Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/43356e10-0f49-4349-a54a-b18b58159308.roa
File:                     43356e10-0f49-4349-a54a-b18b58159308.roa (raw, json)
Hash identifier:          8S2Yx6fejr4GlgPRbZmxTAa05RCm8APwUMG7wwiJO0k=
Subject key identifier:   08:B7:73:FA:43:D2:8F:18:EC:B0:ED:04:87:7C:C4:ED:C8:5F:00:69
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       326DB0C2F3CF0A4771B382A8039E664BA4E982FE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/43356e10-0f49-4349-a54a-b18b58159308.roa
Signing time:             Sun 19 Oct 2025 04:50:11 +0000
ROA not before:           Sun 19 Oct 2025 04:50:11 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:6d:b0:c2:f3:cf:0a:47:71:b3:82:a8:03:9e:66:4b:a4:e9:82:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 04:50:11 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=bfcc759b0a3f74bfb3b2d897607e76cd6716fac63a53986f424accf7d536a494, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a9:89:93:56:76:22:ce:00:86:51:b9:98:86:
                    0c:42:7c:72:56:88:e9:64:a7:61:78:89:a6:fe:9e:
                    e8:8f:1b:84:bf:eb:32:22:85:6f:66:2d:81:17:23:
                    27:11:fc:2a:6e:bc:f3:c0:00:f5:31:9f:fb:35:63:
                    d9:52:51:30:ce:10:f5:df:0a:5c:fd:ee:25:54:b6:
                    fa:6c:0c:47:e2:b8:ae:6a:b2:50:ca:8b:37:34:56:
                    92:bf:1e:74:c3:31:e9:9b:86:77:5f:05:30:4c:ac:
                    0e:88:19:a6:4d:5d:9a:46:bb:32:8d:54:a7:00:d8:
                    71:a0:ab:e9:07:4f:aa:17:22:89:a8:16:13:47:1f:
                    2b:b6:55:cc:df:a5:69:c0:59:75:e1:c8:4e:8b:23:
                    dd:c6:09:a8:58:79:7c:fa:29:73:c4:7a:84:c9:20:
                    97:23:cc:9f:d9:c1:e1:d2:0e:c2:b3:5b:0c:be:31:
                    8f:c8:84:e9:a3:0e:f4:fb:c5:5d:65:1f:ee:be:32:
                    19:6b:52:97:53:56:fa:29:47:a4:2d:5c:e0:e2:71:
                    be:9a:33:33:05:19:ce:44:2f:8c:9e:3f:84:66:de:
                    73:3c:56:83:2c:66:44:89:6f:ab:2c:77:91:8f:64:
                    11:3e:bc:a3:3e:73:29:65:54:b6:08:e0:be:f3:35:
                    c5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B7:73:FA:43:D2:8F:18:EC:B0:ED:04:87:7C:C4:ED:C8:5F:00:69
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/43356e10-0f49-4349-a54a-b18b58159308.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         4c:d6:29:4a:76:6f:5e:0e:77:50:4d:43:0c:d6:c9:bd:71:db:
         1e:75:aa:f5:3b:dc:fb:1a:d6:57:eb:ff:38:b4:e4:43:0b:14:
         41:c4:5b:9f:cf:fd:54:48:6a:1a:01:75:30:72:75:d9:64:59:
         13:05:31:7c:a1:dd:a2:94:c7:b7:0f:da:fb:97:7a:6b:21:a5:
         18:67:a5:5b:dc:4c:7b:55:5c:1a:41:21:66:f0:f0:cf:13:8b:
         45:f4:c1:0c:e8:ca:67:71:d1:b2:f6:4b:ff:52:d3:66:6b:4d:
         6e:93:f3:80:99:ab:32:a4:ba:8e:f2:c4:e7:e8:e7:60:e4:c4:
         f9:b4:3f:6b:e4:3f:dc:99:e7:30:f5:53:00:12:09:5d:7f:cb:
         09:7f:0c:07:e9:d1:62:4b:ac:93:86:2c:0f:78:4d:27:e2:01:
         69:89:28:e4:89:f7:14:69:25:d7:53:4c:25:b1:a9:b4:d5:da:
         8c:53:8c:88:ef:18:85:02:9a:db:b1:1a:f4:ab:a1:ae:02:28:
         be:31:b6:2f:dc:61:e2:98:51:b5:42:59:ff:0e:79:ca:f2:54:
         5e:ce:79:70:05:32:96:76:45:ad:e8:e8:9f:cc:8b:74:f2:fa:
         f7:c7:b0:ea:b2:46:e5:66:f1:c5:1a:fa:5a:da:51:ce:8c:3e:
         e6:33:b2:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMm2wwvPPCkdxs4KoA55mS6Tpgv4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDQ1MDExWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmNjNzU5YjBhM2Y3NGJmYjNiMmQ4OTc2MDdlNzZjZDY3
MTZmYWM2M2E1Mzk4NmY0MjRhY2NmN2Q1MzZhNDk0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcqYmTVnYizgCGUbmYhgxCfHJWiOlkp2F4iab+nuiPG4S/
6zIihW9mLYEXIycR/CpuvPPAAPUxn/s1Y9lSUTDOEPXfClz97iVUtvpsDEfiuK5q
slDKizc0VpK/HnTDMembhndfBTBMrA6IGaZNXZpGuzKNVKcA2HGgq+kHT6oXIomo
FhNHHyu2VczfpWnAWXXhyE6LI93GCahYeXz6KXPEeoTJIJcjzJ/ZweHSDsKzWwy+
MY/IhOmjDvT7xV1lH+6+MhlrUpdTVvopR6QtXODicb6aMzMFGc5EL4yeP4Rm3nM8
VoMsZkSJb6ssd5GPZBE+vKM+cyllVLYI4L7zNcU1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCLdz+kPSjxjssO0Eh3zE7chfAGkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQzMzU2ZTEwLTBmNDktNDM0OS1hNTRhLWIxOGI1ODE1OTMwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcS7oAwDQYJKoZIhvcNAQELBQADggEBAEzWKUp2b14Od1BNQwzWyb1x2x51
qvU73Psa1lfr/zi05EMLFEHEW5/P/VRIahoBdTByddlkWRMFMXyh3aKUx7cP2vuX
emshpRhnpVvcTHtVXBpBIWbw8M8Ti0X0wQzoymdx0bL2S/9S02ZrTW6T84CZqzKk
uo7yxOfo52DkxPm0P2vkP9yZ5zD1UwASCV1/ywl/DAfp0WJLrJOGLA94TSfiAWmJ
KOSJ9xRpJddTTCWxqbTV2oxTjIjvGIUCmtuxGvSroa4CKL4xti/cYeKYUbVCWf8O
ecryVF7OeXAFMpZ2Ra3o6J/Mi3Ty+vfHsOqyRuVm8cUa+lraUc6MPuYzsuc=
-----END CERTIFICATE-----