Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ca0c7f0-b5ff-4980-9ec2-28fb5b8cbc44.roa
File:                     0ca0c7f0-b5ff-4980-9ec2-28fb5b8cbc44.roa (raw, json)
Hash identifier:          rG6Ygr0nAOZA1fZaxMtAwvg7N/qLw+v4/pky1Q1iCto=
Subject key identifier:   FF:C3:27:6B:72:01:55:04:B2:87:57:3C:56:80:08:1E:C3:A4:71:46
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3146A1578382F216C3C3BF49954BAEA2D939B84F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ca0c7f0-b5ff-4980-9ec2-28fb5b8cbc44.roa
Signing time:             Sun 19 Oct 2025 10:40:08 +0000
ROA not before:           Sun 19 Oct 2025 10:40:08 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:46:a1:57:83:82:f2:16:c3:c3:bf:49:95:4b:ae:a2:d9:39:b8:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 10:40:08 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=4c2fcb6a192a51ee81c68e04109ea3a5d397c553f4080d705486d13b11287f04, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:53:4a:ce:fc:ba:f4:d1:91:0b:41:d0:b8:90:
                    15:2a:84:12:27:c5:c9:7e:84:ff:39:96:0b:c9:bb:
                    b2:3a:cb:56:94:c3:8b:d7:26:7e:6b:3d:61:7e:f8:
                    6f:7e:dd:a6:51:55:f7:61:36:60:aa:9c:ef:73:c4:
                    ab:f9:3c:05:d5:43:6d:cd:53:0d:f6:58:b1:5a:b5:
                    30:85:66:a1:ec:d6:67:6d:eb:68:f5:26:0b:c7:c1:
                    12:32:4a:10:71:bb:be:e2:52:ba:94:f4:5c:7f:17:
                    cb:23:15:06:85:0e:1b:39:37:1a:84:5f:3f:ca:2f:
                    35:3b:89:1d:9a:22:47:9a:e3:37:a4:96:f7:3c:83:
                    d0:f5:ff:4c:c6:b8:e0:b9:c2:9d:82:d6:56:0f:6d:
                    6a:75:c9:5e:7c:c0:0f:14:29:e4:c3:d3:6b:1d:3f:
                    95:e2:fb:fa:99:84:97:be:63:4e:01:66:e8:18:c7:
                    6e:77:14:a6:34:d6:e2:4f:67:3f:dd:0e:ad:a1:6b:
                    ab:6b:17:65:4f:9d:ca:ec:f0:67:90:3e:4b:0c:b9:
                    36:de:be:bc:ae:84:bf:af:e4:03:62:68:c6:0d:0d:
                    e3:d1:39:44:bc:5e:00:f1:1c:1b:31:5a:93:8d:8a:
                    63:db:15:81:3c:82:5b:56:40:0d:94:86:0d:ea:a8:
                    e4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C3:27:6B:72:01:55:04:B2:87:57:3C:56:80:08:1E:C3:A4:71:46
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ca0c7f0-b5ff-4980-9ec2-28fb5b8cbc44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:32:1a:a2:b8:0e:96:ad:2c:ba:55:43:c5:f1:75:05:5c:80:
         10:90:75:89:30:c6:0b:4f:b0:f6:8c:67:14:c8:b1:36:34:7f:
         2c:d8:12:0e:49:f6:a1:57:f0:e1:6c:99:f5:d7:d8:75:9e:fb:
         ed:3d:ae:31:d0:d7:48:19:e1:56:fe:f8:de:3b:75:be:dd:59:
         89:b7:48:31:cf:70:82:7e:aa:ad:f0:41:8e:e3:8b:3f:6a:d3:
         a7:44:79:0c:58:a0:89:9b:f7:3b:e5:e0:e4:7e:76:47:32:c7:
         5c:6a:19:f1:61:58:8e:bc:0e:92:f7:8f:d1:67:41:4d:db:83:
         cc:3d:d9:60:b7:2a:61:9d:42:21:8e:74:6d:90:d0:63:07:9f:
         a4:7c:0e:12:b7:84:e5:d8:b3:c9:f6:f9:5f:d5:f6:e7:7e:1a:
         5e:09:1d:62:bc:0a:76:15:f2:47:24:ee:ce:a1:16:df:a1:86:
         ea:99:ab:da:37:64:74:e7:e8:07:bf:86:f4:aa:c1:31:7c:83:
         82:1f:1b:4b:da:5d:d4:11:10:38:6f:78:d9:47:97:b9:02:fd:
         7a:51:7a:37:4c:76:87:7d:df:75:1b:16:e5:12:6e:06:d0:ac:
         4a:f5:76:2a:f1:00:b1:46:ab:ca:47:a4:9a:a5:c2:a2:d3:25:
         52:bd:42:1a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMUahV4OC8hbDw79JlUuuotk5uE8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTA0MDA4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzJmY2I2YTE5MmE1MWVlODFjNjhlMDQxMDllYTNhNWQz
OTdjNTUzZjQwODBkNzA1NDg2ZDEzYjExMjg3ZjA0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqU0rO/Lr00ZELQdC4kBUqhBInxcl+hP85lgvJu7I6y1aU
w4vXJn5rPWF++G9+3aZRVfdhNmCqnO9zxKv5PAXVQ23NUw32WLFatTCFZqHs1mdt
62j1JgvHwRIyShBxu77iUrqU9Fx/F8sjFQaFDhs5NxqEXz/KLzU7iR2aIkea4zek
lvc8g9D1/0zGuOC5wp2C1lYPbWp1yV58wA8UKeTD02sdP5Xi+/qZhJe+Y04BZugY
x253FKY01uJPZz/dDq2ha6trF2VPncrs8GeQPksMuTbevryuhL+v5ANiaMYNDePR
OUS8XgDxHBsxWpONimPbFYE8gltWQA2Uhg3qqORlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/8Mna3IBVQSyh1c8VoAIHsOkcUYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBjYTBjN2YwLWI1ZmYtNDk4MC05ZWMyLTI4ZmI1YjhjYmM0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISQCgwDQYJKoZIhvcNAQELBQADggEBAK8yGqK4DpatLLpVQ8XxdQVcgBCQ
dYkwxgtPsPaMZxTIsTY0fyzYEg5J9qFX8OFsmfXX2HWe++09rjHQ10gZ4Vb++N47
db7dWYm3SDHPcIJ+qq3wQY7jiz9q06dEeQxYoImb9zvl4OR+dkcyx1xqGfFhWI68
DpL3j9FnQU3bg8w92WC3KmGdQiGOdG2Q0GMHn6R8DhK3hOXYs8n2+V/V9ud+Gl4J
HWK8CnYV8kck7s6hFt+hhuqZq9o3ZHTn6Ae/hvSqwTF8g4IfG0vaXdQREDhveNlH
l7kC/XpRejdMdod933UbFuUSbgbQrEr1dirxALFGq8pHpJqlwqLTJVK9Qho=
-----END CERTIFICATE-----