Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
File:                     fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa (raw, json)
Hash identifier:          F89mYrk3ZmvXISVmP+zyz0ykkjQT3kuyaV4ta17HphM=
Subject key identifier:   45:32:A9:B3:F9:29:52:A9:25:24:0E:6D:57:F4:70:49:CA:62:B3:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       467DD33A59E350C8E58C88F9AA28AB21869C6FBA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa
Signing time:             Fri 26 Sep 2025 16:48:46 +0000
ROA not before:           Fri 26 Sep 2025 16:48:46 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.80.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:7d:d3:3a:59:e3:50:c8:e5:8c:88:f9:aa:28:ab:21:86:9c:6f:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:48:46 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=8b97fe364ddd4c0c788904dfe756d2bc52e4db521ea032f2a544ef01859cbf43, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ee:2c:b9:2b:bf:d5:7c:31:b1:b1:d2:b7:79:
                    c4:cb:c5:ce:fc:41:97:4f:51:e4:87:eb:29:56:0b:
                    18:9d:24:48:91:ce:b2:05:8d:32:44:af:e2:f1:e3:
                    cd:29:68:2b:68:1c:ea:0a:49:b2:47:d7:5e:88:5b:
                    60:89:4b:cd:ec:f5:52:d6:20:c7:4c:ea:76:f1:af:
                    7a:36:3a:c1:b8:5f:94:cb:d0:3c:08:7f:d7:d7:1d:
                    b0:39:1d:d4:28:cb:61:3d:9d:b1:87:76:53:05:e4:
                    59:c0:17:42:96:24:61:4d:0f:5d:2f:ce:83:9a:49:
                    6b:10:21:2e:ab:b1:41:51:e0:ed:5e:9e:cd:91:09:
                    67:ed:f8:0c:21:5c:ee:52:ee:e5:bf:d4:48:b1:b5:
                    6d:bc:70:37:57:96:3c:46:74:86:3e:16:8a:4d:51:
                    6b:39:33:63:7b:43:45:f8:e8:b4:16:c9:0e:c5:40:
                    fa:5a:ef:fe:d6:54:d2:37:27:7d:8b:64:80:c3:bb:
                    13:04:58:a0:42:1e:94:9c:db:61:11:fc:aa:6d:e6:
                    ae:38:05:c0:10:a7:52:a4:c0:67:02:18:c3:a4:4f:
                    72:c9:09:0a:8d:ee:ef:d2:85:28:98:80:6e:6e:ed:
                    84:6e:fc:50:94:49:e0:bf:d9:fd:8d:74:a1:2b:10:
                    69:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:32:A9:B3:F9:29:52:A9:25:24:0E:6D:57:F4:70:49:CA:62:B3:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fb0e1c32-5c4d-4185-8e17-8b0b0070e06f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.80.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         0e:68:ab:31:61:35:27:82:88:3c:4a:8b:7d:25:b2:d0:c9:22:
         ce:eb:7d:a8:76:82:b0:f5:a8:c7:0b:22:df:63:bf:f3:7f:41:
         a7:f1:20:50:78:41:10:1f:e5:e6:ad:ce:be:27:42:e3:9b:28:
         ee:bf:bd:53:9f:3e:86:9c:90:de:fc:15:5c:72:92:5d:64:ff:
         65:51:d5:68:93:4d:e2:93:97:1f:e1:f4:2a:cf:9f:e3:b8:19:
         8f:2d:a1:41:1e:6b:22:b4:37:03:ea:9a:a7:b9:43:b3:4a:1f:
         91:22:86:00:e2:e2:08:f4:76:1b:91:13:64:d2:f1:e4:83:dc:
         77:96:e3:61:bb:b7:97:d9:6d:e8:b2:13:05:4f:3f:0a:fd:12:
         92:7a:4a:ca:81:42:01:50:26:40:4b:0f:72:61:db:87:bc:5f:
         e5:05:b4:a5:07:d0:85:a6:f4:1d:b9:26:a8:d7:f2:f2:61:47:
         21:fc:35:a9:cc:d7:37:0a:04:cb:a9:df:a3:ac:b2:6a:46:51:
         b6:49:07:92:0d:11:ef:a1:24:a5:02:6e:8d:b5:62:1a:c8:66:
         9d:69:94:8d:14:cc:43:9d:e3:ab:34:01:47:9d:d8:a4:07:99:
         c7:0a:2f:92:08:d3:f1:6e:77:53:ac:c8:bc:89:ff:0d:54:74:
         b7:cd:38:ac
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURn3TOlnjUMjljIj5qiirIYacb7owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTY0ODQ2WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Yjk3ZmUzNjRkZGQ0YzBjNzg4OTA0ZGZlNzU2ZDJiYzUy
ZTRkYjUyMWVhMDMyZjJhNTQ0ZWYwMTg1OWNiZjQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC7iy5K7/VfDGxsdK3ecTLxc78QZdPUeSH6ylWCxidJEiR
zrIFjTJEr+Lx480paCtoHOoKSbJH116IW2CJS83s9VLWIMdM6nbxr3o2OsG4X5TL
0DwIf9fXHbA5HdQoy2E9nbGHdlMF5FnAF0KWJGFND10vzoOaSWsQIS6rsUFR4O1e
ns2RCWft+AwhXO5S7uW/1EixtW28cDdXljxGdIY+FopNUWs5M2N7Q0X46LQWyQ7F
QPpa7/7WVNI3J32LZIDDuxMEWKBCHpSc22ER/Kpt5q44BcAQp1KkwGcCGMOkT3LJ
CQqN7u/ShSiYgG5u7YRu/FCUSeC/2f2NdKErEGmfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURTKps/kpUqklJA5tV/RwScpis3cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZiMGUxYzMyLTVjNGQtNDE4NS04ZTE3LThiMGIwMDcwZTA2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjUDANBgkqhkiG9w0BAQsFAAOCAQEADmirMWE1J4KIPEqLfSWy0Mkizut9
qHaCsPWoxwsi32O/839Bp/EgUHhBEB/l5q3OvidC45so7r+9U58+hpyQ3vwVXHKS
XWT/ZVHVaJNN4pOXH+H0Ks+f47gZjy2hQR5rIrQ3A+qap7lDs0ofkSKGAOLiCPR2
G5ETZNLx5IPcd5bjYbu3l9lt6LITBU8/Cv0SknpKyoFCAVAmQEsPcmHbh7xf5QW0
pQfQhab0HbkmqNfy8mFHIfw1qczXNwoEy6nfo6yyakZRtkkHkg0R76EkpQJujbVi
GshmnWmUjRTMQ53jqzQBR53YpAeZxwovkgjT8W53U6zIvIn/DVR0t804rA==
-----END CERTIFICATE-----