Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e155fd7-db12-43c8-b6d6-1391c8f04c6b.roa
File:                     1e155fd7-db12-43c8-b6d6-1391c8f04c6b.roa (raw, json)
Hash identifier:          STcW0+oOa/remwgETYTN5YnLfSOJopRwno/AH3D0h00=
Subject key identifier:   22:99:39:82:38:BB:72:E2:11:4B:04:00:7E:D8:46:F0:CA:CB:19:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       100E1EAB7BB46CA36749F09E33901A995D101DAA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e155fd7-db12-43c8-b6d6-1391c8f04c6b.roa
Signing time:             Sat 18 Oct 2025 18:53:32 +0000
ROA not before:           Sat 18 Oct 2025 18:53:32 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.172.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:0e:1e:ab:7b:b4:6c:a3:67:49:f0:9e:33:90:1a:99:5d:10:1d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 18:53:32 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=94d628ef52508ccd8a396f4f2e9da07c4dd3164d9b8b88193daa1e7ea9889d5f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bf:fa:9f:b8:d9:61:dc:ff:a7:22:5f:35:04:
                    0c:3d:2c:8f:e8:05:48:2a:ca:68:74:5c:0f:0d:12:
                    bb:79:fd:75:f1:2b:40:90:11:07:9a:84:f8:a4:6c:
                    1b:f2:9d:9e:b4:63:ec:f8:e5:b6:c8:23:76:b5:49:
                    a5:b0:19:ed:61:aa:ab:c8:90:cd:d6:87:bf:ca:e1:
                    f7:e1:f7:73:2f:b5:66:30:17:1c:50:91:8f:87:a8:
                    91:d8:82:ed:95:55:3e:86:48:5d:23:8b:9a:4d:9f:
                    e4:f2:09:78:bc:e0:f8:95:5c:34:d1:35:98:9b:ed:
                    d7:dc:d3:f5:8b:58:4e:5e:4a:39:9f:81:ff:36:5b:
                    e0:39:88:3c:db:0f:5a:4d:39:b5:39:15:31:75:de:
                    39:92:78:92:e9:e9:ca:c8:82:01:1f:d3:82:f1:64:
                    91:98:83:eb:59:b2:27:67:d3:ae:ec:11:77:b5:a2:
                    e2:17:0e:a1:98:71:25:bf:90:eb:9b:b6:ad:59:7d:
                    a1:bb:45:5a:c8:c6:ac:98:10:01:96:6e:64:f9:7b:
                    ed:d0:8f:d3:b8:37:15:eb:8d:fd:7f:48:d4:05:e4:
                    89:54:1a:83:ce:51:04:42:08:1a:a4:9b:2b:0d:57:
                    df:a4:7d:b6:15:ac:69:4a:61:76:97:55:c1:87:b3:
                    8f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:99:39:82:38:BB:72:E2:11:4B:04:00:7E:D8:46:F0:CA:CB:19:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e155fd7-db12-43c8-b6d6-1391c8f04c6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.172.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:72:03:0f:8f:1a:6a:c8:a5:b4:c1:ce:c5:e8:90:52:94:06:
         98:34:64:c8:4e:6b:17:b1:4b:3e:68:e5:20:1b:3e:9d:46:fe:
         c2:b7:dc:b5:85:cc:a0:c4:ab:38:1e:cb:46:15:48:00:45:65:
         1d:1e:e1:0c:1e:00:1a:0d:69:58:21:fd:f7:61:93:3a:17:39:
         1a:dc:33:49:43:68:70:37:46:a8:f9:4a:d4:45:eb:dc:2e:bc:
         91:18:b0:bf:b7:00:ad:b1:b2:12:11:a5:96:f2:50:6c:4a:08:
         f4:96:32:57:1f:e6:82:b0:be:b3:6c:a6:22:5e:be:c0:f6:47:
         d8:db:85:df:04:05:c9:30:05:4a:64:dc:70:fd:25:22:5f:15:
         a0:d3:4d:59:58:d1:f8:e3:52:6b:a5:ab:10:03:71:37:cc:97:
         62:18:50:d5:f1:2f:90:64:23:bb:dd:df:3e:6e:ce:2b:cb:aa:
         6c:19:85:79:28:2c:cf:d9:c1:84:bf:be:cb:2a:68:77:af:71:
         b9:e8:85:b5:4e:22:90:da:2a:7a:e6:95:cb:7e:f5:af:15:c8:
         c4:71:0a:07:b9:11:5f:1a:a6:3d:71:65:ed:5d:f4:ac:5c:c7:
         b9:f9:c3:fb:3f:d7:a5:33:8b:b6:91:ad:41:a1:00:db:84:e3:
         f2:5e:3d:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEA4eq3u0bKNnSfCeM5AamV0QHaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTg1MzMyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGQ2MjhlZjUyNTA4Y2NkOGEzOTZmNGYyZTlkYTA3YzRk
ZDMxNjRkOWI4Yjg4MTkzZGFhMWU3ZWE5ODg5ZDVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKv/qfuNlh3P+nIl81BAw9LI/oBUgqymh0XA8NErt5/XXx
K0CQEQeahPikbBvynZ60Y+z45bbII3a1SaWwGe1hqqvIkM3Wh7/K4ffh93MvtWYw
FxxQkY+HqJHYgu2VVT6GSF0ji5pNn+TyCXi84PiVXDTRNZib7dfc0/WLWE5eSjmf
gf82W+A5iDzbD1pNObU5FTF13jmSeJLp6crIggEf04LxZJGYg+tZsidn067sEXe1
ouIXDqGYcSW/kOubtq1ZfaG7RVrIxqyYEAGWbmT5e+3Qj9O4NxXrjf1/SNQF5IlU
GoPOUQRCCBqkmysNV9+kfbYVrGlKYXaXVcGHs4/XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIpk5gji7cuIRSwQAfthG8MrLGRowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFlMTU1ZmQ3LWRiMTItNDNjOC1iNmQ2LTEzOTFjOGYwNGM2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSrCgwDQYJKoZIhvcNAQELBQADggEBAFpyAw+PGmrIpbTBzsXokFKUBpg0
ZMhOaxexSz5o5SAbPp1G/sK33LWFzKDEqzgey0YVSABFZR0e4QweABoNaVgh/fdh
kzoXORrcM0lDaHA3Rqj5StRF69wuvJEYsL+3AK2xshIRpZbyUGxKCPSWMlcf5oKw
vrNspiJevsD2R9jbhd8EBckwBUpk3HD9JSJfFaDTTVlY0fjjUmulqxADcTfMl2IY
UNXxL5BkI7vd3z5uzivLqmwZhXkoLM/ZwYS/vssqaHevcbnohbVOIpDaKnrmlct+
9a8VyMRxCge5EV8apj1xZe1d9Kxcx7n5w/s/16Uzi7aRrUGhANuE4/JePcM=
-----END CERTIFICATE-----