Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3b48709-a27b-4153-b070-cfadcbbb42bc.roa
File:                     f3b48709-a27b-4153-b070-cfadcbbb42bc.roa (raw, json)
Hash identifier:          R8EGIZTtlavqRKyMNaSTmsmnNsRma6oYIlaAZxfrCgY=
Subject key identifier:   89:37:41:8B:B7:F9:78:CE:08:58:31:8F:A0:76:F6:78:26:4F:8A:42
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4C9D3D84330E91B11AF2354D18AD494BD84928B8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3b48709-a27b-4153-b070-cfadcbbb42bc.roa
Signing time:             Fri 26 Sep 2025 02:21:30 +0000
ROA not before:           Fri 26 Sep 2025 02:21:30 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.230.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:9d:3d:84:33:0e:91:b1:1a:f2:35:4d:18:ad:49:4b:d8:49:28:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 02:21:30 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=283627b2cb1ec588e707b858461eceef9aeb0d4b38e60ec28beeec5a6e6d78aa, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7c:53:70:16:d0:6e:a9:52:8c:e6:51:b0:cf:
                    9b:64:86:93:f2:51:5c:5c:ee:07:d3:ac:71:73:fc:
                    03:30:45:ec:11:9b:fe:74:b3:94:69:82:af:10:68:
                    29:3a:3b:2d:8b:01:ec:f4:70:b1:c3:93:4a:fc:cd:
                    4e:15:9f:e5:ec:60:3c:74:09:38:4d:95:2d:a2:dd:
                    f0:97:a6:63:9a:db:b5:68:ba:24:9e:e2:05:62:4e:
                    3a:fd:b0:56:99:42:02:de:12:a8:78:76:99:36:b4:
                    06:c8:82:e0:29:a3:cd:13:d8:cd:81:1f:69:0c:e4:
                    db:5f:48:c9:27:ff:f4:13:a7:e1:ee:94:e0:51:04:
                    e6:e7:4e:91:52:b0:ef:21:bf:0a:e7:a7:15:4d:1b:
                    bc:a0:ce:3d:5f:db:6e:55:fe:cc:b4:8b:56:45:b3:
                    40:84:5d:4b:a8:81:86:15:34:81:1e:be:74:f2:fe:
                    15:cf:f9:2a:4a:67:9a:31:85:7e:eb:e7:ba:af:4f:
                    59:6b:1a:e3:22:0f:d4:e8:3d:fa:a6:13:5b:38:21:
                    bd:cb:59:e7:44:90:62:74:5a:3c:13:8a:3c:4f:8d:
                    0a:d5:dc:9a:6c:53:dd:55:df:4d:8f:76:a7:42:94:
                    65:1c:11:53:53:55:37:87:f0:9c:1a:4c:57:0e:04:
                    62:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:37:41:8B:B7:F9:78:CE:08:58:31:8F:A0:76:F6:78:26:4F:8A:42
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3b48709-a27b-4153-b070-cfadcbbb42bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.230.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:c5:25:d5:1b:e0:d7:be:37:b1:fe:9c:9c:df:38:4a:ed:63:
         c7:6f:dd:cd:cc:f8:2c:7c:2d:1c:c1:d4:71:03:c7:52:46:bd:
         93:08:01:81:38:85:f0:84:94:cc:40:60:e3:53:8e:2b:3f:3e:
         82:ed:3c:03:c1:17:98:cf:c3:68:b9:a1:a9:2e:dc:62:03:81:
         df:a6:25:cf:b4:32:67:94:09:e5:76:db:21:ef:1e:7d:5b:3f:
         c4:21:66:b9:11:42:39:2e:a2:5d:96:9e:ae:24:50:06:dc:40:
         27:14:8c:76:38:d6:48:6e:79:11:2e:e6:f2:dd:e8:5a:53:4d:
         78:eb:d2:22:f7:43:21:6e:10:1b:17:6b:a7:62:46:e1:8f:de:
         9d:41:d2:3c:e2:e6:d5:20:3a:b4:75:d0:f3:98:80:2d:2e:09:
         49:ec:da:52:28:78:4d:3f:84:0f:c7:b3:b0:0a:57:55:7c:fd:
         5b:72:52:ea:4f:58:ac:b7:a6:8a:fd:17:bc:ee:48:4d:3e:d3:
         8d:ba:84:eb:bc:3c:4a:ef:43:22:24:a9:16:c7:ad:9d:37:d0:
         85:f7:90:af:96:28:4a:6a:53:1a:ff:e7:0a:f2:3d:66:cc:d1:
         2d:8c:93:f1:4e:b6:c0:3b:f4:8a:fb:0a:69:71:4a:f4:b9:4b:
         28:9e:ca:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTJ09hDMOkbEa8jVNGK1JS9hJKLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDIyMTMwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyODM2MjdiMmNiMWVjNTg4ZTcwN2I4NTg0NjFlY2VlZjlh
ZWIwZDRiMzhlNjBlYzI4YmVlZWM1YTZlNmQ3OGFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrfFNwFtBuqVKM5lGwz5tkhpPyUVxc7gfTrHFz/AMwRewR
m/50s5Rpgq8QaCk6Oy2LAez0cLHDk0r8zU4Vn+XsYDx0CThNlS2i3fCXpmOa27Vo
uiSe4gViTjr9sFaZQgLeEqh4dpk2tAbIguApo80T2M2BH2kM5NtfSMkn//QTp+Hu
lOBRBObnTpFSsO8hvwrnpxVNG7ygzj1f225V/sy0i1ZFs0CEXUuogYYVNIEevnTy
/hXP+SpKZ5oxhX7r57qvT1lrGuMiD9ToPfqmE1s4Ib3LWedEkGJ0WjwTijxPjQrV
3JpsU91V302PdqdClGUcEVNTVTeH8JwaTFcOBGJ5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiTdBi7f5eM4IWDGPoHb2eCZPikIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YzYjQ4NzA5LWEyN2ItNDE1My1iMDcwLWNmYWRjYmJiNDJiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA25mYwDQYJKoZIhvcNAQELBQADggEBABvFJdUb4Ne+N7H+nJzfOErtY8dv
3c3M+Cx8LRzB1HEDx1JGvZMIAYE4hfCElMxAYONTjis/PoLtPAPBF5jPw2i5oaku
3GIDgd+mJc+0MmeUCeV22yHvHn1bP8QhZrkRQjkuol2Wnq4kUAbcQCcUjHY41khu
eREu5vLd6FpTTXjr0iL3QyFuEBsXa6diRuGP3p1B0jzi5tUgOrR10POYgC0uCUns
2lIoeE0/hA/Hs7AKV1V8/VtyUupPWKy3por9F7zuSE0+0426hOu8PErvQyIkqRbH
rZ030IX3kK+WKEpqUxr/5wryPWbM0S2Mk/FOtsA79Ir7CmlxSvS5Syieyq8=
-----END CERTIFICATE-----