Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/05e252dd-2385-41ab-9ab5-0c49ae5da00f.roa
File:                     05e252dd-2385-41ab-9ab5-0c49ae5da00f.roa (raw, json)
Hash identifier:          EeP9PIM8TrOuBbdkLWOBeTO029YtNrZ8D5m11VgjE4c=
Subject key identifier:   DC:73:3B:E5:BA:B6:CC:A9:22:7E:90:17:1A:FE:16:7A:3E:27:1B:07
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6B85144633ADED90E2A61E24DF1C63D578B34912
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/05e252dd-2385-41ab-9ab5-0c49ae5da00f.roa
Signing time:             Sat 18 Oct 2025 09:40:09 +0000
ROA not before:           Sat 18 Oct 2025 09:40:09 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:85:14:46:33:ad:ed:90:e2:a6:1e:24:df:1c:63:d5:78:b3:49:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 09:40:09 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=bbce68ee9d36e8ccbff85c4c541657cf3325e9c62db63a58f0ec9ece1eff80d0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:70:21:a1:63:be:98:fa:d7:5a:8b:cb:6b:52:
                    f4:25:17:7d:34:d4:cc:7a:c3:45:97:98:47:e7:cc:
                    79:1e:66:f6:b6:85:e4:81:a8:39:b4:08:7b:a4:9c:
                    26:05:4c:ae:85:d2:35:33:6b:33:cc:3e:34:b4:ca:
                    65:64:f5:5d:b5:a7:e7:eb:d6:c2:7e:2a:10:91:e0:
                    ed:75:eb:42:2f:34:2f:f0:fd:de:59:a9:9f:10:9a:
                    bb:21:cd:f4:17:15:af:7c:ca:be:ac:36:67:2f:26:
                    8b:ed:a6:53:47:e5:f1:12:42:96:d9:5b:b9:03:8e:
                    1d:05:a9:46:be:ec:0a:ba:90:40:ed:42:96:ea:73:
                    38:f3:9d:ad:f3:7b:5d:60:ef:f8:9a:9d:3d:d6:86:
                    3f:8a:8f:08:58:fc:65:a1:10:fd:88:77:a1:01:52:
                    0d:32:b3:d8:2b:5c:d4:22:52:0d:a4:ec:f9:76:c1:
                    03:1f:b0:dd:a7:ff:1f:89:47:db:ca:1c:34:e9:aa:
                    9f:2f:f7:99:63:a3:b8:5f:1a:73:68:6a:dc:6c:bd:
                    93:1f:a5:89:89:83:91:44:42:af:6d:4e:cc:a1:7c:
                    11:1b:c9:6b:57:d4:8f:f9:de:f9:3a:10:18:e5:01:
                    2e:12:17:8c:41:c2:b0:88:52:b6:c1:03:bd:bc:c8:
                    81:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:73:3B:E5:BA:B6:CC:A9:22:7E:90:17:1A:FE:16:7A:3E:27:1B:07
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/05e252dd-2385-41ab-9ab5-0c49ae5da00f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:d0:7b:9b:41:53:8b:6d:c6:eb:83:ce:19:eb:2a:7f:61:47:
         03:fb:c1:2e:13:f9:e1:40:4c:2a:87:8f:1a:a9:2a:13:c9:62:
         9e:6b:d0:75:8b:03:c9:38:2e:51:ad:ef:39:da:2f:e9:dc:aa:
         19:d9:a6:68:fb:ea:59:25:fa:2e:15:ce:c7:63:59:42:f9:4d:
         e3:b9:35:81:26:73:f5:bc:27:2d:2b:9f:e6:76:ee:3a:44:bb:
         e3:e5:3a:65:35:81:12:36:ff:8f:b0:97:51:bf:4f:dd:b5:48:
         0d:d1:a0:41:4c:8f:03:ce:4a:2e:32:28:25:4b:1c:bb:78:ac:
         5e:d7:e7:10:13:e3:6c:ba:e9:4e:ce:e0:30:61:5a:01:47:37:
         09:35:ab:9b:6b:86:3c:a4:93:d0:11:dd:c3:9b:59:96:e1:2a:
         90:3a:b0:ab:ba:68:25:bb:16:9a:bd:51:c7:82:69:80:5c:aa:
         40:48:4d:d6:75:1b:e1:06:ac:28:02:58:f2:9b:0d:d7:1c:79:
         65:11:62:30:4f:1e:77:1d:81:7e:5e:37:e0:3c:eb:1c:a0:13:
         1d:29:53:49:4c:07:b6:bf:56:ff:bb:fe:10:ba:cd:82:9d:68:
         54:42:6e:8b:1a:8c:e0:0f:cd:8c:e3:ad:12:27:8f:0c:b0:d3:
         b7:d4:96:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa4UURjOt7ZDiph4k3xxj1XizSRIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDk0MDA5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYmNlNjhlZTlkMzZlOGNjYmZmODVjNGM1NDE2NTdjZjMz
MjVlOWM2MmRiNjNhNThmMGVjOWVjZTFlZmY4MGQwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClcCGhY76Y+tdai8trUvQlF3001Mx6w0WXmEfnzHkeZva2
heSBqDm0CHuknCYFTK6F0jUzazPMPjS0ymVk9V21p+fr1sJ+KhCR4O1160IvNC/w
/d5ZqZ8QmrshzfQXFa98yr6sNmcvJovtplNH5fESQpbZW7kDjh0FqUa+7Aq6kEDt
Qpbqczjzna3ze11g7/ianT3Whj+KjwhY/GWhEP2Id6EBUg0ys9grXNQiUg2k7Pl2
wQMfsN2n/x+JR9vKHDTpqp8v95ljo7hfGnNoatxsvZMfpYmJg5FEQq9tTsyhfBEb
yWtX1I/53vk6EBjlAS4SF4xBwrCIUrbBA728yIFFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3HM75bq2zKkifpAXGv4Wej4nGwcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA1ZTI1MmRkLTIzODUtNDFhYi05YWI1LTBjNDlhZTVkYTAwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISpcAwDQYJKoZIhvcNAQELBQADggEBACHQe5tBU4ttxuuDzhnrKn9hRwP7
wS4T+eFATCqHjxqpKhPJYp5r0HWLA8k4LlGt7znaL+ncqhnZpmj76lkl+i4Vzsdj
WUL5TeO5NYEmc/W8Jy0rn+Z27jpEu+PlOmU1gRI2/4+wl1G/T921SA3RoEFMjwPO
Si4yKCVLHLt4rF7X5xAT42y66U7O4DBhWgFHNwk1q5trhjykk9AR3cObWZbhKpA6
sKu6aCW7Fpq9UceCaYBcqkBITdZ1G+EGrCgCWPKbDdcceWURYjBPHncdgX5eN+A8
6xygEx0pU0lMB7a/Vv+7/hC6zYKdaFRCbosajOAPzYzjrRInjwyw07fUliw=
-----END CERTIFICATE-----