Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/23a1ec9b-d789-4030-bfa6-a065cbc42e60.roa
File:                     23a1ec9b-d789-4030-bfa6-a065cbc42e60.roa (raw, json)
Hash identifier:          aez3Myg1/erZlwSTpuMVjeVZM8Cehe25GytXOgd9Kuk=
Subject key identifier:   77:00:26:86:1A:BD:AD:2A:07:05:F4:D0:F7:BF:F3:BA:1D:A5:AB:BD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3A989DB1EAB9E8104831F3C134A54188E1BD6D0A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/23a1ec9b-d789-4030-bfa6-a065cbc42e60.roa
Signing time:             Sat 18 Oct 2025 07:30:17 +0000
ROA not before:           Sat 18 Oct 2025 07:30:17 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:98:9d:b1:ea:b9:e8:10:48:31:f3:c1:34:a5:41:88:e1:bd:6d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 07:30:17 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=288241ff8f04a8a8426f2329072244d9586df5451f5393746349b31b2578abe2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:84:ba:dc:15:92:9d:56:76:b1:88:cf:f7:ba:
                    3a:43:72:d4:12:73:b9:ab:db:8a:4c:7f:44:8d:1d:
                    83:e4:a5:b5:e2:38:b1:96:c4:a4:81:f3:3f:2d:7a:
                    5e:ec:14:f8:15:7e:3a:4f:0e:71:d7:9e:c8:9f:5f:
                    2e:e5:c2:21:1b:22:b4:ea:90:97:3e:6d:1b:dc:b0:
                    6d:54:e1:57:70:0c:cb:35:3d:4b:6b:a4:ab:fc:5f:
                    af:34:fc:43:e9:f9:d5:4d:ab:67:e5:09:86:ac:f0:
                    9d:19:3b:f5:27:fe:00:4b:ac:c9:74:18:d0:17:b9:
                    79:e4:e8:b2:af:c8:4e:40:be:dc:09:e7:a2:5e:43:
                    48:97:15:df:36:35:ce:e5:b4:01:29:82:35:d6:98:
                    14:40:35:f2:a3:61:07:37:b2:ec:59:1a:43:6f:f3:
                    51:22:84:44:56:f2:a2:42:1e:c1:08:a4:5a:d9:a7:
                    54:fe:65:73:e3:89:fc:54:b7:4c:ea:fc:c3:40:e7:
                    a2:fd:4f:30:65:cb:5a:aa:b1:5e:c3:65:6d:e7:2d:
                    14:8e:c0:96:99:21:71:f2:33:cc:f7:0c:93:71:dd:
                    3c:83:97:ff:d7:a7:42:e8:5c:da:7b:c8:7e:25:50:
                    e4:b3:7b:4a:5c:b8:98:85:f4:c2:da:4a:c1:aa:7d:
                    36:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:00:26:86:1A:BD:AD:2A:07:05:F4:D0:F7:BF:F3:BA:1D:A5:AB:BD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/23a1ec9b-d789-4030-bfa6-a065cbc42e60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:87:93:3c:f2:55:42:ca:01:c7:d6:37:4a:94:90:69:6e:76:
         aa:aa:ce:c5:91:5f:6d:11:bb:cc:09:46:db:da:63:6d:e7:1f:
         6c:00:6f:a0:8d:00:00:1b:4c:46:85:3a:7a:94:3c:d3:50:39:
         f4:cd:23:32:8e:f3:8e:ef:58:b7:4c:49:16:f9:86:ae:e3:8f:
         85:d5:0f:0d:20:09:a8:54:90:57:5a:90:91:5e:51:82:ad:ff:
         7e:5f:3d:09:cc:d7:18:7d:1d:12:96:9c:69:c4:8f:2f:17:a6:
         7c:26:7f:90:5e:24:b1:5c:a4:8e:ee:c2:8d:1d:32:f2:0c:1f:
         20:0c:ab:6f:9c:ed:a6:8e:3f:51:3d:b8:6a:27:08:dc:4a:1c:
         ef:4d:f2:03:1a:46:93:20:3c:0c:8e:55:30:20:ce:65:12:07:
         a6:88:95:37:52:75:91:97:35:65:0d:59:f3:47:00:99:d9:37:
         14:c4:94:3e:a9:51:a3:e6:dc:f4:6f:02:57:98:08:e9:7c:8b:
         1d:8c:ba:dc:33:35:4c:75:70:a6:fd:de:57:e8:fd:7e:0f:7a:
         fc:0f:36:f4:b4:2d:c1:7b:58:3f:93:2a:6c:b2:75:fe:87:8d:
         2c:6a:da:36:74:30:40:c8:75:99:02:69:3b:e9:bc:30:63:72:
         1d:10:0f:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOpidseq56BBIMfPBNKVBiOG9bQowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDczMDE3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyODgyNDFmZjhmMDRhOGE4NDI2ZjIzMjkwNzIyNDRkOTU4
NmRmNTQ1MWY1MzkzNzQ2MzQ5YjMxYjI1NzhhYmUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyhLrcFZKdVnaxiM/3ujpDctQSc7mr24pMf0SNHYPkpbXi
OLGWxKSB8z8tel7sFPgVfjpPDnHXnsifXy7lwiEbIrTqkJc+bRvcsG1U4VdwDMs1
PUtrpKv8X680/EPp+dVNq2flCYas8J0ZO/Un/gBLrMl0GNAXuXnk6LKvyE5AvtwJ
56JeQ0iXFd82Nc7ltAEpgjXWmBRANfKjYQc3suxZGkNv81EihERW8qJCHsEIpFrZ
p1T+ZXPjifxUt0zq/MNA56L9TzBly1qqsV7DZW3nLRSOwJaZIXHyM8z3DJNx3TyD
l//Xp0LoXNp7yH4lUOSze0pcuJiF9MLaSsGqfTZZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdwAmhhq9rSoHBfTQ97/zuh2lq70wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIzYTFlYzliLWQ3ODktNDAzMC1iZmE2LWEwNjVjYmM0MmU2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASocowDQYJKoZIhvcNAQELBQADggEBAHeHkzzyVULKAcfWN0qUkGludqqq
zsWRX20Ru8wJRtvaY23nH2wAb6CNAAAbTEaFOnqUPNNQOfTNIzKO847vWLdMSRb5
hq7jj4XVDw0gCahUkFdakJFeUYKt/35fPQnM1xh9HRKWnGnEjy8Xpnwmf5BeJLFc
pI7uwo0dMvIMHyAMq2+c7aaOP1E9uGonCNxKHO9N8gMaRpMgPAyOVTAgzmUSB6aI
lTdSdZGXNWUNWfNHAJnZNxTElD6pUaPm3PRvAleYCOl8ix2MutwzNUx1cKb93lfo
/X4PevwPNvS0LcF7WD+TKmyydf6HjSxq2jZ0MEDIdZkCaTvpvDBjch0QD38=
-----END CERTIFICATE-----