Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc38dbda-2f53-4c4c-b5b6-8e1e0bca7197.roa
File:                     bc38dbda-2f53-4c4c-b5b6-8e1e0bca7197.roa (raw, json)
Hash identifier:          WmxjKMcMVqMUJ6Hn/PuSADePlud52DAFGVeOO1CJ0uE=
Subject key identifier:   28:B4:0E:8F:62:3B:45:A8:CE:6C:1F:65:8A:A4:4A:C0:84:C4:AB:3C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10F50B5D6DB5D0C43501CB910F17CEBB7CE9C204
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc38dbda-2f53-4c4c-b5b6-8e1e0bca7197.roa
Signing time:             Sat 18 Oct 2025 06:00:11 +0000
ROA not before:           Sat 18 Oct 2025 06:00:11 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.228.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:f5:0b:5d:6d:b5:d0:c4:35:01:cb:91:0f:17:ce:bb:7c:e9:c2:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 06:00:11 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=fa674eee411a07e91ea0be6a8f2ac7041fd01de7c7eaf3d17a6d1d0e2588655f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c5:bc:aa:70:f0:cd:a3:3c:3a:d3:bc:b8:e5:
                    41:91:e8:e1:f7:e2:2d:ad:a3:67:96:f7:72:07:80:
                    c3:c9:f4:ae:14:3e:f9:44:4b:34:e3:85:21:8d:61:
                    1e:d4:92:d8:e9:8c:a3:87:43:a4:54:b4:56:22:0a:
                    ec:5c:c4:66:bd:1c:33:dc:83:3e:d9:aa:dc:27:c4:
                    5e:2e:c2:d0:e0:4c:b2:5e:32:f7:cc:ee:48:53:62:
                    fb:a9:b4:bc:bf:fe:2e:2d:18:67:1f:75:c7:a8:8c:
                    13:9e:4e:83:5b:c4:de:63:9c:35:55:26:c5:25:4a:
                    fb:ef:01:af:ea:b8:03:92:13:4b:2e:bd:f2:dd:a5:
                    4c:57:a2:4f:7c:40:17:d8:d3:27:a5:02:4d:cd:e5:
                    f4:67:47:51:5a:ce:11:62:a8:a9:bf:60:42:4b:82:
                    21:6d:5c:25:51:4b:9f:2b:8d:b5:79:3b:b2:7c:16:
                    3d:77:e4:df:4e:5e:86:bb:ec:ed:b2:6e:16:ec:47:
                    d1:61:68:c9:34:9b:b3:52:6b:e9:bd:4b:00:ea:05:
                    66:53:2b:26:3c:72:2a:24:02:03:94:ff:47:36:b5:
                    1c:5b:8a:3e:f6:b9:78:b8:99:3a:41:8b:96:0b:d1:
                    80:19:0f:6c:d1:bc:2f:71:fd:e9:e7:92:95:d2:6e:
                    40:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B4:0E:8F:62:3B:45:A8:CE:6C:1F:65:8A:A4:4A:C0:84:C4:AB:3C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc38dbda-2f53-4c4c-b5b6-8e1e0bca7197.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.228.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:83:15:6e:5b:77:aa:8f:24:c0:84:d8:68:d0:9e:13:d4:9a:
         8b:10:1e:d8:04:53:eb:bd:38:cb:2b:a5:44:40:df:f0:1d:59:
         a8:95:55:d0:7b:8d:0f:22:7d:71:13:ca:61:a1:d1:3b:76:98:
         f8:e7:ec:90:36:f7:1b:49:69:57:20:df:3f:3f:da:23:3c:58:
         fe:b2:cb:0a:d0:a6:36:64:fe:f6:99:48:a6:0d:b0:40:12:12:
         8e:a3:35:b7:b4:a1:38:a0:ab:9c:33:7d:66:e5:d4:0f:00:fd:
         20:39:df:4e:87:e7:5e:49:8d:09:4a:1b:e8:73:30:d0:1d:49:
         c1:25:98:14:fb:51:6b:6c:45:9f:67:39:e8:ed:a4:35:11:f8:
         77:bc:85:df:46:d3:40:be:93:ea:52:15:89:b2:27:0c:63:9a:
         0d:21:29:d2:c8:08:86:82:3d:a0:1d:af:7c:4f:c9:f5:09:d3:
         c1:46:1c:5c:16:ea:fe:df:85:e8:76:04:12:ad:09:90:09:d8:
         03:3d:b8:72:b9:ca:85:87:d8:dc:2e:d8:7d:d6:36:68:a8:dd:
         be:d2:13:4f:67:aa:bd:8a:da:fd:62:50:62:0d:c9:5c:47:d0:
         a6:a7:9c:cc:81:2c:12:fd:b8:a8:e4:05:12:46:30:bb:66:3e:
         58:4d:45:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEPULXW210MQ1AcuRDxfOu3zpwgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDYwMDExWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTY3NGVlZTQxMWEwN2U5MWVhMGJlNmE4ZjJhYzcwNDFm
ZDAxZGU3YzdlYWYzZDE3YTZkMWQwZTI1ODg2NTVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBxbyqcPDNozw607y45UGR6OH34i2to2eW93IHgMPJ9K4U
PvlESzTjhSGNYR7UktjpjKOHQ6RUtFYiCuxcxGa9HDPcgz7ZqtwnxF4uwtDgTLJe
MvfM7khTYvuptLy//i4tGGcfdceojBOeToNbxN5jnDVVJsUlSvvvAa/quAOSE0su
vfLdpUxXok98QBfY0yelAk3N5fRnR1FazhFiqKm/YEJLgiFtXCVRS58rjbV5O7J8
Fj135N9OXoa77O2ybhbsR9FhaMk0m7NSa+m9SwDqBWZTKyY8ciokAgOU/0c2tRxb
ij72uXi4mTpBi5YL0YAZD2zRvC9x/ennkpXSbkBjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKLQOj2I7RajObB9liqRKwITEqzwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JjMzhkYmRhLTJmNTMtNGM0Yy1iNWI2LThlMWUwYmNhNzE5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA25BkwDQYJKoZIhvcNAQELBQADggEBAHODFW5bd6qPJMCE2GjQnhPUmosQ
HtgEU+u9OMsrpURA3/AdWaiVVdB7jQ8ifXETymGh0Tt2mPjn7JA29xtJaVcg3z8/
2iM8WP6yywrQpjZk/vaZSKYNsEASEo6jNbe0oTigq5wzfWbl1A8A/SA5306H515J
jQlKG+hzMNAdScElmBT7UWtsRZ9nOejtpDUR+He8hd9G00C+k+pSFYmyJwxjmg0h
KdLICIaCPaAdr3xPyfUJ08FGHFwW6v7fheh2BBKtCZAJ2AM9uHK5yoWH2Nwu2H3W
Nmio3b7SE09nqr2K2v1iUGINyVxH0KannMyBLBL9uKjkBRJGMLtmPlhNRW4=
-----END CERTIFICATE-----