Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df7004a9-f79e-4830-a0ea-b8af70c89da0.roa
File:                     df7004a9-f79e-4830-a0ea-b8af70c89da0.roa (raw, json)
Hash identifier:          Zc4/yuFuFv/H+FvoroanFlGTJqOg+RujJfa/ukqqo7Y=
Subject key identifier:   C2:41:CA:B6:E1:CA:48:E1:BE:E5:A4:38:59:AE:CF:96:EE:7D:DB:F6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       599CCA938733D389C7B3E08509FB4D6FEF0F0093
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df7004a9-f79e-4830-a0ea-b8af70c89da0.roa
Signing time:             Tue 05 Aug 2025 17:21:43 +0000
ROA not before:           Tue 05 Aug 2025 17:21:43 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.240.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:9c:ca:93:87:33:d3:89:c7:b3:e0:85:09:fb:4d:6f:ef:0f:00:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 17:21:43 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=11fb7648ba1eeea289f71f80c2ef7b2b2f9bcac5b5673928aef3865a2d1e2bf4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3c:a1:fc:0d:e8:6c:05:5f:4f:c3:ea:f5:a2:
                    06:5e:19:58:25:6f:b2:c3:a4:84:9a:94:65:1b:31:
                    e3:e2:ff:98:11:ca:0d:fd:b5:11:85:a8:56:9f:6d:
                    80:e0:6e:6a:98:12:c5:0e:a6:58:e2:94:b7:42:f7:
                    96:6d:c5:76:80:3b:c1:9d:a2:2c:c6:02:88:68:a5:
                    75:78:24:1c:0c:05:5e:02:e4:59:f6:8d:be:fd:66:
                    1b:71:d1:ab:6e:50:d9:26:f8:a9:df:e1:df:2c:08:
                    33:96:c9:66:27:08:18:c4:7c:0b:6e:48:c1:08:1f:
                    a8:57:bf:3e:50:aa:f8:75:f8:34:1e:cf:cb:8e:a9:
                    0a:3b:43:57:1a:7a:e2:78:a8:a1:12:dc:8b:e8:02:
                    23:eb:71:c0:63:a9:f0:3d:c3:7f:99:2b:e9:3f:a5:
                    4d:14:91:22:34:60:04:99:2a:7b:36:3a:54:c2:5c:
                    6c:8e:d2:56:70:a9:36:c9:94:ab:ed:30:d3:ea:45:
                    e5:c1:0b:eb:69:93:79:09:aa:17:40:b3:ea:4d:07:
                    7b:2b:f0:53:c3:2e:40:39:53:a5:24:0b:8f:21:16:
                    39:a9:0f:7e:d1:9f:4e:ad:75:e9:bb:db:7b:03:89:
                    34:83:c4:6e:84:6d:3d:9d:4e:de:38:3b:21:e0:0b:
                    80:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:41:CA:B6:E1:CA:48:E1:BE:E5:A4:38:59:AE:CF:96:EE:7D:DB:F6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df7004a9-f79e-4830-a0ea-b8af70c89da0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:cb:33:63:51:cb:03:40:96:34:54:1f:81:0c:54:42:98:00:
         28:10:21:f1:9b:48:96:70:6f:62:40:4e:9c:97:eb:55:51:a9:
         84:05:34:17:89:2c:69:6a:61:fd:8f:fa:79:5f:3f:28:2d:11:
         63:e4:5c:c4:5e:6e:a7:80:b1:58:82:7e:d3:f6:50:35:fc:07:
         f5:97:be:52:b2:d6:d4:56:9a:37:86:6f:e4:10:f5:4f:e2:c4:
         08:a9:9f:43:0f:fe:56:ca:ce:12:3b:65:60:03:e6:30:f1:7a:
         b1:8f:6a:f2:38:a4:0a:61:a5:4d:68:3b:7a:ce:86:4a:cf:9a:
         ae:cf:c6:e6:38:cb:17:09:f8:17:d8:2d:7b:7b:2c:b8:db:49:
         0a:d0:ec:45:05:03:d5:22:da:46:42:df:0f:a3:65:d5:06:bd:
         0c:0b:68:6a:74:3b:ad:c2:4b:b4:1a:e0:d8:e1:ef:f5:b4:f5:
         0a:35:b8:6c:e8:80:09:48:ad:67:4a:2d:9a:52:f6:2c:ec:50:
         af:0e:df:e0:19:22:97:05:67:33:dd:91:0a:ab:23:89:2f:0b:
         e4:ba:ab:a9:f7:d4:94:5e:95:f7:5d:b3:7f:21:47:06:ab:cf:
         60:db:25:8c:48:e5:7f:3a:a3:7e:b5:6a:d3:03:24:84:d1:66:
         99:0a:58:1a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWZzKk4cz04nHs+CFCftNb+8PAJMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTcyMTQzWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMWZiNzY0OGJhMWVlZWEyODlmNzFmODBjMmVmN2IyYjJm
OWJjYWM1YjU2NzM5MjhhZWYzODY1YTJkMWUyYmY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+PKH8DehsBV9Pw+r1ogZeGVglb7LDpISalGUbMePi/5gR
yg39tRGFqFafbYDgbmqYEsUOpljilLdC95ZtxXaAO8GdoizGAohopXV4JBwMBV4C
5Fn2jb79Zhtx0atuUNkm+Knf4d8sCDOWyWYnCBjEfAtuSMEIH6hXvz5Qqvh1+DQe
z8uOqQo7Q1caeuJ4qKES3IvoAiPrccBjqfA9w3+ZK+k/pU0UkSI0YASZKns2OlTC
XGyO0lZwqTbJlKvtMNPqReXBC+tpk3kJqhdAs+pNB3sr8FPDLkA5U6UkC48hFjmp
D37Rn06tdem723sDiTSDxG6EbT2dTt44OyHgC4DJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwkHKtuHKSOG+5aQ4Wa7Plu592/YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RmNzAwNGE5LWY3OWUtNDgzMC1hMGVhLWI4YWY3MGM4OWRhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA28MowDQYJKoZIhvcNAQELBQADggEBAKXLM2NRywNAljRUH4EMVEKYACgQ
IfGbSJZwb2JATpyX61VRqYQFNBeJLGlqYf2P+nlfPygtEWPkXMRebqeAsViCftP2
UDX8B/WXvlKy1tRWmjeGb+QQ9U/ixAipn0MP/lbKzhI7ZWAD5jDxerGPavI4pAph
pU1oO3rOhkrPmq7PxuY4yxcJ+BfYLXt7LLjbSQrQ7EUFA9Ui2kZC3w+jZdUGvQwL
aGp0O63CS7Qa4Njh7/W09Qo1uGzogAlIrWdKLZpS9izsUK8O3+AZIpcFZzPdkQqr
I4kvC+S6q6n31JRelfdds38hRwarz2DbJYxI5X86o361atMDJITRZpkKWBo=
-----END CERTIFICATE-----