Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4615ff64-f796-4821-9efa-42da4acd4627.roa
File:                     4615ff64-f796-4821-9efa-42da4acd4627.roa (raw, json)
Hash identifier:          kr46sqfMTYOnRbf5nTxacbpyXel1m5sI5y+HY7DB64A=
Subject key identifier:   B7:19:C2:82:42:92:90:B3:EA:8B:42:11:5A:19:22:F6:CF:85:64:78
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       45011C1559CB9476E401C1F8A2624DE0EE0A529A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4615ff64-f796-4821-9efa-42da4acd4627.roa
Signing time:             Sat 18 Oct 2025 17:42:21 +0000
ROA not before:           Sat 18 Oct 2025 17:42:21 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.156.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:01:1c:15:59:cb:94:76:e4:01:c1:f8:a2:62:4d:e0:ee:0a:52:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 17:42:21 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=b4fceaa721bf64fde3cb5dddefe3735bd6ff2d606cb5acb41d10106b58a90159, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:80:70:5a:28:43:ce:05:56:e6:21:d8:4d:
                    ae:d6:81:b9:a2:33:2c:0e:2e:59:07:dd:a5:8d:a2:
                    c5:2d:31:e3:a4:d4:d6:03:1f:16:b5:5d:25:cb:ac:
                    c8:4a:6c:41:bf:db:2e:54:df:99:30:8c:72:ad:e0:
                    6b:26:45:c9:4b:ac:76:de:82:a4:5f:95:0e:4f:2c:
                    b2:f0:51:85:02:e6:91:f5:0a:6d:05:1b:2d:9d:47:
                    dd:da:32:66:7e:b9:4b:0b:25:97:47:d7:30:fd:14:
                    ef:38:97:c7:cd:73:8c:5f:dd:62:c7:df:f2:00:bc:
                    59:b7:f4:74:71:bc:d3:94:03:a9:e7:58:44:1f:31:
                    ff:84:84:86:48:09:d8:c9:89:c6:1e:d7:ae:c6:35:
                    66:9a:0d:42:ab:92:5f:6e:ce:bf:35:65:e7:19:26:
                    42:ac:d2:3e:73:4b:4e:5d:63:9a:11:4c:de:b2:69:
                    d3:9c:20:05:54:ed:38:27:a3:9e:92:ba:61:18:33:
                    0e:7d:1b:bb:a8:e0:d7:62:b9:3b:b4:7d:36:0e:4e:
                    f3:15:06:8b:21:8b:7f:d8:bf:fe:ab:10:37:83:3e:
                    38:2d:79:f9:b1:27:9c:1b:ba:e1:43:ac:22:fc:ba:
                    5e:d7:f8:74:10:b7:12:04:26:ed:a4:64:cb:9d:dd:
                    a2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:19:C2:82:42:92:90:B3:EA:8B:42:11:5A:19:22:F6:CF:85:64:78
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4615ff64-f796-4821-9efa-42da4acd4627.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:bf:8d:30:d9:fe:0d:e5:63:b1:ae:71:d9:c6:36:62:51:e1:
         4f:c3:44:c9:cb:3c:ac:59:3b:d7:9f:85:9c:17:3b:0c:6c:36:
         78:89:3d:a3:5c:17:38:dc:12:7a:a9:82:ff:06:8c:aa:20:59:
         47:4d:ec:85:ff:7a:2a:e9:ea:5f:ba:c2:00:3b:25:06:18:49:
         51:66:29:85:7c:26:77:82:05:49:a7:39:c6:ca:82:e8:d7:54:
         90:10:67:84:ec:13:16:da:29:f4:93:c4:c3:33:20:57:ce:f3:
         72:bb:95:ef:1c:06:24:df:47:55:31:68:8b:a0:25:ef:3c:65:
         d0:07:46:f7:b5:c5:98:9b:0b:b0:05:31:bf:03:e8:c3:a3:3f:
         3c:95:5e:90:2d:d6:3e:30:6a:ea:1f:2c:1b:24:65:5e:a2:65:
         cf:72:db:82:48:df:68:7c:10:48:41:99:d5:11:de:27:b2:ce:
         2e:ac:08:6c:ff:1b:82:b2:a6:6f:20:f3:0c:6a:3d:58:ab:f3:
         cc:4b:cf:61:2c:22:72:ad:e1:06:12:0a:0a:89:5a:49:9b:38:
         1a:0c:45:04:6f:c2:1c:1c:6d:19:34:3b:b1:14:bf:97:62:03:
         d9:f1:a9:97:d3:2b:0b:f5:ea:89:17:30:72:2c:d0:7f:60:bc:
         63:be:77:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURQEcFVnLlHbkAcH4omJN4O4KUpowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTc0MjIxWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNGZjZWFhNzIxYmY2NGZkZTNjYjVkZGRlZmUzNzM1YmQ2
ZmYyZDYwNmNiNWFjYjQxZDEwMTA2YjU4YTkwMTU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqrIBwWihDzgVW5iHYTa7WgbmiMywOLlkH3aWNosUtMeOk
1NYDHxa1XSXLrMhKbEG/2y5U35kwjHKt4GsmRclLrHbegqRflQ5PLLLwUYUC5pH1
Cm0FGy2dR93aMmZ+uUsLJZdH1zD9FO84l8fNc4xf3WLH3/IAvFm39HRxvNOUA6nn
WEQfMf+EhIZICdjJicYe167GNWaaDUKrkl9uzr81ZecZJkKs0j5zS05dY5oRTN6y
adOcIAVU7Tgno56SumEYMw59G7uo4NdiuTu0fTYOTvMVBoshi3/Yv/6rEDeDPjgt
efmxJ5wbuuFDrCL8ul7X+HQQtxIEJu2kZMud3aJbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtxnCgkKSkLPqi0IRWhki9s+FZHgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ2MTVmZjY0LWY3OTYtNDgyMS05ZWZhLTQyZGE0YWNkNDYyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESpJwwDQYJKoZIhvcNAQELBQADggEBAEG/jTDZ/g3lY7GucdnGNmJR4U/D
RMnLPKxZO9efhZwXOwxsNniJPaNcFzjcEnqpgv8GjKogWUdN7IX/eirp6l+6wgA7
JQYYSVFmKYV8JneCBUmnOcbKgujXVJAQZ4TsExbaKfSTxMMzIFfO83K7le8cBiTf
R1UxaIugJe88ZdAHRve1xZibC7AFMb8D6MOjPzyVXpAt1j4wauofLBskZV6iZc9y
24JI32h8EEhBmdUR3ieyzi6sCGz/G4Kypm8g8wxqPVir88xLz2EsInKt4QYSCgqJ
WkmbOBoMRQRvwhwcbRk0O7EUv5diA9nxqZfTKwv16okXMHIs0H9gvGO+d/E=
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:09:16 2025 by rpki-client