Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a9b7409-a940-48c1-aec6-a1d350dd7e04.roa
File:                     4a9b7409-a940-48c1-aec6-a1d350dd7e04.roa (raw, json)
Hash identifier:          t9CWqQ9cTcCPfPnMwiafqrn6SVwanvxUXq3h2EXiGaQ=
Subject key identifier:   5F:00:F1:1F:DC:84:B1:E3:EE:37:23:3B:35:22:C4:45:C1:DE:68:64
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       245EFDC0AFD77CDCEE82FDCDE03FA0290E5DD5B2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a9b7409-a940-48c1-aec6-a1d350dd7e04.roa
Signing time:             Sun 19 Oct 2025 13:00:13 +0000
ROA not before:           Sun 19 Oct 2025 13:00:13 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:5e:fd:c0:af:d7:7c:dc:ee:82:fd:cd:e0:3f:a0:29:0e:5d:d5:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 13:00:13 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=475fd8c6bffe7f2b0a9d03999e721f79351e9f6327a23cf16d7461984c95b41e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:85:9b:1a:91:ae:97:e4:18:b3:e4:11:b8:25:
                    0f:8b:85:4d:2c:9f:cc:d5:cf:b4:48:f4:6a:a7:2c:
                    04:58:c5:83:ea:f3:e9:9b:d2:73:6e:39:55:66:89:
                    c9:00:3b:b6:4a:a0:5c:ab:04:b9:cb:43:61:e1:35:
                    60:c6:58:c6:83:dc:ae:e4:dc:6b:a7:57:c8:28:7c:
                    fa:e9:6c:87:da:15:c4:b4:e9:b4:85:10:75:ef:a2:
                    ab:01:5d:4f:93:5d:42:ac:bc:85:b7:08:b4:d3:a5:
                    d7:31:6a:87:3a:33:9d:a9:12:84:b7:01:22:5f:a5:
                    10:f2:d0:e6:cd:91:a0:c1:cb:e4:52:6a:45:d0:ec:
                    9c:1d:1e:67:c8:fe:61:80:bf:1a:f7:62:a4:6b:6b:
                    e0:dd:76:f7:ae:16:f1:0f:5d:39:78:86:18:ad:e5:
                    25:b0:e5:04:92:b7:61:b1:ee:1f:ba:11:68:4f:ac:
                    30:19:5a:49:d5:86:7c:95:63:96:33:03:f0:25:d4:
                    99:e3:9d:82:00:a3:1e:f1:dc:af:90:78:f3:d0:00:
                    31:cd:da:82:4e:22:2c:02:3a:ee:ce:87:11:99:08:
                    79:d6:91:be:82:25:87:3b:2f:ad:de:1a:e6:db:b4:
                    a4:f4:72:a1:2e:4f:33:3e:f5:40:5c:15:4d:87:ad:
                    20:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:00:F1:1F:DC:84:B1:E3:EE:37:23:3B:35:22:C4:45:C1:DE:68:64
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a9b7409-a940-48c1-aec6-a1d350dd7e04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:e6:89:c4:ab:67:75:34:56:43:b9:2e:76:66:97:78:96:2f:
         f7:5c:0c:10:90:56:02:90:b1:71:98:8c:48:d5:bb:ca:80:0b:
         d0:fd:0b:0d:4a:5d:f4:73:49:51:7e:66:f2:83:26:fe:52:61:
         ce:12:e8:9d:29:f7:d0:77:5d:a7:8a:d5:4a:a0:9b:6e:c9:31:
         40:ed:da:68:ae:69:98:42:33:98:7e:2d:18:a2:52:a0:90:b6:
         4e:db:7b:f7:7d:7f:2c:be:67:53:81:1d:ca:68:89:9a:c4:b5:
         9d:10:df:ba:55:8f:d6:42:bf:22:b8:10:36:fa:95:dd:ea:30:
         03:3d:55:ee:81:2c:3a:2e:43:bc:64:82:e6:d0:ff:d6:20:56:
         a9:5d:31:06:27:33:96:09:c6:37:43:cb:76:ea:8e:cb:fe:9b:
         d2:ae:97:fe:a0:48:20:e9:8e:81:14:eb:25:d4:7e:29:82:e1:
         e2:85:ae:54:83:89:16:49:a5:1c:2f:ac:fc:04:69:ab:b2:d8:
         b4:54:e2:28:54:38:31:10:cf:df:d7:c3:a1:47:55:26:3b:f5:
         f1:91:d9:eb:88:45:7d:99:96:65:97:e7:72:dc:64:b4:c7:2f:
         df:69:9e:f9:f7:4f:bc:ec:14:db:00:e6:58:95:54:69:62:6b:
         d5:79:da:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJF79wK/XfNzugv3N4D+gKQ5d1bIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTMwMDEzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzVmZDhjNmJmZmU3ZjJiMGE5ZDAzOTk5ZTcyMWY3OTM1
MWU5ZjYzMjdhMjNjZjE2ZDc0NjE5ODRjOTViNDFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6hZsaka6X5Biz5BG4JQ+LhU0sn8zVz7RI9GqnLARYxYPq
8+mb0nNuOVVmickAO7ZKoFyrBLnLQ2HhNWDGWMaD3K7k3GunV8gofPrpbIfaFcS0
6bSFEHXvoqsBXU+TXUKsvIW3CLTTpdcxaoc6M52pEoS3ASJfpRDy0ObNkaDBy+RS
akXQ7JwdHmfI/mGAvxr3YqRra+DddveuFvEPXTl4hhit5SWw5QSSt2Gx7h+6EWhP
rDAZWknVhnyVY5YzA/Al1JnjnYIAox7x3K+QePPQADHN2oJOIiwCOu7OhxGZCHnW
kb6CJYc7L63eGubbtKT0cqEuTzM+9UBcFU2HrSCFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXwDxH9yEsePuNyM7NSLERcHeaGQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRhOWI3NDA5LWE5NDAtNDhjMS1hZWM2LWExZDM1MGRkN2UwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQj0wDQYJKoZIhvcNAQELBQADggEBAG/micSrZ3U0VkO5LnZml3iWL/dc
DBCQVgKQsXGYjEjVu8qAC9D9Cw1KXfRzSVF+ZvKDJv5SYc4S6J0p99B3XaeK1Uqg
m27JMUDt2miuaZhCM5h+LRiiUqCQtk7be/d9fyy+Z1OBHcpoiZrEtZ0Q37pVj9ZC
vyK4EDb6ld3qMAM9Ve6BLDouQ7xkgubQ/9YgVqldMQYnM5YJxjdDy3bqjsv+m9Ku
l/6gSCDpjoEU6yXUfimC4eKFrlSDiRZJpRwvrPwEaauy2LRU4ihUODEQz9/Xw6FH
VSY79fGR2euIRX2ZlmWX53LcZLTHL99pnvn3T7zsFNsA5liVVGlia9V52k8=
-----END CERTIFICATE-----