Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7684ce5-3814-411b-ab1e-1b38dd2e2435.roa
File:                     b7684ce5-3814-411b-ab1e-1b38dd2e2435.roa (raw, json)
Hash identifier:          5KXum8JWoe9cL9ttjZNYG3PoiT/lFVXBeuNih5PZ5GM=
Subject key identifier:   B5:63:39:80:15:A1:5E:ED:04:6A:D1:47:EE:4A:B5:4B:BB:9F:0B:6B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7FFE1F18CABA06776F131499CAC12EABE00D519D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7684ce5-3814-411b-ab1e-1b38dd2e2435.roa
Signing time:             Thu 16 Oct 2025 19:48:18 +0000
ROA not before:           Thu 16 Oct 2025 19:48:18 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.158.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:fe:1f:18:ca:ba:06:77:6f:13:14:99:ca:c1:2e:ab:e0:0d:51:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 19:48:18 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=f631eb2979fde786443a3c58961cde73346469c6282303f211e16ba27487aa12, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:7c:fe:e5:3d:e8:f8:65:8a:8d:5a:75:b5:
                    24:7a:4d:48:35:b6:57:3c:be:53:cd:cf:11:6a:5e:
                    1d:92:08:9f:8a:69:66:00:7a:15:e6:ae:6d:09:45:
                    cd:37:f3:b4:5f:ff:f3:1f:b9:fb:a0:f3:46:ca:cb:
                    ef:34:82:17:ce:69:06:b4:91:b1:4c:0e:13:5a:1f:
                    4f:f4:28:2d:e6:2d:1a:93:7b:8a:d9:0a:e3:41:93:
                    59:a8:48:33:0f:59:fd:7b:9f:a2:66:57:39:76:6b:
                    10:3a:86:d2:d2:69:91:eb:78:79:92:af:28:7b:42:
                    fc:6e:22:ec:2c:a8:42:9e:ae:c6:44:a0:3c:b1:5b:
                    9e:f4:de:bc:aa:52:91:ef:cc:86:a5:ee:a3:dc:ca:
                    5e:a2:60:b6:e2:7d:bb:2d:7b:fa:82:a2:01:45:28:
                    58:77:b5:93:b0:26:44:23:d9:d8:4f:12:11:80:ed:
                    5e:84:00:18:a3:cf:28:f0:35:19:3b:43:dd:fa:55:
                    88:09:e4:71:31:97:ad:43:50:3f:34:9c:3a:07:55:
                    00:fa:a3:7c:cb:e7:51:17:e4:f3:6e:14:75:6a:55:
                    10:bb:f8:95:5b:10:07:21:6a:be:40:72:9b:ac:57:
                    e8:19:ee:5b:bf:65:82:a2:b3:5b:c8:b7:d1:c2:34:
                    09:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:63:39:80:15:A1:5E:ED:04:6A:D1:47:EE:4A:B5:4B:BB:9F:0B:6B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7684ce5-3814-411b-ab1e-1b38dd2e2435.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.158.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         26:c4:7a:07:00:64:4f:21:2f:f4:17:7f:be:03:7b:0b:de:6f:
         95:6a:d5:73:a1:8b:60:13:15:7f:7d:ac:f3:fe:53:ae:af:d0:
         d8:b3:88:a0:a7:9e:1a:53:7b:fc:d5:9b:46:c7:0c:38:c2:96:
         b0:16:07:62:3f:0b:19:54:a6:ce:e6:9f:68:ac:81:f4:4c:ee:
         40:8a:a8:88:62:36:05:0c:4e:c9:41:b7:a7:20:b8:22:07:86:
         ac:dd:f4:47:e7:47:bf:06:ef:c7:9b:d9:19:e2:d1:f6:32:1f:
         56:e5:09:ab:58:e5:84:5f:cf:9c:b2:ef:5b:da:90:ce:ef:3b:
         eb:9d:ac:b9:a0:a6:e2:9c:75:87:f8:48:24:72:19:64:b7:c4:
         a6:42:39:f0:f4:92:e6:0e:d1:7d:70:41:57:dd:6c:3c:96:06:
         4e:90:c5:e4:07:1b:74:fb:b4:de:b0:1a:d3:1e:96:5a:c8:fa:
         f0:f4:99:d6:9a:7a:e3:4f:25:7f:40:71:6d:fb:90:6b:88:3b:
         47:fc:3c:f7:f8:b9:44:fa:ff:01:fc:e9:e7:6f:bf:2b:08:63:
         06:ce:48:a2:a6:9b:69:08:aa:65:99:c2:3e:0a:26:1b:03:50:
         bf:8c:44:f4:fb:c0:25:be:0b:22:bb:35:82:84:0d:ce:1d:32:
         fa:44:8f:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf/4fGMq6BndvExSZysEuq+ANUZ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTk0ODE4WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNjMxZWIyOTc5ZmRlNzg2NDQzYTNjNTg5NjFjZGU3MzM0
NjQ2OWM2MjgyMzAzZjIxMWUxNmJhMjc0ODdhYTEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3wHz+5T3o+GWKjVp1tSR6TUg1tlc8vlPNzxFqXh2SCJ+K
aWYAehXmrm0JRc0387Rf//Mfufug80bKy+80ghfOaQa0kbFMDhNaH0/0KC3mLRqT
e4rZCuNBk1moSDMPWf17n6JmVzl2axA6htLSaZHreHmSryh7QvxuIuwsqEKersZE
oDyxW5703ryqUpHvzIal7qPcyl6iYLbifbste/qCogFFKFh3tZOwJkQj2dhPEhGA
7V6EABijzyjwNRk7Q936VYgJ5HExl61DUD80nDoHVQD6o3zL51EX5PNuFHVqVRC7
+JVbEAchar5AcpusV+gZ7lu/ZYKis1vIt9HCNAmVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtWM5gBWhXu0EatFH7kq1S7ufC2swHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I3Njg0Y2U1LTM4MTQtNDExYi1hYjFlLTFiMzhkZDJlMjQzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2noAwDQYJKoZIhvcNAQELBQADggEBACbEegcAZE8hL/QXf74Dewveb5Vq
1XOhi2ATFX99rPP+U66v0NiziKCnnhpTe/zVm0bHDDjClrAWB2I/CxlUps7mn2is
gfRM7kCKqIhiNgUMTslBt6cguCIHhqzd9EfnR78G78eb2Rni0fYyH1blCatY5YRf
z5yy71vakM7vO+udrLmgpuKcdYf4SCRyGWS3xKZCOfD0kuYO0X1wQVfdbDyWBk6Q
xeQHG3T7tN6wGtMellrI+vD0mdaaeuNPJX9AcW37kGuIO0f8PPf4uUT6/wH86edv
vysIYwbOSKKmm2kIqmWZwj4KJhsDUL+MRPT7wCW+CyK7NYKEDc4dMvpEjws=
-----END CERTIFICATE-----