Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab9aed33-3a66-4431-ba0c-cb57567446dc.roa
File:                     ab9aed33-3a66-4431-ba0c-cb57567446dc.roa (raw, json)
Hash identifier:          Y9fYxE1awCfLn+YZJv/PflH25iJEllTV0ghxhIj0yXI=
Subject key identifier:   6A:33:6C:0A:04:82:89:DB:83:A2:53:EC:A7:7A:27:0A:BF:AB:6A:FA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       D9AB92F63578516DC9D477AB0036485A82A045
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab9aed33-3a66-4431-ba0c-cb57567446dc.roa
Signing time:             Sat 18 Oct 2025 14:53:23 +0000
ROA not before:           Sat 18 Oct 2025 14:53:23 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.46.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d9:ab:92:f6:35:78:51:6d:c9:d4:77:ab:00:36:48:5a:82:a0:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 14:53:23 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=6faa6cdc384ec0538766a984cee2b4b4cd7893682af1520425c909ba94a908b9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:77:e5:b3:a9:8c:b3:54:1d:21:69:db:10:8d:
                    98:e0:21:b0:6e:93:ef:33:ca:34:47:e5:55:4e:bb:
                    44:bf:18:ef:a5:b1:b7:04:db:91:3b:14:bc:2e:9a:
                    d6:cf:b7:b7:cf:14:24:dd:00:a1:b1:45:46:26:51:
                    de:dc:3b:95:1e:ce:96:2e:55:58:6a:a1:3d:e9:3b:
                    f2:50:2d:bb:64:b8:47:57:52:da:7e:33:03:29:17:
                    1b:68:eb:ef:2c:86:a2:c6:10:3d:fc:46:0c:15:9c:
                    44:74:4d:79:06:2a:35:9c:3c:50:a3:08:79:44:54:
                    6e:98:13:49:24:ec:e1:d3:a7:70:cd:d1:16:e7:b5:
                    6b:49:50:65:de:b0:b0:da:62:7a:02:34:df:79:04:
                    9e:b8:73:c0:ad:8b:54:2c:5b:09:9b:a9:21:65:56:
                    52:8e:b2:b4:6e:d7:f3:25:75:45:87:59:ad:5c:58:
                    3c:34:01:e2:2a:75:49:69:e9:26:12:77:bb:cd:90:
                    2e:f3:ed:a3:2d:24:6a:91:0a:ad:71:f5:33:08:c0:
                    b9:67:4a:00:08:42:13:82:f3:8f:33:fd:38:dd:19:
                    da:27:a9:c3:5a:a0:0f:b1:8f:21:75:d2:d6:fe:e2:
                    2a:4e:5f:95:4b:7a:0a:2b:64:c3:d3:2f:3c:d6:44:
                    ed:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:33:6C:0A:04:82:89:DB:83:A2:53:EC:A7:7A:27:0A:BF:AB:6A:FA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab9aed33-3a66-4431-ba0c-cb57567446dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.46.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:f0:ed:89:20:b1:9e:f8:18:9a:08:50:38:ec:f1:c0:92:8d:
         e3:89:81:ad:75:5c:c0:27:24:f4:91:33:1f:f6:42:c3:7f:db:
         a9:da:5f:50:de:d9:fe:38:d9:29:e2:c0:d5:6c:55:6d:8d:e2:
         4f:4a:ab:c1:df:ff:15:50:26:d4:c1:6d:58:66:eb:cd:a7:ba:
         53:dc:bf:c2:ab:5d:f3:13:36:92:1b:db:76:80:3a:5f:3b:94:
         9d:e1:80:cf:28:4c:7e:e6:89:10:73:ef:27:60:4f:7e:33:96:
         32:c0:bd:77:67:cd:ec:02:2f:63:b6:62:55:85:a6:b2:a5:04:
         03:94:c9:99:0c:e8:5b:c5:b1:6c:ed:8c:3a:6f:b0:76:cb:dc:
         a8:08:bc:70:04:11:ea:28:97:67:d6:1a:af:44:ca:8b:1b:3d:
         8e:1f:6e:d7:a6:82:f6:85:cc:85:03:d4:3a:2e:b9:1d:80:38:
         72:fe:5f:b1:58:ce:1f:7c:e2:bc:32:c3:bd:c6:2f:3d:cc:d7:
         5a:55:8e:12:2f:3c:d8:2b:1c:98:85:26:51:1b:63:e2:e0:96:
         ef:6a:b9:5b:b1:7d:77:3c:65:1d:f2:42:11:b5:01:75:9d:56:
         38:cf:eb:c6:08:d0:d2:cd:71:97:7b:79:6f:c1:2d:13:8b:19:
         d5:20:5b:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUANmrkvY1eFFtydR3qwA2SFqCoEUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTQ1MzIzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmFhNmNkYzM4NGVjMDUzODc2NmE5ODRjZWUyYjRiNGNk
Nzg5MzY4MmFmMTUyMDQyNWM5MDliYTk0YTkwOGI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPd+WzqYyzVB0hadsQjZjgIbBuk+8zyjRH5VVOu0S/GO+l
sbcE25E7FLwumtbPt7fPFCTdAKGxRUYmUd7cO5UezpYuVVhqoT3pO/JQLbtkuEdX
Utp+MwMpFxto6+8shqLGED38RgwVnER0TXkGKjWcPFCjCHlEVG6YE0kk7OHTp3DN
0RbntWtJUGXesLDaYnoCNN95BJ64c8Cti1QsWwmbqSFlVlKOsrRu1/MldUWHWa1c
WDw0AeIqdUlp6SYSd7vNkC7z7aMtJGqRCq1x9TMIwLlnSgAIQhOC848z/TjdGdon
qcNaoA+xjyF10tb+4ipOX5VLegorZMPTLzzWRO1LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUajNsCgSCiduDolPsp3onCr+ravowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FiOWFlZDMzLTNhNjYtNDQzMS1iYTBjLWNiNTc1Njc0NDZkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0LgAwDQYJKoZIhvcNAQELBQADggEBAI/w7YkgsZ74GJoIUDjs8cCSjeOJ
ga11XMAnJPSRMx/2QsN/26naX1De2f442SniwNVsVW2N4k9Kq8Hf/xVQJtTBbVhm
682nulPcv8KrXfMTNpIb23aAOl87lJ3hgM8oTH7miRBz7ydgT34zljLAvXdnzewC
L2O2YlWFprKlBAOUyZkM6FvFsWztjDpvsHbL3KgIvHAEEeool2fWGq9EyosbPY4f
btemgvaFzIUD1DouuR2AOHL+X7FYzh984rwyw73GLz3M11pVjhIvPNgrHJiFJlEb
Y+Lglu9quVuxfXc8ZR3yQhG1AXWdVjjP68YI0NLNcZd7eW/BLROLGdUgW8k=
-----END CERTIFICATE-----