Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/831deb2f-05ce-4b11-bf1d-77a72ce7381c.roa
File:                     831deb2f-05ce-4b11-bf1d-77a72ce7381c.roa (raw, json)
Hash identifier:          u9PS9xEvELYg4Y0OkC4OOUTjCqCAtbg3Mq4roXkx8n0=
Subject key identifier:   27:3C:B6:4C:40:0B:A4:E5:69:39:F3:68:0D:24:DC:6B:A1:EA:F0:4B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       105B57C8013680F6F0A573CDBFCB572E2E54EA32
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/831deb2f-05ce-4b11-bf1d-77a72ce7381c.roa
Signing time:             Sun 19 Oct 2025 07:12:27 +0000
ROA not before:           Sun 19 Oct 2025 07:12:27 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:5b:57:c8:01:36:80:f6:f0:a5:73:cd:bf:cb:57:2e:2e:54:ea:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 07:12:27 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=26a6a60a529d0832d2bf755339b72decedf041279bc5c58901fea23c568f968e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e3:5e:37:30:c2:22:d7:95:c6:02:27:96:6e:
                    d2:da:ea:58:f7:47:88:5d:9b:cd:0a:85:14:bc:8a:
                    59:01:aa:3a:01:42:fc:46:bf:d4:45:17:ac:de:14:
                    20:30:97:26:01:5e:5a:29:1b:7e:2d:bf:55:55:78:
                    69:37:5d:71:e9:b8:e8:5b:ac:b9:7f:49:5b:bc:c8:
                    98:95:24:3e:2e:52:56:36:0e:0d:ad:30:19:ef:97:
                    4e:36:98:21:18:27:a3:53:d3:e2:23:63:41:b5:fd:
                    b5:f9:7b:d7:a6:6f:03:e4:8b:ed:7f:03:fa:0a:d8:
                    d6:27:19:21:5f:b4:c2:44:e5:b2:4b:18:7c:ac:60:
                    5f:bb:f5:a6:9f:c7:67:56:49:ce:af:f8:aa:ed:73:
                    09:24:58:1c:8f:aa:7f:88:78:1f:3e:7d:b6:06:f1:
                    dc:70:f6:77:c9:23:9f:f3:1f:ef:3c:b1:7b:c6:75:
                    6f:72:75:3d:f6:f4:82:c7:46:f6:32:06:34:ea:45:
                    60:41:b1:7b:59:01:dc:f7:ff:cd:a1:22:cb:a5:a9:
                    d4:0f:00:b2:31:a3:dd:e8:8b:4b:53:35:51:96:5d:
                    b8:b0:92:a6:b3:c2:46:f6:7a:04:73:24:e9:5f:0d:
                    f3:d2:fd:ba:c1:68:3d:4c:12:58:68:8e:44:59:1d:
                    0a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:3C:B6:4C:40:0B:A4:E5:69:39:F3:68:0D:24:DC:6B:A1:EA:F0:4B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/831deb2f-05ce-4b11-bf1d-77a72ce7381c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:f3:e9:c1:f3:11:a8:7c:e0:e8:10:90:9b:11:72:29:da:cf:
         f0:e1:74:cc:98:cf:78:f0:e9:0b:d2:74:a1:76:38:7f:84:d4:
         d7:d2:d1:cf:c8:97:13:0b:d1:b0:71:ca:eb:a1:ef:e2:8b:4e:
         38:ec:e6:0c:13:55:49:a8:66:78:48:fe:89:30:8a:8d:53:8f:
         3e:3a:73:b6:64:44:43:b4:41:d7:93:db:f2:87:1f:55:86:91:
         41:9b:d0:d9:06:62:53:d9:83:01:b4:14:64:19:f7:63:8e:0e:
         fe:ed:f2:ae:f4:45:05:03:9e:b4:4c:de:cf:9d:b8:f0:fd:ac:
         56:b1:97:8f:70:af:d0:80:73:61:3b:2b:22:51:ee:ae:52:ff:
         22:27:c6:cd:aa:9b:ba:9e:c9:fc:5b:83:79:67:8b:07:66:86:
         52:58:b2:8e:6d:af:73:ac:9f:19:b2:df:cf:10:b2:7d:db:24:
         58:0c:ef:56:56:ea:75:47:4c:fc:22:d6:58:35:65:32:0c:76:
         53:84:47:98:5e:66:8b:20:88:fe:9f:d6:3d:a7:0b:cc:35:ab:
         12:b2:37:28:62:a1:ad:46:ca:fd:da:c2:94:8e:73:43:e1:2e:
         64:7e:5b:59:30:c1:42:16:49:d6:7a:be:06:bc:13:f2:6c:25:
         5d:46:6b:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEFtXyAE2gPbwpXPNv8tXLi5U6jIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDcxMjI3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmE2YTYwYTUyOWQwODMyZDJiZjc1NTMzOWI3MmRlY2Vk
ZjA0MTI3OWJjNWM1ODkwMWZlYTIzYzU2OGY5NjhlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC54143MMIi15XGAieWbtLa6lj3R4hdm80KhRS8ilkBqjoB
QvxGv9RFF6zeFCAwlyYBXlopG34tv1VVeGk3XXHpuOhbrLl/SVu8yJiVJD4uUlY2
Dg2tMBnvl042mCEYJ6NT0+IjY0G1/bX5e9embwPki+1/A/oK2NYnGSFftMJE5bJL
GHysYF+79aafx2dWSc6v+KrtcwkkWByPqn+IeB8+fbYG8dxw9nfJI5/zH+88sXvG
dW9ydT329ILHRvYyBjTqRWBBsXtZAdz3/82hIsulqdQPALIxo93oi0tTNVGWXbiw
kqazwkb2egRzJOlfDfPS/brBaD1MElhojkRZHQpZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJzy2TEALpOVpOfNoDSTca6Hq8EswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgzMWRlYjJmLTA1Y2UtNGIxMS1iZjFkLTc3YTcyY2U3MzgxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0Vd4wDQYJKoZIhvcNAQELBQADggEBABDz6cHzEah84OgQkJsRcinaz/Dh
dMyYz3jw6QvSdKF2OH+E1NfS0c/IlxML0bBxyuuh7+KLTjjs5gwTVUmoZnhI/okw
io1Tjz46c7ZkREO0QdeT2/KHH1WGkUGb0NkGYlPZgwG0FGQZ92OODv7t8q70RQUD
nrRM3s+duPD9rFaxl49wr9CAc2E7KyJR7q5S/yInxs2qm7qeyfxbg3lniwdmhlJY
so5tr3Osnxmy388Qsn3bJFgM71ZW6nVHTPwi1lg1ZTIMdlOER5heZosgiP6f1j2n
C8w1qxKyNyhioa1Gyv3awpSOc0PhLmR+W1kwwUIWSdZ6vga8E/JsJV1GawI=
-----END CERTIFICATE-----