Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0721ea50-b7af-4b83-ae8e-1fd8979dad10.roa
File:                     0721ea50-b7af-4b83-ae8e-1fd8979dad10.roa (raw, json)
Hash identifier:          Ieq3bqirx3cINtZdbmsgUPFYU2O9wOdWsjskvDMUW8I=
Subject key identifier:   12:7F:4E:4A:F1:7E:AE:21:14:2B:82:69:80:CA:82:81:95:B1:08:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       11DED5C7DC1F8252C407DAD40A308C687FFEEEF7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0721ea50-b7af-4b83-ae8e-1fd8979dad10.roa
Signing time:             Sat 18 Oct 2025 06:11:15 +0000
ROA not before:           Sat 18 Oct 2025 06:11:15 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:de:d5:c7:dc:1f:82:52:c4:07:da:d4:0a:30:8c:68:7f:fe:ee:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 06:11:15 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=ceaa41cd04f1e57e3b07cbae34010d51f2887bef81a87454010aafaba46592cb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d0:7c:c0:a8:b6:d7:e5:b7:16:60:35:ff:0d:
                    99:8b:40:38:a9:8b:b7:6c:11:77:30:eb:d3:cf:da:
                    7b:cc:bb:b7:71:c5:8d:c8:ea:68:f9:c2:e0:d3:00:
                    2d:31:9f:da:2d:2d:ab:72:f8:ae:d3:a4:8a:38:c7:
                    f2:05:d0:7a:f0:26:95:31:b0:5f:8d:9b:0e:ab:54:
                    5e:39:47:01:e6:03:03:9e:a6:e8:55:97:6f:cc:b8:
                    b9:0a:cc:bb:bb:e8:5f:5f:ef:c5:5e:c6:da:c5:5d:
                    6b:72:e3:67:12:b4:01:3d:e0:e5:8e:1d:e7:60:2a:
                    e0:6f:c9:ab:bb:7a:d5:a6:f3:fc:e8:f6:e8:d0:21:
                    00:02:46:5d:f9:94:8d:be:62:93:e2:06:c1:1a:7a:
                    ce:56:18:32:51:a2:91:64:11:5e:1d:b3:47:24:69:
                    8b:61:fe:b4:2b:7e:ed:87:3b:d9:fb:61:52:4a:03:
                    0c:d8:bc:23:ab:d2:fd:0c:36:04:22:3b:47:f1:68:
                    96:49:9c:f8:a0:f4:fd:dd:47:c8:0d:29:ef:fc:13:
                    21:5e:64:d5:e3:68:ec:7b:22:f4:01:36:b8:c2:20:
                    cc:4a:6f:41:7f:15:c2:09:e0:ca:b4:c9:a0:51:2a:
                    83:da:87:3c:73:09:fe:c6:a7:7b:49:81:d7:99:69:
                    ca:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:7F:4E:4A:F1:7E:AE:21:14:2B:82:69:80:CA:82:81:95:B1:08:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0721ea50-b7af-4b83-ae8e-1fd8979dad10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:d2:92:ff:d7:5b:4f:ae:c6:14:ae:7d:66:ab:5b:5d:96:30:
         87:f0:66:ac:d1:67:10:95:87:fb:00:2b:7d:2d:a5:17:a3:d8:
         06:c2:16:bb:49:e1:34:9f:6d:5a:17:b2:28:45:12:3e:ed:26:
         ba:a2:f7:a8:51:94:ae:1c:44:99:7d:af:96:9e:f8:4b:c4:8f:
         91:c6:79:9d:9a:c8:66:10:01:18:42:e7:ba:5d:ba:72:16:aa:
         d4:95:c7:5a:6a:8d:e1:8a:e4:7c:b2:32:41:70:75:4f:d3:ae:
         d0:db:32:af:07:00:a8:c6:8c:04:39:04:f8:5b:2f:a0:33:83:
         e2:c5:13:3c:19:7a:15:5a:e9:2d:d8:18:64:5f:82:d1:77:92:
         d7:96:2d:21:23:77:f6:b7:b5:f6:80:c6:2a:8e:60:08:4c:1d:
         31:eb:fa:ae:3c:3e:3b:a0:07:eb:37:ef:86:b8:7c:44:d5:e4:
         9b:03:fc:41:96:57:2f:6c:fd:17:a6:7d:60:23:49:2b:05:d4:
         9e:34:37:8c:7e:79:93:6e:63:21:1a:9c:c6:44:92:52:6b:87:
         91:e9:17:6e:42:81:d7:ba:d2:a5:93:e8:f9:8c:1d:35:db:60:
         b1:29:ab:c8:d5:1b:f5:20:8b:14:e2:f9:cc:a7:b4:20:49:6b:
         0a:c8:f8:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEd7Vx9wfglLEB9rUCjCMaH/+7vcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDYxMTE1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWFhNDFjZDA0ZjFlNTdlM2IwN2NiYWUzNDAxMGQ1MWYy
ODg3YmVmODFhODc0NTQwMTBhYWZhYmE0NjU5MmNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDX0HzAqLbX5bcWYDX/DZmLQDipi7dsEXcw69PP2nvMu7dx
xY3I6mj5wuDTAC0xn9otLaty+K7TpIo4x/IF0HrwJpUxsF+Nmw6rVF45RwHmAwOe
puhVl2/MuLkKzLu76F9f78VextrFXWty42cStAE94OWOHedgKuBvyau7etWm8/zo
9ujQIQACRl35lI2+YpPiBsEaes5WGDJRopFkEV4ds0ckaYth/rQrfu2HO9n7YVJK
AwzYvCOr0v0MNgQiO0fxaJZJnPig9P3dR8gNKe/8EyFeZNXjaOx7IvQBNrjCIMxK
b0F/FcIJ4Mq0yaBRKoPahzxzCf7Gp3tJgdeZacp1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEn9OSvF+riEUK4JpgMqCgZWxCDowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3MjFlYTUwLWI3YWYtNGI4My1hZThlLTFmZDg5NzlkYWQxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpaYwDQYJKoZIhvcNAQELBQADggEBAHjSkv/XW0+uxhSufWarW12WMIfw
ZqzRZxCVh/sAK30tpRej2AbCFrtJ4TSfbVoXsihFEj7tJrqi96hRlK4cRJl9r5ae
+EvEj5HGeZ2ayGYQARhC57pdunIWqtSVx1pqjeGK5HyyMkFwdU/TrtDbMq8HAKjG
jAQ5BPhbL6Azg+LFEzwZehVa6S3YGGRfgtF3kteWLSEjd/a3tfaAxiqOYAhMHTHr
+q48PjugB+s374a4fETV5JsD/EGWVy9s/RemfWAjSSsF1J40N4x+eZNuYyEanMZE
klJrh5HpF25Cgde60qWT6PmMHTXbYLEpq8jVG/UgixTi+cyntCBJawrI+Oc=
-----END CERTIFICATE-----