Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/54642dc4-ea28-4022-89e1-e118cd602991.roa
File:                     54642dc4-ea28-4022-89e1-e118cd602991.roa (raw, json)
Hash identifier:          h1CefE9UDzxE7p0TtAzL1rf4CDozsv2bykA9c2PRfII=
Subject key identifier:   72:D3:18:48:6A:8A:08:4D:9A:07:01:1A:51:C3:42:4F:AC:C7:7F:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       064893D83F70BFD4D9B9905407D51AAAE6FA857F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/54642dc4-ea28-4022-89e1-e118cd602991.roa
Signing time:             Mon 11 May 2026 01:00:34 +0000
ROA not before:           Mon 11 May 2026 01:00:34 +0000
ROA not after:            Sun 09 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.128.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 13 May 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:48:93:d8:3f:70:bf:d4:d9:b9:90:54:07:d5:1a:aa:e6:fa:85:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 11 01:00:34 2026 GMT
            Not After : Aug  9 23:59:59 2026 GMT
        Subject: serialNumber=0d24fab2fbde7c24038d952eca482ec2b126aa39f1b1f3a12e1647222c4cd123, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8c:16:bf:9a:f5:29:cf:ca:00:f8:53:b6:1b:
                    ac:e0:ca:05:69:7a:ba:9d:a2:3f:0a:da:cb:05:4e:
                    5a:15:95:04:af:62:9c:d3:a8:00:0f:50:bb:43:0e:
                    92:ec:a0:b5:d9:ef:f5:e4:46:53:0a:50:72:1a:08:
                    34:6e:2a:0c:dd:be:a1:67:9a:37:d9:9b:05:f1:2a:
                    c5:3c:8f:e8:d1:70:b3:d5:3d:70:5b:11:8c:a5:37:
                    3a:9b:5d:1c:d2:e3:04:71:49:83:0f:7d:c6:ed:f0:
                    9e:c1:03:66:37:ff:b1:6b:10:85:01:06:de:d3:e6:
                    a5:6c:cd:29:c6:5f:7b:94:c0:96:a8:97:b3:49:c9:
                    3c:7c:b4:f4:7f:d8:8f:b6:d5:60:e7:c6:50:f7:ea:
                    24:0d:a8:68:94:10:0a:95:07:b4:48:7e:38:b0:56:
                    de:a5:83:20:d2:cb:71:7f:80:86:7b:59:88:48:db:
                    fb:dd:82:71:75:d8:98:31:3c:4e:3b:50:5e:9e:05:
                    e2:84:04:01:e7:1d:40:63:b4:ce:a9:a9:b9:1c:6a:
                    f1:ed:df:6c:d8:06:fb:59:12:3a:ce:f3:86:79:f9:
                    2f:72:81:2d:57:c9:6e:c5:2d:8b:e7:8b:ea:ed:41:
                    1d:3d:db:ea:27:d4:f0:9a:12:6e:86:0a:1f:f1:15:
                    9e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D3:18:48:6A:8A:08:4D:9A:07:01:1A:51:C3:42:4F:AC:C7:7F:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/54642dc4-ea28-4022-89e1-e118cd602991.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0a:2c:d1:bf:91:46:59:3f:ec:ee:7a:b3:9e:81:52:a5:e5:fb:
         00:bc:51:32:ba:05:46:40:53:56:da:fd:a6:e4:9c:ce:c1:bd:
         3a:10:bd:6f:07:d3:4c:c3:1c:23:95:e2:72:40:63:26:6c:43:
         b0:64:b3:d1:71:0e:bd:d8:80:16:7a:87:06:45:91:4f:29:f3:
         48:a4:d8:0b:ec:b3:12:9d:0f:19:4f:75:61:15:93:79:0c:44:
         bf:1b:fe:82:f8:1a:16:3e:bb:58:87:a1:a7:63:4a:ee:10:02:
         04:a0:b5:b4:5c:85:5d:fd:3c:8a:bf:85:11:01:0f:e2:0a:c6:
         80:88:91:d4:a7:8c:f5:97:08:90:f8:47:3b:a1:a1:e7:47:49:
         a7:89:90:93:25:37:ae:5a:e7:79:c8:51:a3:ab:f9:f7:ad:27:
         d6:88:b7:1c:a8:22:66:b4:69:15:64:9a:2b:92:63:f8:e4:c4:
         37:44:96:e0:61:79:f0:80:4a:1d:5c:fa:47:00:bf:5a:7b:37:
         da:c8:b0:40:a2:46:ab:02:e1:bc:cf:ad:6b:32:dd:50:41:bb:
         1d:6b:78:2d:fa:9f:32:53:6b:d8:d8:61:cf:d2:ed:fa:50:bd:
         19:a1:26:fb:6b:05:99:51:06:8e:3a:4f:89:6a:01:0b:d3:ae:
         65:4a:4b:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBkiT2D9wv9TZuZBUB9Uaqub6hX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTExMDEwMDM0WhcNMjYwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDI0ZmFiMmZiZGU3YzI0MDM4ZDk1MmVjYTQ4MmVjMmIx
MjZhYTM5ZjFiMWYzYTEyZTE2NDcyMjJjNGNkMTIzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAjBa/mvUpz8oA+FO2G6zgygVperqdoj8K2ssFTloVlQSv
YpzTqAAPULtDDpLsoLXZ7/XkRlMKUHIaCDRuKgzdvqFnmjfZmwXxKsU8j+jRcLPV
PXBbEYylNzqbXRzS4wRxSYMPfcbt8J7BA2Y3/7FrEIUBBt7T5qVszSnGX3uUwJao
l7NJyTx8tPR/2I+21WDnxlD36iQNqGiUEAqVB7RIfjiwVt6lgyDSy3F/gIZ7WYhI
2/vdgnF12JgxPE47UF6eBeKEBAHnHUBjtM6pqbkcavHt32zYBvtZEjrO84Z5+S9y
gS1XyW7FLYvni+rtQR092+on1PCaEm6GCh/xFZ5HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUctMYSGqKCE2aBwEaUcNCT6zHf4IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU0NjQyZGM0LWVhMjgtNDAyMi04OWUxLWUxMThjZDYwMjk5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY0X4AwDQYJKoZIhvcNAQELBQADggEBAAos0b+RRlk/7O56s56BUqXl+wC8
UTK6BUZAU1ba/abknM7BvToQvW8H00zDHCOV4nJAYyZsQ7Bks9FxDr3YgBZ6hwZF
kU8p80ik2AvssxKdDxlPdWEVk3kMRL8b/oL4GhY+u1iHoadjSu4QAgSgtbRchV39
PIq/hREBD+IKxoCIkdSnjPWXCJD4RzuhoedHSaeJkJMlN65a53nIUaOr+fetJ9aI
txyoIma0aRVkmiuSY/jkxDdEluBhefCASh1c+kcAv1p7N9rIsECiRqsC4bzPrWsy
3VBBux1reC36nzJTa9jYYc/S7fpQvRmhJvtrBZlRBo46T4lqAQvTrmVKS/g=
-----END CERTIFICATE-----