Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00dba270-a715-4178-a587-73cd2d17620b.roa
File:                     00dba270-a715-4178-a587-73cd2d17620b.roa (raw, json)
Hash identifier:          oHYeqrmwXGsylOWyh5IssKTDDE4pTPXbAvzPG7Rvzas=
Subject key identifier:   9B:34:A9:B8:C5:B4:A7:77:72:05:8B:E0:77:F7:58:DA:E0:D3:61:C6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       134749C3ACC240D323D5EA4F79BE6F35D3A97EDA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00dba270-a715-4178-a587-73cd2d17620b.roa
Signing time:             Sat 18 Oct 2025 09:23:37 +0000
ROA not before:           Sat 18 Oct 2025 09:23:37 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.160.48.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:47:49:c3:ac:c2:40:d3:23:d5:ea:4f:79:be:6f:35:d3:a9:7e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 09:23:37 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=63e694a2d3cabc148ba6a34d9ebf804dbee374a1900fbd6aad8b4ac9ff6722b8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:06:8a:46:a2:2e:a9:2e:ee:d3:85:a4:41:dc:
                    ea:ff:c3:a8:77:e3:90:84:d1:b9:1e:fe:d4:18:94:
                    27:3c:18:67:e2:70:7d:66:d3:1d:e8:73:43:e6:7e:
                    be:c5:d3:87:05:b5:0d:ac:b9:61:f8:6d:4a:d7:82:
                    e4:3e:ce:23:ee:00:31:48:28:3f:f0:0a:3f:39:ad:
                    84:2f:fc:21:8f:bd:e2:33:81:b9:63:93:b8:cb:c3:
                    6f:d6:d4:67:ed:32:27:be:09:cf:31:2e:35:f4:30:
                    67:c0:68:0d:85:a5:fe:e1:3f:70:dd:c7:7c:e2:1d:
                    c6:50:fb:be:c7:fc:4f:ce:97:2d:87:50:b7:ac:10:
                    92:73:3f:b3:57:ad:c1:96:00:99:d7:d7:5f:1a:49:
                    38:43:af:3c:c3:68:a0:5d:61:8d:ed:96:a9:3c:49:
                    77:86:b1:5d:13:8e:c3:4e:ed:43:09:2b:50:70:f8:
                    2a:9a:1a:db:9b:f7:f0:61:58:04:e7:7d:25:ee:60:
                    fe:27:1d:f5:01:b1:74:2d:fd:ce:3f:5c:1e:4b:2b:
                    55:d8:d7:dd:0d:bc:90:40:08:79:01:c2:90:ec:76:
                    42:a6:1a:e6:14:19:c2:08:33:97:65:fa:7b:f8:09:
                    85:16:55:75:d6:8e:58:aa:82:74:26:d2:de:f4:60:
                    59:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:34:A9:B8:C5:B4:A7:77:72:05:8B:E0:77:F7:58:DA:E0:D3:61:C6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00dba270-a715-4178-a587-73cd2d17620b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.160.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:55:83:b9:e4:02:60:d0:e6:80:69:8b:e4:b5:31:34:49:34:
         b9:cb:ed:45:f9:87:07:15:7b:1f:01:71:42:f4:ae:55:3b:5a:
         e3:e1:0f:00:f6:4f:f3:8a:95:02:1f:2d:3e:01:55:46:3f:26:
         dc:c0:88:87:c7:62:4c:fd:ba:11:91:4a:f6:03:e3:0c:c3:79:
         f4:1f:84:28:c5:74:f5:a9:f7:65:bb:5f:f6:8f:a2:d9:fe:72:
         39:b8:22:a4:69:f8:49:00:90:0a:b6:d0:c2:ba:36:26:66:25:
         31:c6:e7:b1:f5:65:a8:81:3f:4b:08:e8:03:66:5d:e8:8e:65:
         4f:99:4c:de:ad:df:fb:80:5e:cf:6e:80:b8:12:72:0b:2d:88:
         8e:0e:6f:47:6f:94:5f:03:36:d3:21:28:4a:fd:34:b9:7b:a3:
         33:de:9a:31:ff:63:2e:c6:78:75:de:22:7b:0b:01:52:35:af:
         2e:7b:6c:53:5f:33:54:10:13:15:cd:70:23:a3:14:a5:56:70:
         5d:fa:f5:75:81:67:d9:22:75:fc:98:ce:0b:65:04:2f:4e:1c:
         6a:3f:7b:a8:b9:b0:67:cb:42:81:da:c0:a1:39:f9:8e:66:d6:
         0d:f9:3c:c3:0e:48:ae:dd:b3:a4:81:31:1f:61:5d:8f:89:2b:
         86:12:20:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE0dJw6zCQNMj1epPeb5vNdOpftowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDkyMzM3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2M2U2OTRhMmQzY2FiYzE0OGJhNmEzNGQ5ZWJmODA0ZGJl
ZTM3NGExOTAwZmJkNmFhZDhiNGFjOWZmNjcyMmI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhBopGoi6pLu7ThaRB3Or/w6h345CE0bke/tQYlCc8GGfi
cH1m0x3oc0Pmfr7F04cFtQ2suWH4bUrXguQ+ziPuADFIKD/wCj85rYQv/CGPveIz
gbljk7jLw2/W1GftMie+Cc8xLjX0MGfAaA2Fpf7hP3Ddx3ziHcZQ+77H/E/Oly2H
ULesEJJzP7NXrcGWAJnX118aSThDrzzDaKBdYY3tlqk8SXeGsV0TjsNO7UMJK1Bw
+CqaGtub9/BhWATnfSXuYP4nHfUBsXQt/c4/XB5LK1XY190NvJBACHkBwpDsdkKm
GuYUGcIIM5dl+nv4CYUWVXXWjliqgnQm0t70YFl/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmzSpuMW0p3dyBYvgd/dY2uDTYcYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwZGJhMjcwLWE3MTUtNDE3OC1hNTg3LTczY2QyZDE3NjIwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoDAwDQYJKoZIhvcNAQELBQADggEBAHJVg7nkAmDQ5oBpi+S1MTRJNLnL
7UX5hwcVex8BcUL0rlU7WuPhDwD2T/OKlQIfLT4BVUY/JtzAiIfHYkz9uhGRSvYD
4wzDefQfhCjFdPWp92W7X/aPotn+cjm4IqRp+EkAkAq20MK6NiZmJTHG57H1ZaiB
P0sI6ANmXeiOZU+ZTN6t3/uAXs9ugLgScgstiI4Ob0dvlF8DNtMhKEr9NLl7ozPe
mjH/Yy7GeHXeInsLAVI1ry57bFNfM1QQExXNcCOjFKVWcF369XWBZ9kidfyYzgtl
BC9OHGo/e6i5sGfLQoHawKE5+Y5m1g35PMMOSK7ds6SBMR9hXY+JK4YSIIY=
-----END CERTIFICATE-----