Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a48e7253-0cf5-44b3-a4ec-112e1ae35730.roa
File:                     a48e7253-0cf5-44b3-a4ec-112e1ae35730.roa (raw, json)
Hash identifier:          92Yiazrtmqh8D8m++xwKO4G4ovzJvtqaIBqL6rQKJBc=
Subject key identifier:   52:88:4D:A1:E7:B6:B7:12:0D:98:18:58:C7:C2:05:1A:9F:E4:DD:63
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3009FBBA27B7145A24BDACB6723277640A2D85B1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a48e7253-0cf5-44b3-a4ec-112e1ae35730.roa
Signing time:             Sun 19 Oct 2025 07:43:44 +0000
ROA not before:           Sun 19 Oct 2025 07:43:44 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:09:fb:ba:27:b7:14:5a:24:bd:ac:b6:72:32:77:64:0a:2d:85:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 07:43:44 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=5ce7b0333bc97bd13da4d94781167df0956efe2c36001b155deab187af9c751b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6c:26:d7:a7:5c:a1:d8:63:31:72:be:4e:d2:
                    2d:39:b4:6e:62:79:81:30:27:26:f1:1c:29:2c:07:
                    87:cb:80:dc:f0:1c:e7:33:f7:bb:d6:e6:46:24:29:
                    9f:fb:44:0d:de:40:a1:c0:6c:1b:35:44:03:54:29:
                    16:3d:83:86:4a:1b:fe:a6:30:a9:47:21:34:b9:8c:
                    cf:62:db:09:90:b6:13:d5:c6:1d:97:8c:ab:57:bf:
                    8f:d7:9d:90:96:bf:e7:41:7c:3c:41:41:01:0b:0c:
                    b3:20:c6:fa:16:d0:64:69:92:88:be:f9:b9:13:c4:
                    3c:99:6f:ed:21:47:2f:8e:aa:3f:3b:f8:ce:dd:68:
                    c3:b7:02:fa:37:0b:45:08:1d:1a:3b:71:13:21:c8:
                    84:4f:18:80:3b:1a:0e:0c:09:a6:02:3b:bb:ea:36:
                    7e:18:24:64:6a:74:af:6f:b3:49:38:3d:bd:72:e7:
                    fe:84:0e:39:f9:d3:73:57:00:03:f1:32:9e:ec:88:
                    64:89:aa:21:19:ee:58:99:bb:fe:cb:7e:a3:46:10:
                    d7:bf:7f:4c:5c:d7:22:ef:df:84:d9:27:e6:05:43:
                    83:49:89:99:20:ad:c4:2d:42:61:e7:86:09:71:6a:
                    bf:79:d0:16:b0:99:f9:fc:3c:39:e5:fd:3e:34:54:
                    b4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:88:4D:A1:E7:B6:B7:12:0D:98:18:58:C7:C2:05:1A:9F:E4:DD:63
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a48e7253-0cf5-44b3-a4ec-112e1ae35730.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c1:08:de:f9:9e:c1:5e:26:46:42:d9:3d:fb:90:57:18:95:
         66:ff:af:2f:e3:73:01:6f:a3:1d:9c:f8:2c:2b:64:74:9d:c9:
         3d:14:dd:28:44:6e:29:70:21:1b:81:35:bd:48:a8:3f:88:f7:
         17:9c:92:cd:6c:77:40:4a:0a:6f:52:89:1c:f5:e0:1d:0c:38:
         99:1f:31:db:ce:ee:ba:c0:34:b2:79:e7:3b:8b:d1:50:4d:8d:
         5c:9b:75:60:3e:f5:e0:68:c3:94:f2:10:d4:2c:1e:1f:37:a1:
         ee:60:13:fe:ad:8a:15:8c:3c:48:f1:cb:e4:5f:20:5c:45:b7:
         df:56:68:20:18:ff:43:9d:74:98:80:c6:be:36:0e:15:95:b7:
         ed:2e:81:d6:7d:ce:e4:7c:2f:fb:e8:92:33:df:1b:63:2e:89:
         33:87:d4:19:3e:1d:63:a6:59:a3:e4:f3:5c:35:21:a8:48:74:
         08:4d:b7:e8:fb:26:12:9f:3b:0a:7e:4f:d4:9f:c5:e8:ed:69:
         15:aa:33:cd:81:25:63:57:cc:ec:34:a3:59:42:e1:10:49:7f:
         83:65:b0:2c:9c:21:4d:50:ad:28:3f:f6:25:a6:63:e2:79:f5:
         d9:d4:f1:73:b7:3a:34:5d:79:22:53:a1:aa:74:b2:9b:a9:66:
         41:0d:9b:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMAn7uie3FFokvay2cjJ3ZAothbEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDc0MzQ0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2U3YjAzMzNiYzk3YmQxM2RhNGQ5NDc4MTE2N2RmMDk1
NmVmZTJjMzYwMDFiMTU1ZGVhYjE4N2FmOWM3NTFiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjbCbXp1yh2GMxcr5O0i05tG5ieYEwJybxHCksB4fLgNzw
HOcz97vW5kYkKZ/7RA3eQKHAbBs1RANUKRY9g4ZKG/6mMKlHITS5jM9i2wmQthPV
xh2XjKtXv4/XnZCWv+dBfDxBQQELDLMgxvoW0GRpkoi++bkTxDyZb+0hRy+Oqj87
+M7daMO3Avo3C0UIHRo7cRMhyIRPGIA7Gg4MCaYCO7vqNn4YJGRqdK9vs0k4Pb1y
5/6EDjn503NXAAPxMp7siGSJqiEZ7liZu/7LfqNGENe/f0xc1yLv34TZJ+YFQ4NJ
iZkgrcQtQmHnhglxar950Bawmfn8PDnl/T40VLRpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUohNoee2txINmBhYx8IFGp/k3WMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E0OGU3MjUzLTBjZjUtNDRiMy1hNGVjLTExMmUxYWUzNTczMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VWEwDQYJKoZIhvcNAQELBQADggEBAAjBCN75nsFeJkZC2T37kFcYlWb/
ry/jcwFvox2c+CwrZHSdyT0U3ShEbilwIRuBNb1IqD+I9xecks1sd0BKCm9SiRz1
4B0MOJkfMdvO7rrANLJ55zuL0VBNjVybdWA+9eBow5TyENQsHh83oe5gE/6tihWM
PEjxy+RfIFxFt99WaCAY/0OddJiAxr42DhWVt+0ugdZ9zuR8L/vokjPfG2MuiTOH
1Bk+HWOmWaPk81w1IahIdAhNt+j7JhKfOwp+T9SfxejtaRWqM82BJWNXzOw0o1lC
4RBJf4NlsCycIU1QrSg/9iWmY+J59dnU8XO3OjRdeSJToap0spupZkENm1o=
-----END CERTIFICATE-----