Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/425554a6-e598-4df5-a7fb-eb185dac45b5.roa
File:                     425554a6-e598-4df5-a7fb-eb185dac45b5.roa (raw, json)
Hash identifier:          cI3irn4SR6R1MYedQyk8vMO3QiV4+ITt+MjXsdzDvOY=
Subject key identifier:   1E:13:1C:40:85:CF:9B:EB:E4:D0:96:F2:C5:DE:93:86:33:FA:D4:17
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       46111620ED5FB3F08C1D61C6F97F1C4397C7F576
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/425554a6-e598-4df5-a7fb-eb185dac45b5.roa
Signing time:             Fri 08 May 2026 02:31:49 +0000
ROA not before:           Fri 08 May 2026 02:31:49 +0000
ROA not after:            Thu 06 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        52.19.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 13 May 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:11:16:20:ed:5f:b3:f0:8c:1d:61:c6:f9:7f:1c:43:97:c7:f5:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  8 02:31:49 2026 GMT
            Not After : Aug  6 23:59:59 2026 GMT
        Subject: serialNumber=2a3b09c59dcb99af4a2a01489e7b25d56f5d975ebe2547a6ec7f90cd3cf5a4a1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f5:9a:74:08:2e:a9:e4:7a:8e:28:5a:2f:9d:
                    34:cd:01:9e:35:27:92:f0:48:7a:a1:75:91:cb:89:
                    f8:78:b0:26:fd:d7:c4:92:09:82:8f:ee:87:78:70:
                    f6:5d:a5:92:c7:b8:46:3c:d2:c4:5a:a0:a6:b8:e7:
                    67:cc:f6:ec:0b:2f:ff:14:47:0a:12:44:dd:88:15:
                    be:b4:16:ad:20:b2:d0:6e:4f:bc:0a:b5:5e:51:70:
                    97:88:a6:28:65:6b:0d:34:bd:2e:05:90:f3:95:f8:
                    ad:05:da:a5:5f:34:eb:75:5c:e2:cf:d9:e7:6b:62:
                    aa:ea:9a:36:44:51:52:bc:6c:9b:a9:69:12:b4:f2:
                    39:5e:97:53:9b:df:0c:30:0c:f3:c1:29:37:06:80:
                    a9:af:b4:73:d1:83:e1:5b:c9:20:b4:68:5c:42:b6:
                    ea:ed:9a:51:f7:0f:c0:05:98:5f:f9:be:b4:48:85:
                    90:ae:1f:27:60:5e:69:46:e9:2e:14:ff:8e:68:81:
                    cb:5b:2d:7b:00:cb:e4:e0:51:e7:b7:ac:45:4c:8f:
                    6a:24:60:45:63:86:4d:17:a1:bc:18:f7:7e:49:a6:
                    d6:7a:8c:1e:c1:9b:fb:21:5f:26:d7:92:ab:09:ef:
                    3e:8e:08:70:22:a9:a7:76:90:02:43:dd:28:f6:0c:
                    72:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:13:1C:40:85:CF:9B:EB:E4:D0:96:F2:C5:DE:93:86:33:FA:D4:17
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/425554a6-e598-4df5-a7fb-eb185dac45b5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.19.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:b1:ba:12:3a:ba:4f:3e:6f:bb:85:d4:68:b7:85:69:03:21:
         80:09:42:04:a5:a1:af:ca:cb:3d:f1:22:39:ba:47:e5:f7:2c:
         e6:b3:0f:b6:88:23:4f:ee:f3:88:8b:2a:bf:5c:30:a7:0a:cb:
         96:f2:68:bd:12:ef:1f:45:66:f5:cf:87:5c:ef:38:2f:09:d7:
         08:c8:6f:48:9a:89:4f:43:d3:0c:75:16:bd:6a:50:58:e4:d1:
         ec:8f:ec:4a:66:69:85:bb:ca:6b:09:99:d7:f3:8a:7b:b1:6d:
         d3:a0:18:bd:35:3a:61:08:72:2a:90:c3:24:ca:71:21:d8:b3:
         b7:31:9e:84:6a:90:4d:25:5a:fb:a5:fd:1b:66:ac:36:f4:93:
         e4:21:12:e4:83:46:96:79:f6:8b:e4:2a:b6:50:87:0a:3d:24:
         7d:fe:52:84:52:a8:3f:9b:41:f3:ba:7d:3c:80:02:e8:33:3c:
         b7:09:c2:36:48:de:ff:4c:55:04:ac:8b:04:3b:c4:26:7e:c2:
         b8:72:71:bc:4c:04:81:ef:10:90:12:d2:97:c8:68:1a:aa:0d:
         17:81:5a:cb:ac:33:49:ff:61:8d:55:d3:4c:fe:d3:82:c7:c2:
         14:0e:1c:fc:5f:80:ce:af:89:be:42:8c:1a:a3:7c:72:ac:63:
         aa:4d:de:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURhEWIO1fs/CMHWHG+X8cQ5fH9XYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTA4MDIzMTQ5WhcNMjYwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTNiMDljNTlkY2I5OWFmNGEyYTAxNDg5ZTdiMjVkNTZm
NWQ5NzVlYmUyNTQ3YTZlYzdmOTBjZDNjZjVhNGExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC29Zp0CC6p5HqOKFovnTTNAZ41J5LwSHqhdZHLifh4sCb9
18SSCYKP7od4cPZdpZLHuEY80sRaoKa452fM9uwLL/8URwoSRN2IFb60Fq0gstBu
T7wKtV5RcJeIpihlaw00vS4FkPOV+K0F2qVfNOt1XOLP2edrYqrqmjZEUVK8bJup
aRK08jlel1Ob3wwwDPPBKTcGgKmvtHPRg+FbySC0aFxCturtmlH3D8AFmF/5vrRI
hZCuHydgXmlG6S4U/45ogctbLXsAy+TgUee3rEVMj2okYEVjhk0XobwY935JptZ6
jB7Bm/shXybXkqsJ7z6OCHAiqad2kAJD3Sj2DHKfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHhMcQIXPm+vk0Jbyxd6ThjP61BcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyNTU1NGE2LWU1OTgtNGRmNS1hN2ZiLWViMTg1ZGFjNDViNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0E/4wDQYJKoZIhvcNAQELBQADggEBAK+xuhI6uk8+b7uF1Gi3hWkDIYAJ
QgSloa/Kyz3xIjm6R+X3LOazD7aII0/u84iLKr9cMKcKy5byaL0S7x9FZvXPh1zv
OC8J1wjIb0iaiU9D0wx1Fr1qUFjk0eyP7EpmaYW7ymsJmdfzinuxbdOgGL01OmEI
ciqQwyTKcSHYs7cxnoRqkE0lWvul/RtmrDb0k+QhEuSDRpZ59ovkKrZQhwo9JH3+
UoRSqD+bQfO6fTyAAugzPLcJwjZI3v9MVQSsiwQ7xCZ+wrhycbxMBIHvEJAS0pfI
aBqqDReBWsusM0n/YY1V00z+04LHwhQOHPxfgM6vib5CjBqjfHKsY6pN3mA=
-----END CERTIFICATE-----