Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7c68b10-a69f-4cce-a580-5cb0cf17269c.roa
File:                     f7c68b10-a69f-4cce-a580-5cb0cf17269c.roa (raw, json)
Hash identifier:          PNJk6yVjlGuqeWX1jetkE0ZpkB+Y8jNKfxlzhkddIiI=
Subject key identifier:   0D:6C:F1:FA:4B:3E:DB:E3:7D:2D:E1:49:1F:7B:17:B8:B7:2F:61:2E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       22D6628D350C229F9FDC4D2574AD11F9E0F82268
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7c68b10-a69f-4cce-a580-5cb0cf17269c.roa
Signing time:             Thu 16 Oct 2025 23:19:13 +0000
ROA not before:           Thu 16 Oct 2025 23:19:13 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.192.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d6:62:8d:35:0c:22:9f:9f:dc:4d:25:74:ad:11:f9:e0:f8:22:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 23:19:13 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=d7567f7585138f1c6e552f31ce893a456e5dfa3e0c14785e6859de38233463cf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:ff:28:45:c9:c4:a3:74:35:a1:00:63:b9:
                    3c:2d:aa:5b:76:64:bd:1a:6b:ab:bf:89:2a:54:cd:
                    fb:bb:c6:fd:53:bf:bb:5c:71:fd:c5:dd:3b:7c:6d:
                    c1:bd:d0:4d:27:fc:3f:98:2a:ef:6e:6c:67:14:d7:
                    33:95:75:64:96:79:71:84:71:bf:2c:cf:05:2d:08:
                    de:6f:9b:e3:00:2c:e1:68:1c:d4:d8:1d:fc:39:00:
                    4f:db:2b:f7:db:f9:61:c3:f4:e2:97:76:a7:72:c9:
                    22:b4:64:41:5e:2d:a5:d5:86:e7:04:05:da:9d:cf:
                    87:77:f0:87:ac:91:b9:a4:59:65:a7:39:c8:b5:e4:
                    16:7b:17:8e:a1:27:7d:40:55:82:8e:7d:38:96:d8:
                    49:b6:cd:1b:6e:ac:10:40:bd:2a:10:b2:f0:33:d3:
                    b5:e3:cb:3a:f7:85:d1:7d:83:88:06:29:61:b2:92:
                    e8:f7:60:ea:b8:5c:f8:13:4b:37:66:4c:3a:29:cb:
                    7b:c5:04:ec:a1:65:c7:b9:33:7a:11:59:bd:77:fd:
                    06:97:c8:df:19:91:97:b1:1e:1b:e5:9c:78:e6:22:
                    b9:a7:30:cf:20:ea:18:5d:c3:87:0f:3b:fa:23:c5:
                    b2:c4:f1:2c:bb:7f:d3:b0:c6:63:22:fe:e2:2a:5f:
                    2b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6C:F1:FA:4B:3E:DB:E3:7D:2D:E1:49:1F:7B:17:B8:B7:2F:61:2E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7c68b10-a69f-4cce-a580-5cb0cf17269c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.192.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:9d:7c:9c:be:bc:03:f5:c4:73:01:6c:ba:63:3d:c2:db:c2:
         bc:ed:9c:1b:fb:1d:e8:72:d5:d2:31:aa:35:3d:e7:e5:aa:bf:
         62:36:ea:8d:29:65:cc:86:79:27:b6:25:23:a1:ab:5f:ae:28:
         db:cc:55:d4:c2:f8:81:ed:cf:9b:fe:ed:29:40:4b:c3:e5:d1:
         ff:47:75:98:1e:e2:01:32:84:30:1c:86:2f:6b:ba:06:96:f9:
         99:5e:db:42:e7:10:f2:aa:b9:82:f3:45:bc:aa:55:35:fa:f0:
         79:b0:76:78:f5:ad:35:de:55:8b:57:f0:76:12:a1:bc:c8:d7:
         2e:db:0b:fb:de:5d:96:97:8f:09:fd:47:5f:55:01:d8:ca:a5:
         a7:e3:28:b4:2b:f7:43:c1:20:0d:cf:09:a3:77:0c:65:28:04:
         c6:76:d0:63:e6:a5:be:61:67:ff:24:f4:b4:24:17:e7:23:75:
         ad:17:e7:79:45:80:00:d9:72:fd:08:0c:12:4a:9c:87:6b:0e:
         9f:52:10:e8:d8:0f:44:89:3a:b5:19:4c:d1:60:77:03:93:de:
         e7:b9:f7:e4:64:d9:a0:9d:f0:3d:6a:fe:ab:3c:31:ec:64:f1:
         18:38:1d:12:a1:46:4c:67:10:35:9a:6f:25:14:f7:58:e0:2f:
         b4:23:0d:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUItZijTUMIp+f3E0ldK0R+eD4ImgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MjMxOTEzWhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzU2N2Y3NTg1MTM4ZjFjNmU1NTJmMzFjZTg5M2E0NTZl
NWRmYTNlMGMxNDc4NWU2ODU5ZGUzODIzMzQ2M2NmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0jP8oRcnEo3Q1oQBjuTwtqlt2ZL0aa6u/iSpUzfu7xv1T
v7tccf3F3Tt8bcG90E0n/D+YKu9ubGcU1zOVdWSWeXGEcb8szwUtCN5vm+MALOFo
HNTYHfw5AE/bK/fb+WHD9OKXdqdyySK0ZEFeLaXVhucEBdqdz4d38IeskbmkWWWn
Oci15BZ7F46hJ31AVYKOfTiW2Em2zRturBBAvSoQsvAz07Xjyzr3hdF9g4gGKWGy
kuj3YOq4XPgTSzdmTDopy3vFBOyhZce5M3oRWb13/QaXyN8ZkZexHhvlnHjmIrmn
MM8g6hhdw4cPO/ojxbLE8Sy7f9OwxmMi/uIqXyvJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDWzx+ks+2+N9LeFJH3sXuLcvYS4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3YzY4YjEwLWE2OWYtNGNjZS1hNTgwLTVjYjBjZjE3MjY5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2wKAwDQYJKoZIhvcNAQELBQADggEBAEudfJy+vAP1xHMBbLpjPcLbwrzt
nBv7Hehy1dIxqjU95+Wqv2I26o0pZcyGeSe2JSOhq1+uKNvMVdTC+IHtz5v+7SlA
S8Pl0f9HdZge4gEyhDAchi9rugaW+Zle20LnEPKquYLzRbyqVTX68Hmwdnj1rTXe
VYtX8HYSobzI1y7bC/veXZaXjwn9R19VAdjKpafjKLQr90PBIA3PCaN3DGUoBMZ2
0GPmpb5hZ/8k9LQkF+cjda0X53lFgADZcv0IDBJKnIdrDp9SEOjYD0SJOrUZTNFg
dwOT3ue59+Rk2aCd8D1q/qs8Mexk8Rg4HRKhRkxnEDWabyUU91jgL7QjDZM=
-----END CERTIFICATE-----