Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44531485-4498-42f9-ac09-78a9e3fe47f9.roa
File:                     44531485-4498-42f9-ac09-78a9e3fe47f9.roa (raw, json)
Hash identifier:          +toE/1e+ci9ngNPlJXRUGHP/J9utxYTFB7d9b5qtTTY=
Subject key identifier:   F9:E2:86:3A:30:B0:C4:B3:37:E6:1C:FB:34:76:EB:FE:E0:17:4D:49
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28930F41E76484B55CA948061F038FFBB0B3A622
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44531485-4498-42f9-ac09-78a9e3fe47f9.roa
Signing time:             Sat 18 Oct 2025 07:21:42 +0000
ROA not before:           Sat 18 Oct 2025 07:21:42 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:93:0f:41:e7:64:84:b5:5c:a9:48:06:1f:03:8f:fb:b0:b3:a6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 07:21:42 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=26b000da031393c05ce96d9f8986b584ff6f29ce74133eb2054ce8e3e186bad7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:c8:d7:3c:12:c9:ca:8e:d8:e6:a3:34:c0:
                    7a:71:f6:43:04:54:16:2f:bb:c9:98:37:f6:21:d2:
                    a5:cc:cf:94:19:1e:a1:5d:21:59:a3:d4:99:5c:97:
                    44:4d:23:7f:20:45:16:13:e1:b1:80:30:08:bc:0c:
                    09:21:8d:8b:e4:7a:4a:6c:9d:96:7c:5e:05:15:e7:
                    64:b8:69:ee:80:80:6e:08:0b:8b:39:37:0c:33:bc:
                    ec:70:cd:b4:20:22:9d:b9:63:97:59:38:0f:fc:b1:
                    7f:25:ec:ef:b3:3d:ee:9f:6c:d8:02:dc:7d:a6:72:
                    05:f2:2e:0a:3a:4a:88:06:06:21:52:8b:51:b6:a5:
                    33:3e:72:fb:a3:7d:a9:df:c5:2c:9f:92:ca:15:1e:
                    e0:64:44:85:7d:72:4d:71:6c:42:01:0d:30:16:3e:
                    bb:85:31:13:0c:ed:4e:28:8e:a9:65:0c:65:0f:a1:
                    e3:b1:3a:ed:bf:c8:a5:38:1f:ec:a1:e8:f2:4d:a5:
                    37:35:39:d1:22:63:92:a7:f8:de:d5:db:ca:44:28:
                    f1:80:86:c9:5d:08:e3:e8:45:f6:75:89:19:bb:38:
                    92:dd:71:45:f0:45:36:9c:97:9b:6a:05:33:6c:90:
                    e5:18:a3:4f:d5:21:dc:45:3b:49:e8:62:82:f8:4e:
                    e9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E2:86:3A:30:B0:C4:B3:37:E6:1C:FB:34:76:EB:FE:E0:17:4D:49
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44531485-4498-42f9-ac09-78a9e3fe47f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:93:1c:52:bb:cb:53:18:e1:79:69:f8:ff:b2:59:8f:b4:fd:
         8f:9d:e3:1e:27:18:85:8e:5e:04:b8:26:5a:18:94:7b:36:63:
         9a:c8:c8:19:8a:e6:09:62:89:ea:e6:52:df:53:b9:75:6a:e7:
         08:40:2d:9c:f0:49:5b:7c:35:b1:06:c6:04:0b:fe:02:0a:fd:
         f1:b7:34:24:8d:6c:dc:a2:4e:53:82:6d:03:f0:74:24:87:a9:
         15:0b:9d:77:f3:bd:87:4c:f9:45:60:53:38:dd:ae:49:a9:e4:
         35:1f:f8:c0:72:69:31:d9:b2:e6:1b:d4:a5:04:b3:bc:e8:4e:
         cc:26:a2:0a:56:e8:87:81:de:59:99:eb:28:ac:81:13:8f:22:
         ee:93:08:db:5e:14:db:f9:18:19:96:d6:7a:51:57:d0:f3:39:
         0d:ad:d6:cf:a3:33:d1:32:93:e7:3d:b9:da:09:d1:5f:f5:3b:
         d5:6e:2e:9a:2c:f3:b3:bf:08:9a:6d:d2:da:c0:c5:27:07:4d:
         15:0a:b0:6d:21:ee:91:31:ed:ec:07:65:9d:e2:80:8d:df:d3:
         40:54:2d:53:ee:21:9d:7f:b9:98:ab:48:92:8b:a0:24:7f:71:
         27:03:0a:cf:71:52:ab:6f:4e:53:2d:a2:6d:d5:c7:0a:2a:d7:
         ec:09:1b:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKJMPQedkhLVcqUgGHwOP+7CzpiIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDcyMTQyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmIwMDBkYTAzMTM5M2MwNWNlOTZkOWY4OTg2YjU4NGZm
NmYyOWNlNzQxMzNlYjIwNTRjZThlM2UxODZiYWQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpxcjXPBLJyo7Y5qM0wHpx9kMEVBYvu8mYN/Yh0qXMz5QZ
HqFdIVmj1Jlcl0RNI38gRRYT4bGAMAi8DAkhjYvkekpsnZZ8XgUV52S4ae6AgG4I
C4s5NwwzvOxwzbQgIp25Y5dZOA/8sX8l7O+zPe6fbNgC3H2mcgXyLgo6SogGBiFS
i1G2pTM+cvujfanfxSyfksoVHuBkRIV9ck1xbEIBDTAWPruFMRMM7U4ojqllDGUP
oeOxOu2/yKU4H+yh6PJNpTc1OdEiY5Kn+N7V28pEKPGAhsldCOPoRfZ1iRm7OJLd
cUXwRTacl5tqBTNskOUYo0/VIdxFO0noYoL4TunvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+eKGOjCwxLM35hz7NHbr/uAXTUkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ0NTMxNDg1LTQ0OTgtNDJmOS1hYzA5LTc4YTllM2ZlNDdmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS7r0wDQYJKoZIhvcNAQELBQADggEBAKSTHFK7y1MY4Xlp+P+yWY+0/Y+d
4x4nGIWOXgS4JloYlHs2Y5rIyBmK5gliiermUt9TuXVq5whALZzwSVt8NbEGxgQL
/gIK/fG3NCSNbNyiTlOCbQPwdCSHqRULnXfzvYdM+UVgUzjdrkmp5DUf+MByaTHZ
suYb1KUEs7zoTswmogpW6IeB3lmZ6yisgROPIu6TCNteFNv5GBmW1npRV9DzOQ2t
1s+jM9Eyk+c9udoJ0V/1O9VuLpos87O/CJpt0trAxScHTRUKsG0h7pEx7ewHZZ3i
gI3f00BULVPuIZ1/uZirSJKLoCR/cScDCs9xUqtvTlMtom3Vxwoq1+wJG1Q=
-----END CERTIFICATE-----