Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48e50825-bd8a-4536-a725-1180eafe9d3e.roa
File:                     48e50825-bd8a-4536-a725-1180eafe9d3e.roa (raw, json)
Hash identifier:          AyN1FeU0+hHQ2UaLlkWzI+IjFUuDfH/70YRy1TRHBNU=
Subject key identifier:   13:C9:9D:07:49:04:0D:BE:0D:71:54:5B:C4:A8:2B:47:7C:0C:96:9B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       047B6A1876B8EF1DF5A1725DD5216E12F29F593A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48e50825-bd8a-4536-a725-1180eafe9d3e.roa
Signing time:             Sat 18 Oct 2025 13:01:20 +0000
ROA not before:           Sat 18 Oct 2025 13:01:20 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:7b:6a:18:76:b8:ef:1d:f5:a1:72:5d:d5:21:6e:12:f2:9f:59:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 13:01:20 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=a3f1d532e69f934ca0746fb52df5b8d5c4ef963594ab2e4b5b2a0ebb856628dc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9a:f8:bf:04:9c:fd:f7:d2:00:30:4e:28:d8:
                    cc:a9:b5:dd:ea:5f:ef:91:5a:3d:7e:ad:f2:f6:0b:
                    40:bf:34:82:9e:71:6b:5a:dc:de:e3:31:9d:3e:c1:
                    4c:3b:8a:e6:8d:5f:f6:49:b7:cf:79:7b:9b:06:4c:
                    91:a3:ae:a2:55:8c:0b:cf:3a:7a:c2:b4:d2:40:26:
                    cb:30:e5:e3:3c:6a:fa:4e:33:50:69:da:47:82:65:
                    8c:4f:e0:c0:10:73:ed:23:d4:db:e6:1f:bb:9e:2d:
                    63:d8:d1:88:a9:3a:1f:7f:ae:24:e4:cd:fd:55:32:
                    dc:65:93:60:c2:93:a9:08:0a:01:70:4e:0e:c4:47:
                    d6:cf:54:26:da:d9:8e:9c:df:6b:aa:b4:7c:88:cb:
                    6e:2f:c1:86:7d:e9:a4:3f:8a:bd:2c:35:fc:8b:dc:
                    c3:75:90:ec:de:f1:a8:29:e0:b9:87:6c:95:33:c7:
                    d2:52:f0:5a:83:02:d2:29:af:32:58:21:41:97:20:
                    98:ba:b9:86:0e:86:09:68:d1:27:74:f4:fa:19:76:
                    d9:64:0a:5c:20:5c:be:13:52:e9:f4:07:de:4e:b7:
                    1a:45:d2:70:20:c9:88:3e:5b:d3:01:f6:d2:77:aa:
                    ff:f2:56:dc:b4:bc:3c:4e:82:63:60:9c:68:d2:c8:
                    af:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C9:9D:07:49:04:0D:BE:0D:71:54:5B:C4:A8:2B:47:7C:0C:96:9B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48e50825-bd8a-4536-a725-1180eafe9d3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:f0:c2:79:8a:95:f0:48:7f:bf:e5:8a:b9:ce:70:2b:af:62:
         eb:d0:2c:9e:8b:c0:9b:3e:cc:ae:72:36:94:57:39:02:03:dd:
         64:84:0f:7d:c7:cf:48:6f:a5:ab:c8:08:c3:b0:25:8d:be:91:
         f6:47:b3:50:eb:5c:44:6f:30:df:c9:fb:be:6e:77:08:01:c9:
         62:7d:d4:27:4c:31:9c:db:f2:8b:63:6e:2e:f1:88:6e:1d:b0:
         6d:2d:8d:d2:60:1c:37:81:1f:37:b7:4d:fb:57:21:39:fa:c5:
         51:de:cc:3b:e1:da:ed:49:8c:cd:3b:e5:49:26:42:c6:b4:8f:
         d1:f5:1c:ab:f2:6c:53:b9:3c:36:5e:00:5c:94:62:1b:f3:0c:
         61:04:a5:00:4e:ca:19:34:35:4a:84:5b:eb:e5:c9:b1:a2:17:
         1d:7d:c6:3f:d2:a5:a6:20:be:8e:2b:a8:d6:27:a1:30:c4:54:
         51:bc:5e:e6:4e:80:08:65:5f:ef:83:88:32:ec:fb:7b:b3:ee:
         1a:9e:02:80:58:df:b1:62:08:56:38:77:96:13:99:0f:a4:f7:
         41:7d:ef:7c:75:f0:a7:31:8a:23:d0:23:7b:a8:30:5a:62:60:
         d3:6e:2a:26:80:ca:c1:30:f1:73:66:1b:c9:56:bd:81:2d:4e:
         8a:36:9b:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBHtqGHa47x31oXJd1SFuEvKfWTowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTMwMTIwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2YxZDUzMmU2OWY5MzRjYTA3NDZmYjUyZGY1YjhkNWM0
ZWY5NjM1OTRhYjJlNGI1YjJhMGViYjg1NjYyOGRjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPmvi/BJz999IAME4o2Myptd3qX++RWj1+rfL2C0C/NIKe
cWta3N7jMZ0+wUw7iuaNX/ZJt895e5sGTJGjrqJVjAvPOnrCtNJAJssw5eM8avpO
M1Bp2keCZYxP4MAQc+0j1NvmH7ueLWPY0YipOh9/riTkzf1VMtxlk2DCk6kICgFw
Tg7ER9bPVCba2Y6c32uqtHyIy24vwYZ96aQ/ir0sNfyL3MN1kOze8agp4LmHbJUz
x9JS8FqDAtIprzJYIUGXIJi6uYYOhglo0Sd09PoZdtlkClwgXL4TUun0B95OtxpF
0nAgyYg+W9MB9tJ3qv/yVty0vDxOgmNgnGjSyK/xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUE8mdB0kEDb4NcVRbxKgrR3wMlpswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ4ZTUwODI1LWJkOGEtNDUzNi1hNzI1LTExODBlYWZlOWQzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpCcwDQYJKoZIhvcNAQELBQADggEBAJ3wwnmKlfBIf7/lirnOcCuvYuvQ
LJ6LwJs+zK5yNpRXOQID3WSED33Hz0hvpavICMOwJY2+kfZHs1DrXERvMN/J+75u
dwgByWJ91CdMMZzb8otjbi7xiG4dsG0tjdJgHDeBHze3TftXITn6xVHezDvh2u1J
jM075UkmQsa0j9H1HKvybFO5PDZeAFyUYhvzDGEEpQBOyhk0NUqEW+vlybGiFx19
xj/SpaYgvo4rqNYnoTDEVFG8XuZOgAhlX++DiDLs+3uz7hqeAoBY37FiCFY4d5YT
mQ+k90F973x18KcxiiPQI3uoMFpiYNNuKiaAysEw8XNmG8lWvYEtToo2m4M=
-----END CERTIFICATE-----