Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7a401c92-8618-4647-b703-928188cd703b.roa
File:                     7a401c92-8618-4647-b703-928188cd703b.roa (raw, json)
Hash identifier:          GEfz9F2//DCSfSaiGuR7/39XSIx+n8er6nio3eziP1w=
Subject key identifier:   FB:DD:94:CA:05:1C:E8:4D:B7:1D:3C:40:BC:AF:0E:AC:E7:FD:F1:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       342DFD4A83F9F77774DB7DFE9956821E9D97116A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7a401c92-8618-4647-b703-928188cd703b.roa
Signing time:             Fri 10 Oct 2025 16:09:39 +0000
ROA not before:           Fri 10 Oct 2025 16:09:39 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.46.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:2d:fd:4a:83:f9:f7:77:74:db:7d:fe:99:56:82:1e:9d:97:11:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:09:39 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=99953922737b6a4af29db74eb977d5c130353eaab2b04aa5c035a1a82be919cb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:59:b9:fe:7a:0a:8b:7f:6a:fb:05:26:ae:bd:
                    48:88:e8:0f:d4:c4:03:c2:e3:8c:2b:31:6e:77:4f:
                    30:c7:f0:9d:f0:a8:6a:74:d4:17:a0:69:41:bc:36:
                    2c:c5:f4:38:bc:90:1f:50:4e:14:ab:71:01:7f:1d:
                    11:99:3a:5b:0e:13:2a:65:08:46:33:a6:a4:69:d8:
                    83:7c:9a:8e:39:d2:a3:4e:1a:e4:8a:59:8d:b2:96:
                    f1:e0:15:ad:87:fe:e1:a8:5a:a4:35:9d:6f:f1:25:
                    7e:6b:6e:5b:3d:0e:78:fd:52:3f:3a:a0:d0:60:44:
                    5d:00:39:8a:a8:2e:02:39:3a:98:57:6f:b6:7f:57:
                    d0:d1:02:9e:31:d3:f0:cb:5a:d7:15:5f:76:fa:6d:
                    e5:3b:fa:24:2f:8e:5a:a5:06:8e:4a:a7:c5:b7:ac:
                    cd:18:a5:7e:b6:ef:f7:93:bc:98:17:a0:df:53:1e:
                    71:a4:15:37:4f:36:7d:9e:bb:7d:28:eb:ea:86:9d:
                    05:df:0b:96:e3:fa:52:64:2d:46:d2:04:32:5f:96:
                    1e:79:6f:c2:55:98:58:e1:70:39:43:7a:31:d5:1c:
                    e0:a4:0c:0a:e0:28:fe:8b:3b:41:a1:ba:04:73:26:
                    ad:6c:76:02:8f:a6:2f:dc:e6:f6:ad:44:04:52:2b:
                    30:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:DD:94:CA:05:1C:E8:4D:B7:1D:3C:40:BC:AF:0E:AC:E7:FD:F1:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7a401c92-8618-4647-b703-928188cd703b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:4d:8c:9b:17:a2:87:2d:52:46:9d:21:61:85:42:49:4a:b1:
         54:8d:6c:51:9d:6e:8d:52:18:cb:ec:71:83:9b:08:9a:5f:ea:
         ab:ba:0c:63:fb:80:ec:a4:ce:91:80:13:a9:27:d8:08:84:ad:
         0d:c9:25:7c:ac:8b:d7:68:b6:78:16:0f:14:e4:e5:dc:68:30:
         8f:27:b2:e3:ab:e7:22:96:ea:79:85:22:8e:6f:0d:21:88:50:
         75:16:5f:fc:97:cb:5f:a5:80:01:05:eb:92:20:57:26:24:9f:
         d4:b7:94:13:cd:34:af:26:13:58:da:d7:9a:d8:bb:59:49:ae:
         34:b6:0a:74:a1:a1:4d:7a:9f:91:47:75:9c:7e:51:ce:b8:66:
         b3:96:4e:88:69:ac:94:3c:63:cf:7c:c0:9d:dc:45:e4:ab:f0:
         28:d3:f9:ed:a6:bb:45:12:87:63:59:ff:42:24:aa:2d:94:b0:
         47:d8:fe:7a:53:d5:e5:a1:8e:ed:29:70:9c:61:39:a7:c7:5f:
         87:1f:57:05:4a:47:95:6a:f3:f4:0a:c2:30:ff:4c:22:64:d5:
         24:71:c1:c4:95:7a:e5:7e:d8:78:76:e4:7f:37:df:33:4b:60:
         c0:f8:e1:9d:a6:76:ab:fa:7b:41:cd:52:ac:d9:d6:fc:86:c0:
         c6:f0:c1:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNC39SoP593d0233+mVaCHp2XEWowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTYwOTM5WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTk1MzkyMjczN2I2YTRhZjI5ZGI3NGViOTc3ZDVjMTMw
MzUzZWFhYjJiMDRhYTVjMDM1YTFhODJiZTkxOWNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKWbn+egqLf2r7BSauvUiI6A/UxAPC44wrMW53TzDH8J3w
qGp01BegaUG8NizF9Di8kB9QThSrcQF/HRGZOlsOEyplCEYzpqRp2IN8mo450qNO
GuSKWY2ylvHgFa2H/uGoWqQ1nW/xJX5rbls9Dnj9Uj86oNBgRF0AOYqoLgI5OphX
b7Z/V9DRAp4x0/DLWtcVX3b6beU7+iQvjlqlBo5Kp8W3rM0YpX627/eTvJgXoN9T
HnGkFTdPNn2eu30o6+qGnQXfC5bj+lJkLUbSBDJflh55b8JVmFjhcDlDejHVHOCk
DArgKP6LO0GhugRzJq1sdgKPpi/c5vatRARSKzChAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+92UygUc6E23HTxAvK8OrOf98dEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdhNDAxYzkyLTg2MTgtNDY0Ny1iNzAzLTkyODE4OGNkNzAzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0LqgwDQYJKoZIhvcNAQELBQADggEBAGhNjJsXooctUkadIWGFQklKsVSN
bFGdbo1SGMvscYObCJpf6qu6DGP7gOykzpGAE6kn2AiErQ3JJXysi9dotngWDxTk
5dxoMI8nsuOr5yKW6nmFIo5vDSGIUHUWX/yXy1+lgAEF65IgVyYkn9S3lBPNNK8m
E1ja15rYu1lJrjS2CnShoU16n5FHdZx+Uc64ZrOWTohprJQ8Y898wJ3cReSr8CjT
+e2mu0USh2NZ/0Ikqi2UsEfY/npT1eWhju0pcJxhOafHX4cfVwVKR5Vq8/QKwjD/
TCJk1SRxwcSVeuV+2Hh25H833zNLYMD44Z2mdqv6e0HNUqzZ1vyGwMbwwRs=
-----END CERTIFICATE-----