Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2536226a-9d34-4709-b08d-893a274ae114.roa
File:                     2536226a-9d34-4709-b08d-893a274ae114.roa (raw, json)
Hash identifier:          I6qoyKJf7WbA5Gp6SmRl+fIbdUoesa8uc2EldEJiGWA=
Subject key identifier:   4A:20:ED:7A:FC:4B:21:C3:CE:7B:93:A4:38:0B:92:21:16:F4:69:51
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       48844AC521BA20E10CD5C96C6BB1DE493C250FAD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2536226a-9d34-4709-b08d-893a274ae114.roa
Signing time:             Sat 18 Oct 2025 09:10:08 +0000
ROA not before:           Sat 18 Oct 2025 09:10:08 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.173.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:84:4a:c5:21:ba:20:e1:0c:d5:c9:6c:6b:b1:de:49:3c:25:0f:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 09:10:08 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=4a3b1e15c24107b672735b4d47124ebcad4c1ba7966b54e7ae2de06f9a1450f7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:cc:84:e2:b9:ec:a3:ae:cc:e0:bc:74:9a:96:
                    4b:1d:15:51:df:eb:6d:e1:12:23:54:df:3e:29:3e:
                    c1:7c:c0:f6:08:1b:0c:4a:c0:7e:25:af:ff:be:67:
                    ee:86:41:4d:16:e0:c9:e8:c5:f0:d9:af:ee:47:c1:
                    77:9d:be:a7:b8:34:75:f7:c4:5b:24:ca:7a:8c:b5:
                    29:64:eb:53:f9:83:6f:f2:58:88:c4:d3:df:4d:c3:
                    39:a3:7c:ed:0d:d1:24:cd:57:c1:66:d2:6a:ef:10:
                    97:e7:da:59:51:5a:db:9d:1e:39:43:55:41:02:33:
                    21:e1:c6:97:37:0b:52:28:f3:cf:eb:5e:76:4a:38:
                    46:e9:e5:3e:38:35:dc:8b:62:dd:19:ea:a0:c8:73:
                    d3:91:79:0c:ce:c2:83:0f:ef:0d:f0:b8:a0:f7:a2:
                    67:67:0a:25:e8:36:d1:bc:23:35:46:a5:a9:2c:d5:
                    9a:ba:9e:f1:0a:0f:c5:72:bf:f2:78:11:6d:c3:e0:
                    99:f3:5e:2f:0d:a0:34:8e:b9:81:9e:3e:4e:cb:d4:
                    6b:fb:99:f4:f1:05:7a:f5:ce:5a:8d:5e:fe:d4:85:
                    55:5f:7f:a7:5d:2a:61:37:87:b2:d0:fa:68:35:74:
                    c8:86:37:8a:d9:74:df:5d:5a:51:0e:30:ee:48:e2:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:20:ED:7A:FC:4B:21:C3:CE:7B:93:A4:38:0B:92:21:16:F4:69:51
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2536226a-9d34-4709-b08d-893a274ae114.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.173.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:69:db:0e:16:ed:15:9e:63:d2:58:b9:dd:fd:da:cd:97:2b:
         ff:72:8c:29:85:11:67:2e:0d:12:cd:43:70:5e:b4:4d:7e:a9:
         55:3d:cf:13:fe:ff:c4:9f:05:34:61:34:77:30:72:75:a2:a4:
         18:e0:40:53:1b:67:d4:02:14:6f:4e:7e:8a:5d:72:9c:96:0d:
         7a:70:f5:16:99:c8:2c:c8:29:10:19:0c:2b:7b:7a:1d:75:75:
         96:75:d4:e0:af:67:b5:70:fe:41:39:1b:85:f2:cf:79:04:99:
         49:d9:cf:dc:71:03:52:77:86:d1:77:6d:20:e8:4d:ea:87:44:
         ee:7b:6b:d4:2b:f4:2b:63:b5:7e:20:95:10:79:20:5a:9f:90:
         c6:ad:40:26:74:07:35:c4:6e:88:b0:75:bf:68:2d:f9:1a:9a:
         b4:a3:c5:fd:f3:80:67:c9:07:44:8b:84:23:2d:75:cb:d5:70:
         07:3f:ff:68:05:ae:4e:9c:cd:28:c2:2e:fe:97:11:3d:b6:9a:
         34:6f:e8:a4:39:ab:c7:a2:ec:24:2a:3e:04:24:20:a9:7d:d5:
         bc:a3:62:1d:9b:cb:56:4e:8b:61:ce:6d:2f:50:51:a2:8f:95:
         39:41:47:5d:11:ab:9c:8d:80:e3:25:98:73:b4:c8:89:58:15:
         ee:42:4e:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSIRKxSG6IOEM1clsa7HeSTwlD60wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDkxMDA4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTNiMWUxNWMyNDEwN2I2NzI3MzViNGQ0NzEyNGViY2Fk
NGMxYmE3OTY2YjU0ZTdhZTJkZTA2ZjlhMTQ1MGY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLzITiueyjrszgvHSalksdFVHf623hEiNU3z4pPsF8wPYI
GwxKwH4lr/++Z+6GQU0W4MnoxfDZr+5HwXedvqe4NHX3xFskynqMtSlk61P5g2/y
WIjE099NwzmjfO0N0STNV8Fm0mrvEJfn2llRWtudHjlDVUECMyHhxpc3C1Io88/r
XnZKOEbp5T44NdyLYt0Z6qDIc9OReQzOwoMP7w3wuKD3omdnCiXoNtG8IzVGpaks
1Zq6nvEKD8Vyv/J4EW3D4JnzXi8NoDSOuYGePk7L1Gv7mfTxBXr1zlqNXv7UhVVf
f6ddKmE3h7LQ+mg1dMiGN4rZdN9dWlEOMO5I4tMDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSiDtevxLIcPOe5OkOAuSIRb0aVEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI1MzYyMjZhLTlkMzQtNDcwOS1iMDhkLTg5M2EyNzRhZTExNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASrUowDQYJKoZIhvcNAQELBQADggEBAC5p2w4W7RWeY9JYud392s2XK/9y
jCmFEWcuDRLNQ3BetE1+qVU9zxP+/8SfBTRhNHcwcnWipBjgQFMbZ9QCFG9Ofopd
cpyWDXpw9RaZyCzIKRAZDCt7eh11dZZ11OCvZ7Vw/kE5G4Xyz3kEmUnZz9xxA1J3
htF3bSDoTeqHRO57a9Qr9CtjtX4glRB5IFqfkMatQCZ0BzXEboiwdb9oLfkamrSj
xf3zgGfJB0SLhCMtdcvVcAc//2gFrk6czSjCLv6XET22mjRv6KQ5q8ei7CQqPgQk
IKl91byjYh2by1ZOi2HObS9QUaKPlTlBR10Rq5yNgOMlmHO0yIlYFe5CTug=
-----END CERTIFICATE-----