Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55468cf8-1e59-4919-a560-f282f355c226.roa
File:                     55468cf8-1e59-4919-a560-f282f355c226.roa (raw, json)
Hash identifier:          WbCCxoAdg8+in0EfT48mhTpBruJqnwYLUP1BOvkQAoU=
Subject key identifier:   58:DF:87:D5:20:AD:5B:C0:8C:13:80:8F:48:0E:93:87:DC:DE:18:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6CE0F1869EE5B2DB3C49A5CEA00390BAE5D284F5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55468cf8-1e59-4919-a560-f282f355c226.roa
Signing time:             Sat 18 Oct 2025 05:31:38 +0000
ROA not before:           Sat 18 Oct 2025 05:31:38 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e0:f1:86:9e:e5:b2:db:3c:49:a5:ce:a0:03:90:ba:e5:d2:84:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 05:31:38 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=753f5925dab5cc2c9c71521087604e6569cd2b8c323e8f1f70417cefd58dcb70, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a3:44:1f:ef:0e:7c:93:7f:8b:95:cc:b4:c7:
                    b5:73:cb:bc:de:a2:25:37:f6:e9:a7:85:c3:55:98:
                    5f:75:84:b7:c3:5a:f1:08:e4:17:5a:ff:e9:41:5a:
                    ce:0c:d0:14:3d:55:43:34:e8:0b:9a:d7:3c:50:98:
                    03:80:e2:58:b1:fa:5d:68:6c:30:67:6f:c8:5c:e8:
                    ef:d3:7f:67:20:c8:60:07:71:2b:70:32:df:23:05:
                    cf:12:11:fa:52:1e:12:66:fe:43:d8:a4:ef:cb:b7:
                    fa:fa:6a:cc:c0:eb:bd:2e:c7:1a:80:b9:8b:07:d2:
                    f2:ff:69:0b:30:cb:fb:ad:1e:e3:55:e5:6c:e0:4e:
                    d5:1c:75:8e:ce:61:ca:6d:14:63:c7:06:b9:90:64:
                    c7:68:24:08:ca:98:7f:b2:f3:ca:e1:c7:bc:08:bc:
                    5c:e4:fc:76:89:c5:e5:80:f6:a4:93:a4:c8:53:c5:
                    e6:32:32:1e:fa:1a:31:a2:8c:27:30:8a:e6:3a:e8:
                    84:b6:91:81:7a:f6:b0:65:8c:ce:67:13:1e:ee:df:
                    1a:5b:cb:26:6d:79:9c:5b:56:18:7c:7f:14:1a:15:
                    f9:2a:8a:c5:a9:b1:2c:76:dd:a4:39:4c:67:85:6a:
                    ae:6a:6b:7d:69:9e:f5:85:0f:91:32:64:e6:bb:e1:
                    4a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DF:87:D5:20:AD:5B:C0:8C:13:80:8F:48:0E:93:87:DC:DE:18:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55468cf8-1e59-4919-a560-f282f355c226.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4e:d0:6d:52:b8:4c:c1:5a:17:a4:8c:77:e5:f7:56:5f:d9:09:
         fe:26:6b:82:dd:3d:2e:4b:26:8d:7f:8d:85:00:89:bd:72:4f:
         44:c0:90:ef:88:70:2c:0f:f1:54:24:f4:36:c0:95:62:3d:e8:
         74:05:c7:f0:88:ed:99:f6:4b:ab:79:0f:90:c4:b2:25:42:45:
         ba:15:e7:fd:c0:a7:71:f4:ee:e6:40:37:eb:ca:9f:36:24:55:
         8a:3b:88:27:fb:82:b4:a0:a4:9c:76:6f:b6:42:af:f3:47:f0:
         59:7e:56:d9:2d:d8:0b:0e:60:b7:eb:2a:ca:b0:af:12:be:96:
         ee:04:df:1f:46:9e:2f:a4:1f:37:84:08:fb:53:72:cf:e9:cc:
         ef:0e:93:4c:06:ca:52:93:d2:17:d9:e6:5f:69:a3:6d:99:be:
         0e:b6:3a:4b:2c:6d:ad:1c:2a:07:9f:10:a8:dd:a8:72:78:07:
         28:52:da:cb:be:9f:34:6a:90:64:af:fd:93:06:08:80:1f:dc:
         3a:74:7c:6e:86:cb:93:ff:2d:a3:c8:ad:7b:11:e9:67:8c:70:
         07:51:69:51:38:68:2e:66:ff:ce:3e:73:a5:a8:dc:e5:66:2a:
         8c:de:f2:f4:69:df:7b:c2:79:df:73:6f:96:fd:89:41:b7:e1:
         b3:d1:1f:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbODxhp7lsts8SaXOoAOQuuXShPUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDUzMTM4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTNmNTkyNWRhYjVjYzJjOWM3MTUyMTA4NzYwNGU2NTY5
Y2QyYjhjMzIzZThmMWY3MDQxN2NlZmQ1OGRjYjcwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfo0Qf7w58k3+Llcy0x7Vzy7zeoiU39umnhcNVmF91hLfD
WvEI5Bda/+lBWs4M0BQ9VUM06Aua1zxQmAOA4lix+l1obDBnb8hc6O/Tf2cgyGAH
cStwMt8jBc8SEfpSHhJm/kPYpO/Lt/r6aszA670uxxqAuYsH0vL/aQswy/utHuNV
5WzgTtUcdY7OYcptFGPHBrmQZMdoJAjKmH+y88rhx7wIvFzk/HaJxeWA9qSTpMhT
xeYyMh76GjGijCcwiuY66IS2kYF69rBljM5nEx7u3xpbyyZteZxbVhh8fxQaFfkq
isWpsSx23aQ5TGeFaq5qa31pnvWFD5EyZOa74UoNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWN+H1SCtW8CME4CPSA6Th9zeGB8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1NDY4Y2Y4LTFlNTktNDkxOS1hNTYwLWYyODJmMzU1YzIyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU29WAwDQYJKoZIhvcNAQELBQADggEBAE7QbVK4TMFaF6SMd+X3Vl/ZCf4m
a4LdPS5LJo1/jYUAib1yT0TAkO+IcCwP8VQk9DbAlWI96HQFx/CI7Zn2S6t5D5DE
siVCRboV5/3Ap3H07uZAN+vKnzYkVYo7iCf7grSgpJx2b7ZCr/NH8Fl+Vtkt2AsO
YLfrKsqwrxK+lu4E3x9Gni+kHzeECPtTcs/pzO8Ok0wGylKT0hfZ5l9po22Zvg62
Okssba0cKgefEKjdqHJ4ByhS2su+nzRqkGSv/ZMGCIAf3Dp0fG6Gy5P/LaPIrXsR
6WeMcAdRaVE4aC5m/84+c6Wo3OVmKoze8vRp33vCed9zb5b9iUG34bPRH/o=
-----END CERTIFICATE-----