Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61c7166d-9992-4bba-9104-20398196f237.roa
File:                     61c7166d-9992-4bba-9104-20398196f237.roa (raw, json)
Hash identifier:          TnOtj++0EZZBdnAnxmcLFMpRui985fMRi5zaTIDrjTc=
Subject key identifier:   DD:A1:15:A2:E7:B2:11:F3:38:34:50:9E:54:1C:C1:84:4A:2E:52:D0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       336D47FA072C8444F141456A8EC9F626508584EC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61c7166d-9992-4bba-9104-20398196f237.roa
Signing time:             Sun 19 Oct 2025 07:42:33 +0000
ROA not before:           Sun 19 Oct 2025 07:42:33 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:6d:47:fa:07:2c:84:44:f1:41:45:6a:8e:c9:f6:26:50:85:84:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 07:42:33 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=25169d8c3185893b6e6747bb7d724d37ac1011877dee654da082f6e87fb419ce, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:62:3d:8a:7c:8b:95:80:c8:c3:51:d8:ec:19:
                    4b:4f:56:79:13:9a:29:c2:b0:da:69:9e:ec:8d:ac:
                    41:c5:c1:9b:f3:95:b2:ba:d7:b4:93:66:c0:c2:1c:
                    ed:ae:c2:84:a1:79:7e:2e:19:28:17:a6:bc:c6:d6:
                    6d:43:53:d7:92:06:61:99:4d:b2:64:e7:dd:db:fb:
                    7d:fa:29:4d:04:7b:0a:9d:19:38:80:95:4e:e8:90:
                    cd:a8:f7:95:b2:30:c1:79:0a:db:fa:64:7d:22:f9:
                    b6:31:aa:59:10:fb:b8:54:3d:0a:b0:ba:26:a4:a7:
                    14:36:6d:25:3b:88:3d:07:9e:e8:96:e6:d7:d0:a8:
                    16:2f:f9:6b:6b:f2:c1:74:95:bb:21:66:16:5a:77:
                    b3:c9:9a:65:be:1e:22:23:b5:3d:af:0e:bb:ea:48:
                    49:1e:76:96:23:1c:77:90:43:0b:23:01:41:c5:bd:
                    21:da:60:87:69:7b:8b:7a:bf:11:53:02:7f:ac:63:
                    0b:d6:7f:e4:da:a2:fd:1c:3c:3b:e7:cd:3d:77:66:
                    8a:5b:c4:31:43:8e:c2:e9:22:28:0f:6e:0f:16:6f:
                    65:e7:6c:fa:e7:c1:f8:a8:f0:3b:89:89:60:a8:96:
                    04:dd:db:52:87:a8:30:86:46:50:df:24:17:57:8d:
                    d0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A1:15:A2:E7:B2:11:F3:38:34:50:9E:54:1C:C1:84:4A:2E:52:D0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61c7166d-9992-4bba-9104-20398196f237.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:68:62:1f:97:ae:56:42:40:85:99:6c:c6:59:56:0f:e2:dc:
         e9:75:bf:88:88:36:dd:5f:12:cc:0c:46:f7:da:6a:46:db:f0:
         f8:d2:fc:49:2d:7a:f1:17:b7:ac:89:22:7f:6c:fa:e9:c5:d9:
         2e:00:79:b2:fd:eb:09:8e:94:99:54:9c:d6:1b:7e:42:f8:9b:
         25:14:a9:1b:5b:cc:a6:7c:ec:1a:73:b7:48:5b:15:24:ab:00:
         b0:7a:bb:44:1a:a2:1d:e8:fd:42:91:38:7e:39:82:1b:53:52:
         5a:64:c1:00:d0:f8:90:a2:66:2e:c1:17:28:75:1f:a9:e4:48:
         22:67:88:77:12:b6:a6:44:d4:cc:b5:a7:e2:e9:c4:38:ae:35:
         cb:31:fd:22:e4:3d:7b:92:42:2b:6c:e5:6d:7e:55:6a:95:99:
         a0:72:ee:52:25:c6:a9:35:36:28:a5:7e:bc:3f:08:50:79:25:
         e7:f0:56:34:b9:c2:6b:96:ba:7e:c8:13:54:31:5a:15:32:cf:
         e0:a8:65:bd:65:ab:a5:2b:11:f5:84:dc:03:67:18:05:7a:53:
         b4:39:fc:ad:b2:68:a2:b6:3d:b8:c6:d7:b4:72:7a:d6:ec:8a:
         ba:36:51:11:3c:7e:bb:af:0e:97:9c:66:87:c8:97:22:cf:44:
         ce:fd:4f:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM21H+gcshETxQUVqjsn2JlCFhOwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDc0MjMzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTE2OWQ4YzMxODU4OTNiNmU2NzQ3YmI3ZDcyNGQzN2Fj
MTAxMTg3N2RlZTY1NGRhMDgyZjZlODdmYjQxOWNlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsYj2KfIuVgMjDUdjsGUtPVnkTminCsNppnuyNrEHFwZvz
lbK617STZsDCHO2uwoSheX4uGSgXprzG1m1DU9eSBmGZTbJk593b+336KU0Eewqd
GTiAlU7okM2o95WyMMF5Ctv6ZH0i+bYxqlkQ+7hUPQqwuiakpxQ2bSU7iD0HnuiW
5tfQqBYv+Wtr8sF0lbshZhZad7PJmmW+HiIjtT2vDrvqSEkedpYjHHeQQwsjAUHF
vSHaYIdpe4t6vxFTAn+sYwvWf+Taov0cPDvnzT13ZopbxDFDjsLpIigPbg8Wb2Xn
bPrnwfio8DuJiWColgTd21KHqDCGRlDfJBdXjdAFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3aEVoueyEfM4NFCeVBzBhEouUtAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYxYzcxNjZkLTk5OTItNGJiYS05MTA0LTIwMzk4MTk2ZjIzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0VU4wDQYJKoZIhvcNAQELBQADggEBAAJoYh+XrlZCQIWZbMZZVg/i3Ol1
v4iINt1fEswMRvfaakbb8PjS/EktevEXt6yJIn9s+unF2S4AebL96wmOlJlUnNYb
fkL4myUUqRtbzKZ87Bpzt0hbFSSrALB6u0Qaoh3o/UKROH45ghtTUlpkwQDQ+JCi
Zi7BFyh1H6nkSCJniHcStqZE1My1p+LpxDiuNcsx/SLkPXuSQits5W1+VWqVmaBy
7lIlxqk1Niilfrw/CFB5JefwVjS5wmuWun7IE1QxWhUyz+CoZb1lq6UrEfWE3ANn
GAV6U7Q5/K2yaKK2PbjG17Ryetbsiro2URE8fruvDpecZofIlyLPRM79Tzg=
-----END CERTIFICATE-----