02:e3:ed:bf:df:2a:9c:a9:
         ae:fe:ea:64:22:e5:c2:76:90:95:05:de:1d:67:8b:6d:ed:1a:
         18:0c:15:76:1e:fe:6e:a5:14:d9:c7:8e:77:5d:1a:d0:3d:c1:
         e7:38:94:f5:89:8a:47:29:57:aa:38:62:ac:29:6c:29:fa:57:
         c6:d5:71:95:49:ea:54:be:45:ed:fb:80:c4:ce:7c:7a:f0:cb:
         e5:77:e8:16:5d:69:fc:a4:42:a6:e0:5c:43:db:1d:d9:7b:0a:
         2a:cc:b8:cd:2d:94:1a:f8:25:aa:d6:32:ad:cd:e4:e5:0c:99:
         60:8f:81:1c:8c:c3:87:b7:b6:74:89:21:f4:29:d2:37:57:28:
         ae:74:3f:4d:19:ac:7e:b5:5b:8f:68:c5:6a:87:3e:83:de:c6:
         ef:60:e5:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH4gsm32hGCgmtDbMsvpe+cp4BPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDYxMTE2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWZhOWQ4YmEwNzZiNmEzNzk2MmMwNDNhMTQzMjdlNWZh
NjM0NTQ5ZjhiZjM0ZDA4MmEwOWI0MzdiY2RiNmVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVFnVvka8db7EBD3JSxkxrsiwr2+Vx5fhv12LPn85YRX3Z
3qwed4/YktsIV2dceAGDN2Q7DbN0jGaHYc+iL6YXUTdAoQA6N3Sik9V3sNRwv0Ti
CX+XyKw/wKUJKS7gsGKyNmFBXGL0GjMIcfzArYzxIibsTSFEP2g1Yl8vNj6EdN/0
9EWQzxnbl/WJ/Y7g6HVsiH74Sih+IVXsI4dXYllBjiyqjEwmXgmWy9nNwdAUtXxv
DB8diRhw51Fa9gkLO51qk9/+HxaJ7aYre8e1E7jWiNyH6e9BGyGuELv7wDc3vx07
yd7IXfexrTqQ1G/RRZUVtO5OcInQWfLJUpjhlVvhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMqIPaYMhADygNtf901GHySfz8mcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNmOWZmNDNmLWY2ZjItNDQ0Mi1hOWZlLTZmYzQ4OGRjMmJmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0VOwwDQYJKoZIhvcNAQELBQADggEBACpwvaEFq/1lyoy1FRvymITLYBkR
SMj4y45gMnJXvHHo2MqccHLPbpeeJe+RE8NaV4n0OJGfR6Ne70vkSBxPDCIRrWZz
SVoxRXdT/1w1Kzr6IeFX/LxqB7HJYnJ/wGljQqSsmu0C4+2/3yqcqa7+6mQi5cJ2
kJUF3h1ni23tGhgMFXYe/m6lFNnHjnddGtA9wec4lPWJikcpV6o4YqwpbCn6V8bV
cZVJ6lS+Re37gMTOfHrwy+V36BZdafykQqbgXEPbHdl7CirMuM0tlBr4JarWMq3N
5OUMmWCPgRyMw4e3tnSJIfQp0jdXKK50P00ZrH61W49oxWqHPoPexu9g5fc=
-----END CERTIFICATE-----