Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7fd2fa9-5b75-4de9-9955-8a13a64c8a6e.roa
File:                     f7fd2fa9-5b75-4de9-9955-8a13a64c8a6e.roa (raw, json)
Hash identifier:          /MB/hFeZt1ZsRvFIpPlGaw1zZTD8/1fTcy0i7hPAz5s=
Subject key identifier:   F6:15:33:BE:1E:20:55:50:71:65:29:80:6A:9E:0F:B6:81:01:5D:8B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       58907715366BEFFEDF1023AE9A980E4013511E02
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7fd2fa9-5b75-4de9-9955-8a13a64c8a6e.roa
Signing time:             Fri 17 Oct 2025 23:01:29 +0000
ROA not before:           Fri 17 Oct 2025 23:01:29 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:90:77:15:36:6b:ef:fe:df:10:23:ae:9a:98:0e:40:13:51:1e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 17 23:01:29 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=652cb3088408d68d67b2b670d7a7f7afffff56aae8e65790e594c0d3e6bde00f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:95:cf:1f:69:f2:54:fa:bf:63:86:ff:9d:39:
                    42:f6:7d:1a:6b:a4:5b:3b:f8:a6:04:c8:b3:60:39:
                    14:cb:9b:13:4a:36:df:23:0b:c1:63:8a:7d:26:c0:
                    9e:c1:8b:f2:61:b2:7d:56:74:41:08:93:9d:6f:5f:
                    d0:ff:7b:49:0a:1f:0b:92:47:cd:72:57:1f:16:75:
                    1a:65:b3:d5:84:16:63:4d:44:0a:d3:f1:e5:9e:05:
                    64:4c:4b:e5:ed:74:e8:9b:97:b0:52:57:b6:c4:36:
                    0c:ae:f7:e5:eb:fa:ba:4e:6f:ce:3a:ec:99:1b:78:
                    4a:f5:af:d5:3e:6f:04:dc:9d:1e:31:84:8b:2b:ad:
                    0a:14:c9:20:42:40:84:8a:b6:39:6e:96:87:0e:5d:
                    1c:68:8c:5b:19:9a:11:47:f4:7b:5a:0d:9e:0a:ad:
                    b4:e3:cb:c5:24:a0:bf:d6:98:d6:1a:b5:6b:cc:4d:
                    e4:ac:41:95:d6:66:08:c4:b7:30:e5:33:df:3f:b7:
                    d3:f0:0d:58:81:dd:3b:c9:fc:3d:23:75:6b:3d:05:
                    eb:1d:a5:62:4b:82:c3:22:4f:24:d1:8f:93:96:8b:
                    de:13:a1:cd:e1:16:28:92:c9:ab:74:76:08:9f:83:
                    66:4c:46:15:c6:9e:12:08:07:de:5e:93:44:a2:1f:
                    7b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:15:33:BE:1E:20:55:50:71:65:29:80:6A:9E:0F:B6:81:01:5D:8B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7fd2fa9-5b75-4de9-9955-8a13a64c8a6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:02:fe:ed:0d:56:d5:f2:c3:a5:f7:21:1d:c0:8c:76:f8:da:
         7e:93:a5:6a:3f:14:70:6b:76:73:39:b7:d1:b8:36:76:4b:71:
         dd:18:78:82:cf:44:3d:cf:44:64:21:ca:26:ee:1e:e4:d1:02:
         8c:db:bd:56:64:d7:98:fa:de:cf:d5:78:13:53:2e:90:00:0c:
         f5:56:5e:7e:d8:45:e3:67:dd:8e:9f:5d:68:8e:45:99:f2:4e:
         98:56:c2:04:d1:b1:02:34:5d:db:3f:c7:f6:1e:fb:14:e3:a5:
         b1:9e:a7:68:68:aa:59:6e:53:5b:3f:1f:77:c9:8b:4d:5e:46:
         e1:7e:19:65:91:e6:48:e1:b2:08:ce:92:68:dc:e8:76:89:2b:
         fd:5a:82:d5:38:93:2e:3a:7c:bf:2b:9d:15:7b:b8:90:8f:f6:
         13:af:a4:00:3c:31:ce:49:2e:a2:1a:46:a7:c8:78:18:3f:97:
         30:7c:a0:07:48:5d:64:e7:07:3e:a0:ba:50:59:24:9d:d8:f6:
         af:e0:04:d5:ad:64:b7:95:0a:07:e6:a5:b2:22:33:fd:1c:7e:
         3a:37:ba:d8:50:b9:e9:ea:5a:ff:cb:60:c9:76:34:cd:30:87:
         60:aa:ee:2b:9c:de:0c:e4:7e:a9:4a:9f:51:4d:77:82:95:a2:
         aa:98:91:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWJB3FTZr7/7fECOumpgOQBNRHgIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE3MjMwMTI5WhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NTJjYjMwODg0MDhkNjhkNjdiMmI2NzBkN2E3ZjdhZmZm
ZmY1NmFhZThlNjU3OTBlNTk0YzBkM2U2YmRlMDBmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDplc8fafJU+r9jhv+dOUL2fRprpFs7+KYEyLNgORTLmxNK
Nt8jC8Fjin0mwJ7Bi/Jhsn1WdEEIk51vX9D/e0kKHwuSR81yVx8WdRpls9WEFmNN
RArT8eWeBWRMS+XtdOibl7BSV7bENgyu9+Xr+rpOb8467JkbeEr1r9U+bwTcnR4x
hIsrrQoUySBCQISKtjlulocOXRxojFsZmhFH9HtaDZ4KrbTjy8UkoL/WmNYatWvM
TeSsQZXWZgjEtzDlM98/t9PwDViB3TvJ/D0jdWs9BesdpWJLgsMiTyTRj5OWi94T
oc3hFiiSyat0dgifg2ZMRhXGnhIIB95ek0SiH3vJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9hUzvh4gVVBxZSmAap4PtoEBXYswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3ZmQyZmE5LTViNzUtNGRlOS05OTU1LThhMTNhNjRjOGE2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA28JEwDQYJKoZIhvcNAQELBQADggEBAF4C/u0NVtXyw6X3IR3AjHb42n6T
pWo/FHBrdnM5t9G4NnZLcd0YeILPRD3PRGQhyibuHuTRAozbvVZk15j63s/VeBNT
LpAADPVWXn7YReNn3Y6fXWiORZnyTphWwgTRsQI0Xds/x/Ye+xTjpbGep2hoqllu
U1s/H3fJi01eRuF+GWWR5kjhsgjOkmjc6HaJK/1agtU4ky46fL8rnRV7uJCP9hOv
pAA8Mc5JLqIaRqfIeBg/lzB8oAdIXWTnBz6gulBZJJ3Y9q/gBNWtZLeVCgfmpbIi
M/0cfjo3uthQuenqWv/LYMl2NM0wh2Cq7iuc3gzkfqlKn1FNd4KVoqqYkX4=
-----END CERTIFICATE-----