Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09c0b728-9d5c-4a60-8b4f-699238a5efd7.roa
File:                     09c0b728-9d5c-4a60-8b4f-699238a5efd7.roa (raw, json)
Hash identifier:          ejRGELUPxRNDQViVAJpniR9vfeZsGT4JYrIdUy+26Z4=
Subject key identifier:   F1:94:E9:75:ED:24:4C:38:E5:05:E6:9E:5C:46:DD:70:FE:A0:3D:EC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3C72BA67DB55849D572891AF8430F635BC06685F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09c0b728-9d5c-4a60-8b4f-699238a5efd7.roa
Signing time:             Sat 18 Oct 2025 10:12:19 +0000
ROA not before:           Sat 18 Oct 2025 10:12:19 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.155.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:72:ba:67:db:55:84:9d:57:28:91:af:84:30:f6:35:bc:06:68:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 10:12:19 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=e8edcd9842db56b1150604870e2eb64daf987526779e0eccbe14b2b29d951137, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b6:f5:0b:35:1f:b1:41:8e:91:90:b9:04:7d:
                    ea:7e:b5:88:dd:07:51:8a:ff:54:7a:a2:f9:77:67:
                    d0:3f:86:96:15:ec:df:8d:40:ce:d5:12:7b:88:54:
                    a7:d3:ad:d6:44:d6:c8:2b:70:e3:93:7d:cb:d8:99:
                    3c:6f:6f:28:1c:a5:94:68:c1:36:b0:21:7e:64:f7:
                    2c:14:fd:c2:ac:92:47:64:66:52:39:a8:c9:c2:40:
                    ae:da:46:4a:74:62:d8:6f:34:05:c5:07:ff:64:ec:
                    c5:7d:7f:a7:99:a5:cf:cf:42:37:bd:9c:bd:27:83:
                    36:c0:5d:3f:a3:eb:5c:fb:07:9e:7a:ad:93:de:f3:
                    23:70:b9:33:8b:1f:90:18:54:71:f4:0e:0c:b6:a3:
                    ce:13:b5:12:28:8b:88:aa:53:d1:bc:69:b1:8a:6c:
                    d6:01:f5:2f:f9:3b:8c:f1:49:02:f0:94:a3:3d:ea:
                    59:96:ab:82:7a:99:d5:52:73:5c:6f:d6:5b:be:d4:
                    ff:72:4f:3a:ab:12:a4:1a:de:9d:d6:b0:5d:fc:3f:
                    5d:80:0b:3b:9c:b1:e8:f8:fd:ce:a1:24:4a:a7:10:
                    54:14:eb:96:9a:2a:f9:a9:0b:73:bd:e5:5c:7d:21:
                    ed:fd:48:23:89:a2:be:65:fb:3c:31:0b:4f:15:05:
                    6b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:94:E9:75:ED:24:4C:38:E5:05:E6:9E:5C:46:DD:70:FE:A0:3D:EC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09c0b728-9d5c-4a60-8b4f-699238a5efd7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.155.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:5d:d7:4f:2f:1a:f6:65:87:ae:16:4a:75:d3:0c:0f:1e:43:
         35:0a:18:6e:26:6b:40:15:41:8c:e7:7c:28:09:a4:ac:3d:94:
         d2:e0:f5:1b:e1:06:14:54:e6:0d:31:66:d8:b0:0f:68:b8:02:
         a7:07:48:e8:8d:dd:1d:23:25:d8:f6:53:fb:f2:2f:ef:5a:2c:
         c4:1f:6b:11:52:e2:c9:b2:e1:1f:c0:77:b8:e4:97:08:66:ee:
         7a:fb:7e:74:47:87:36:7c:b8:6d:61:7c:87:d9:f4:b8:ca:25:
         06:cc:ff:ae:e0:8e:0e:af:6f:06:84:0d:a3:73:cc:f1:52:2b:
         0d:32:72:e2:a3:3a:62:4b:2a:55:91:c6:5c:60:40:c8:1d:e3:
         3b:44:80:2a:1e:db:07:f5:a7:66:22:5d:cc:44:ea:8a:59:69:
         6d:85:f0:3a:89:54:ff:df:75:ca:36:6f:ea:c8:d2:c4:96:e8:
         e4:00:7a:92:1d:65:c2:9a:b0:ea:d9:d3:7d:d2:2e:26:dd:79:
         a9:94:cc:78:9e:ac:f6:a8:31:b9:6e:59:6b:6b:27:90:7c:80:
         8b:c7:f9:8f:06:77:7f:19:af:c0:72:4b:ff:35:62:fd:12:fa:
         8c:8d:ae:fe:f7:51:88:cf:0e:af:05:e2:a3:fe:86:ee:64:23:
         1b:96:a2:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPHK6Z9tVhJ1XKJGvhDD2NbwGaF8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTAxMjE5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOGVkY2Q5ODQyZGI1NmIxMTUwNjA0ODcwZTJlYjY0ZGFm
OTg3NTI2Nzc5ZTBlY2NiZTE0YjJiMjlkOTUxMTM3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKtvULNR+xQY6RkLkEfep+tYjdB1GK/1R6ovl3Z9A/hpYV
7N+NQM7VEnuIVKfTrdZE1sgrcOOTfcvYmTxvbygcpZRowTawIX5k9ywU/cKskkdk
ZlI5qMnCQK7aRkp0YthvNAXFB/9k7MV9f6eZpc/PQje9nL0ngzbAXT+j61z7B556
rZPe8yNwuTOLH5AYVHH0Dgy2o84TtRIoi4iqU9G8abGKbNYB9S/5O4zxSQLwlKM9
6lmWq4J6mdVSc1xv1lu+1P9yTzqrEqQa3p3WsF38P12ACzucsej4/c6hJEqnEFQU
65aaKvmpC3O95Vx9Ie39SCOJor5l+zwxC08VBWu3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8ZTpde0kTDjlBeaeXEbdcP6gPewwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5YzBiNzI4LTlkNWMtNGE2MC04YjRmLTY5OTIzOGE1ZWZkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmwcwDQYJKoZIhvcNAQELBQADggEBAHRd108vGvZlh64WSnXTDA8eQzUK
GG4ma0AVQYznfCgJpKw9lNLg9RvhBhRU5g0xZtiwD2i4AqcHSOiN3R0jJdj2U/vy
L+9aLMQfaxFS4smy4R/Ad7jklwhm7nr7fnRHhzZ8uG1hfIfZ9LjKJQbM/67gjg6v
bwaEDaNzzPFSKw0ycuKjOmJLKlWRxlxgQMgd4ztEgCoe2wf1p2YiXcxE6opZaW2F
8DqJVP/fdco2b+rI0sSW6OQAepIdZcKasOrZ033SLibdeamUzHierPaoMbluWWtr
J5B8gIvH+Y8Gd38Zr8ByS/81Yv0S+oyNrv73UYjPDq8F4qP+hu5kIxuWovA=
-----END CERTIFICATE-----