Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10bb1cf2-55d6-4e70-9164-6410052b6914.roa
File:                     10bb1cf2-55d6-4e70-9164-6410052b6914.roa (raw, json)
Hash identifier:          ZaeGeDvAyjCDqJp3T1wbU9SiVTtAWsCFgsJQNZMP3h4=
Subject key identifier:   09:B3:B0:8B:29:9B:EC:DE:08:FF:D6:76:7A:B2:B4:5D:6E:A1:2D:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       683399EE9F4FF89E467F05E5C4A9846D4F37F056
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10bb1cf2-55d6-4e70-9164-6410052b6914.roa
Signing time:             Sat 18 Oct 2025 13:40:14 +0000
ROA not before:           Sat 18 Oct 2025 13:40:14 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.173.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:33:99:ee:9f:4f:f8:9e:46:7f:05:e5:c4:a9:84:6d:4f:37:f0:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 13:40:14 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=24a76d493e4c572963d45df76041bac926a7b2841e1a169136a3e9760cb19328, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:22:6e:8c:b6:a9:4e:14:c8:e7:79:3a:77:ad:
                    83:3c:97:13:2b:23:ac:41:f3:68:38:39:5c:dd:c9:
                    5b:13:6a:c2:33:f1:5e:88:ad:da:c0:3e:ec:c0:2a:
                    16:52:2e:94:d4:4c:ff:e8:3a:4f:ee:87:52:00:20:
                    e9:46:d6:d7:83:04:34:8e:dc:e5:8e:6a:4f:95:3b:
                    dd:27:a5:61:72:01:1a:24:01:34:7a:8b:53:fd:10:
                    60:11:b6:34:55:17:17:b2:7d:95:3e:5f:df:3d:f4:
                    ee:98:cf:c9:3c:48:60:38:34:47:55:55:4b:32:79:
                    87:7e:98:31:3f:30:bb:9f:9a:13:9d:70:be:8b:6d:
                    ec:0a:e4:bc:14:fb:f5:22:fa:67:33:8a:43:33:43:
                    34:28:17:05:e1:e6:49:14:55:65:8d:18:f9:e4:9b:
                    56:35:16:69:d0:85:c3:6b:e0:f6:17:00:44:e9:00:
                    b6:d9:7f:69:c9:d2:74:91:94:20:f0:c8:9a:ce:a7:
                    34:b9:3e:f3:8a:3b:77:f2:ed:0e:65:6a:e2:5a:81:
                    ca:9d:48:62:f5:e2:30:4a:bd:ae:ab:76:c9:6f:c8:
                    e5:06:ae:8d:26:c3:36:bc:7d:d2:ae:b4:57:43:4d:
                    7e:3f:17:e5:73:e5:85:a9:d0:44:f6:85:ae:df:bd:
                    39:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B3:B0:8B:29:9B:EC:DE:08:FF:D6:76:7A:B2:B4:5D:6E:A1:2D:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10bb1cf2-55d6-4e70-9164-6410052b6914.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.173.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:e9:14:dd:95:30:25:00:bf:d1:c2:4c:3e:19:22:31:73:81:
         65:8b:53:d1:e9:4a:bf:5e:a7:6d:d5:a5:04:33:83:6f:bc:2a:
         f2:84:42:c9:fb:55:d3:ef:df:a5:c9:06:63:56:42:21:ad:4f:
         3e:d5:dd:98:37:15:7e:10:89:72:65:6b:aa:36:d0:2f:71:b2:
         e4:40:69:50:7d:88:e4:a1:2c:3d:47:a6:a2:0b:46:ea:55:77:
         91:15:fb:e7:e1:a8:62:c3:f5:80:23:0a:a1:df:21:05:03:ab:
         67:73:31:da:2b:26:45:3d:05:48:67:c9:e7:67:78:61:99:76:
         fd:82:ad:b2:24:45:7c:4d:32:f8:36:86:59:c9:28:94:74:dc:
         6c:db:de:03:db:1f:a6:9c:8d:80:b5:8f:56:be:70:f0:dc:f8:
         4d:b6:92:cd:22:8c:e3:4e:dd:dc:49:ab:45:e6:30:40:54:36:
         8a:57:c3:77:e8:b4:2b:48:6a:e0:5e:b8:47:f6:62:f4:2f:37:
         e8:03:9c:7b:0f:40:62:42:55:07:57:2d:e6:d3:8c:1e:65:94:
         51:3b:ea:a2:0e:7b:26:ba:a3:63:14:95:f3:dc:a3:19:d4:f6:
         0c:e6:ea:71:61:8a:08:20:3f:80:0f:0e:ba:4a:4a:ec:a6:3a:
         4f:15:43:12
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaDOZ7p9P+J5GfwXlxKmEbU838FYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTM0MDE0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGE3NmQ0OTNlNGM1NzI5NjNkNDVkZjc2MDQxYmFjOTI2
YTdiMjg0MWUxYTE2OTEzNmEzZTk3NjBjYjE5MzI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVIm6MtqlOFMjneTp3rYM8lxMrI6xB82g4OVzdyVsTasIz
8V6IrdrAPuzAKhZSLpTUTP/oOk/uh1IAIOlG1teDBDSO3OWOak+VO90npWFyARok
ATR6i1P9EGARtjRVFxeyfZU+X9899O6Yz8k8SGA4NEdVVUsyeYd+mDE/MLufmhOd
cL6LbewK5LwU+/Ui+mczikMzQzQoFwXh5kkUVWWNGPnkm1Y1FmnQhcNr4PYXAETp
ALbZf2nJ0nSRlCDwyJrOpzS5PvOKO3fy7Q5lauJagcqdSGL14jBKva6rdslvyOUG
ro0mwza8fdKutFdDTX4/F+Vz5YWp0ET2ha7fvTkZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCbOwiymb7N4I/9Z2erK0XW6hLbEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEwYmIxY2YyLTU1ZDYtNGU3MC05MTY0LTY0MTAwNTJiNjkxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISregwDQYJKoZIhvcNAQELBQADggEBACDpFN2VMCUAv9HCTD4ZIjFzgWWL
U9HpSr9ep23VpQQzg2+8KvKEQsn7VdPv36XJBmNWQiGtTz7V3Zg3FX4QiXJla6o2
0C9xsuRAaVB9iOShLD1HpqILRupVd5EV++fhqGLD9YAjCqHfIQUDq2dzMdorJkU9
BUhnyedneGGZdv2CrbIkRXxNMvg2hlnJKJR03Gzb3gPbH6acjYC1j1a+cPDc+E22
ks0ijONO3dxJq0XmMEBUNopXw3fotCtIauBeuEf2YvQvN+gDnHsPQGJCVQdXLebT
jB5llFE76qIOeya6o2MUlfPcoxnU9gzm6nFhigggP4APDrpKSuymOk8VQxI=
-----END CERTIFICATE-----