Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/72c3d062-f14a-453c-a515-4675ba4a9c3a.roa
File:                     72c3d062-f14a-453c-a515-4675ba4a9c3a.roa (raw, json)
Hash identifier:          xH9+O8oiSss9ie4tGVc6H5GWBGL8WlRnkZq+YtCdpb0=
Subject key identifier:   0F:F7:C8:C2:1B:D4:E3:72:60:0D:63:98:E2:FD:2C:48:59:ED:B3:36
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5B3E1CD1CF17108EE1C243DD72930A5E9421DE7A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/72c3d062-f14a-453c-a515-4675ba4a9c3a.roa
Signing time:             Sun 19 Oct 2025 05:52:39 +0000
ROA not before:           Sun 19 Oct 2025 05:52:39 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:3e:1c:d1:cf:17:10:8e:e1:c2:43:dd:72:93:0a:5e:94:21:de:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 05:52:39 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=4a3b99757114b6e1aa809227eca748ffb19e9dced348ffb213109be41b84c8f1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3b:c6:ef:cb:c8:80:e5:15:e4:09:92:ea:a4:
                    4b:05:19:75:d1:c9:6f:04:40:a8:83:92:62:03:f8:
                    c5:80:30:59:87:0c:8a:19:4f:e8:bf:8c:95:a5:71:
                    ad:b8:ea:70:f6:18:d4:ff:6f:b3:1d:0d:6a:9e:04:
                    7c:0f:46:5d:e2:16:5f:a2:d6:ef:ce:0f:93:ec:47:
                    b2:d9:aa:fd:41:9c:34:5b:ba:b5:c1:33:9d:6d:3f:
                    c1:ce:88:a9:63:77:b8:33:3b:98:a5:fa:12:2d:1a:
                    98:eb:dc:b6:6d:0e:81:12:0e:96:91:33:e0:ae:70:
                    71:b0:52:86:d6:5d:5a:17:7f:be:86:e1:3b:a5:84:
                    08:34:1c:44:de:c5:6c:9c:11:83:5f:77:70:eb:61:
                    c3:c5:10:ee:31:c6:bf:8f:15:de:3f:56:c7:06:69:
                    89:d7:3e:fa:60:57:48:f5:c3:99:44:8b:0b:13:b8:
                    5e:f8:36:43:a8:97:dc:37:77:d2:e4:df:1d:88:c0:
                    4e:63:55:d7:eb:6e:17:ae:d7:08:8c:d4:d9:a2:89:
                    97:68:71:b7:8e:95:92:29:0b:8d:14:61:8c:b5:c5:
                    ef:9e:2a:91:43:a7:36:79:54:55:29:01:2b:bc:9b:
                    e0:cc:20:bc:14:98:84:71:33:8d:06:3c:81:e5:4b:
                    6c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:F7:C8:C2:1B:D4:E3:72:60:0D:63:98:E2:FD:2C:48:59:ED:B3:36
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/72c3d062-f14a-453c-a515-4675ba4a9c3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:02:46:d7:83:0a:8f:2d:17:81:c1:64:30:db:36:a5:86:a1:
         47:cc:46:46:fe:5a:1b:36:d1:3c:01:18:e4:f9:65:0f:48:05:
         ed:a4:84:32:75:2e:4b:c9:f8:4d:15:90:72:ba:62:05:72:d4:
         42:fd:46:bb:06:b6:e2:7a:99:4e:9a:49:4e:b5:41:35:c5:d2:
         f0:ed:06:00:65:ed:b3:d8:7b:1b:72:94:88:3a:d1:5a:e1:a3:
         f3:00:fb:6a:ff:9e:cc:2a:11:1d:1e:1d:14:9d:2c:97:a5:a1:
         e8:2a:6a:3f:bb:b0:b1:68:30:02:3b:10:35:b1:db:ea:d2:3c:
         17:d8:e0:47:b4:9f:ad:09:46:ef:a4:bf:72:f8:df:d3:c9:ab:
         07:e9:3d:d3:94:10:29:f6:d3:0e:03:38:0b:1d:87:35:4b:9c:
         9b:ad:76:a3:42:6d:c6:71:00:9e:7b:8c:22:c6:de:e2:2f:26:
         61:bb:f3:60:17:5d:0b:25:89:64:f6:51:4b:24:97:36:8d:e2:
         32:08:77:fa:c8:1b:23:5b:70:2a:1b:7f:f4:ba:c2:ff:57:21:
         df:d1:2f:ec:48:b5:b9:5a:38:46:e9:58:2f:f8:35:65:65:2c:
         07:20:67:f9:0c:74:78:da:32:e3:1c:24:16:4d:ec:14:c6:0b:
         ff:72:fd:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWz4c0c8XEI7hwkPdcpMKXpQh3nowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDU1MjM5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTNiOTk3NTcxMTRiNmUxYWE4MDkyMjdlY2E3NDhmZmIx
OWU5ZGNlZDM0OGZmYjIxMzEwOWJlNDFiODRjOGYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlO8bvy8iA5RXkCZLqpEsFGXXRyW8EQKiDkmID+MWAMFmH
DIoZT+i/jJWlca246nD2GNT/b7MdDWqeBHwPRl3iFl+i1u/OD5PsR7LZqv1BnDRb
urXBM51tP8HOiKljd7gzO5il+hItGpjr3LZtDoESDpaRM+CucHGwUobWXVoXf76G
4TulhAg0HETexWycEYNfd3DrYcPFEO4xxr+PFd4/VscGaYnXPvpgV0j1w5lEiwsT
uF74NkOol9w3d9Lk3x2IwE5jVdfrbheu1wiM1NmiiZdocbeOlZIpC40UYYy1xe+e
KpFDpzZ5VFUpASu8m+DMILwUmIRxM40GPIHlS2xfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD/fIwhvU43JgDWOY4v0sSFntszYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcyYzNkMDYyLWYxNGEtNDUzYy1hNTE1LTQ2NzViYTRhOWMzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VRcwDQYJKoZIhvcNAQELBQADggEBAA4CRteDCo8tF4HBZDDbNqWGoUfM
Rkb+Whs20TwBGOT5ZQ9IBe2khDJ1LkvJ+E0VkHK6YgVy1EL9RrsGtuJ6mU6aSU61
QTXF0vDtBgBl7bPYextylIg60Vrho/MA+2r/nswqER0eHRSdLJeloegqaj+7sLFo
MAI7EDWx2+rSPBfY4Ee0n60JRu+kv3L439PJqwfpPdOUECn20w4DOAsdhzVLnJut
dqNCbcZxAJ57jCLG3uIvJmG782AXXQsliWT2UUsklzaN4jIId/rIGyNbcCobf/S6
wv9XId/RL+xItblaOEbpWC/4NWVlLAcgZ/kMdHjaMuMcJBZN7BTGC/9y/T8=
-----END CERTIFICATE-----