Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/532e6ff3-f695-4c0f-a33b-20d8b250c362.roa
File:                     532e6ff3-f695-4c0f-a33b-20d8b250c362.roa (raw, json)
Hash identifier:          CZ48G4+7/VBr9RJbohINP+a+KeSiQc9gOPljVO7juTg=
Subject key identifier:   7E:C4:25:17:04:97:C5:5E:07:A5:13:CA:EB:07:06:D7:73:B7:2E:E9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2A70004C0A46EF29260AE09D67A2A13D4B4E9B09
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/532e6ff3-f695-4c0f-a33b-20d8b250c362.roa
Signing time:             Sat 18 Oct 2025 16:12:31 +0000
ROA not before:           Sat 18 Oct 2025 16:12:31 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:70:00:4c:0a:46:ef:29:26:0a:e0:9d:67:a2:a1:3d:4b:4e:9b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 16:12:31 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=b505ff35ca1b0b2f02b2aa899b48517ac6784d5723dea8f0bc196edfb3d43568, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:52:2c:43:2f:0a:88:ef:ec:4c:54:1b:dc:05:
                    64:8a:ef:ce:8f:8c:4a:b9:7f:8d:17:6c:77:59:e4:
                    3d:b6:89:f4:71:da:ef:6a:99:2f:71:25:48:4b:0d:
                    a8:3a:b1:d0:2e:85:26:2e:8c:ee:eb:61:0c:85:de:
                    c3:b5:a8:ce:5d:27:0d:9e:b3:3f:68:f9:c8:58:ad:
                    6a:8a:32:64:41:d2:c7:bb:c2:65:de:0f:43:1e:51:
                    df:02:19:58:76:cd:47:9b:fb:a3:aa:78:ca:65:7c:
                    1d:32:b1:02:9f:93:80:c3:7e:d8:28:51:79:6a:ea:
                    29:52:58:c8:5f:44:7a:21:0e:d3:8a:14:4d:ee:70:
                    4e:95:8b:0e:75:d3:9b:d3:9a:c2:69:cb:93:55:28:
                    59:59:07:68:72:6a:f7:1f:60:d7:fe:0b:0b:05:0f:
                    57:e7:d7:be:32:e2:78:b7:65:46:55:a6:08:92:ba:
                    f3:80:42:e7:6f:61:9e:c7:cd:6e:9b:56:09:5b:34:
                    61:28:fa:b9:bd:d5:da:42:35:f4:37:bb:35:56:d7:
                    e0:6e:c3:25:e8:12:77:24:27:e8:9c:8b:0a:aa:1a:
                    d1:dd:8f:30:f3:20:7d:1c:be:02:0a:54:56:48:ca:
                    4e:e0:f0:8b:53:0b:58:b8:9a:07:9f:d8:8d:16:5f:
                    8e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:C4:25:17:04:97:C5:5E:07:A5:13:CA:EB:07:06:D7:73:B7:2E:E9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/532e6ff3-f695-4c0f-a33b-20d8b250c362.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:07:04:2f:0e:bd:0e:f1:c5:c3:9d:d5:62:2d:4f:54:87:ff:
         75:41:97:28:bc:88:f7:22:f9:9a:fb:e9:7d:ba:b0:22:dd:3d:
         d7:eb:e2:28:12:b4:10:94:f6:05:66:d7:30:9b:03:a0:0f:5c:
         89:ef:fc:d3:01:d2:cf:12:b0:92:c1:d8:76:e3:af:63:23:48:
         f1:4b:74:29:ee:9f:33:33:36:1b:93:07:6a:54:e9:84:06:bb:
         ab:58:8c:ec:7b:45:c0:c7:48:e4:b5:05:a0:b7:ce:99:25:37:
         4a:da:1d:0f:27:e0:cd:22:e6:c0:bb:49:99:c0:1d:4b:10:47:
         4f:00:d0:4f:fb:fd:57:09:16:a3:35:98:2c:75:bd:da:6c:0d:
         0f:3f:43:b0:9d:af:59:fc:2c:1d:48:8a:d5:9a:0e:47:b0:0e:
         9b:d3:37:aa:4b:3e:d3:27:8e:b0:ba:88:e4:53:e5:4a:02:24:
         1a:af:8e:2a:99:3b:0d:bf:3f:9c:f1:8e:6c:0c:39:a2:10:a8:
         6e:02:79:9c:29:a7:1f:d9:01:50:76:fa:53:c2:f1:00:44:e7:
         89:9a:9e:e3:45:71:2f:da:c8:29:1d:71:72:35:15:c7:f4:d5:
         ef:0a:e7:fc:6e:65:f8:30:db:74:13:7e:85:84:5a:b5:8b:63:
         74:8f:88:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKnAATApG7ykmCuCdZ6KhPUtOmwkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTYxMjMxWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTA1ZmYzNWNhMWIwYjJmMDJiMmFhODk5YjQ4NTE3YWM2
Nzg0ZDU3MjNkZWE4ZjBiYzE5NmVkZmIzZDQzNTY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIUixDLwqI7+xMVBvcBWSK786PjEq5f40XbHdZ5D22ifRx
2u9qmS9xJUhLDag6sdAuhSYujO7rYQyF3sO1qM5dJw2esz9o+chYrWqKMmRB0se7
wmXeD0MeUd8CGVh2zUeb+6OqeMplfB0ysQKfk4DDftgoUXlq6ilSWMhfRHohDtOK
FE3ucE6Viw5105vTmsJpy5NVKFlZB2hyavcfYNf+CwsFD1fn174y4ni3ZUZVpgiS
uvOAQudvYZ7HzW6bVglbNGEo+rm91dpCNfQ3uzVW1+BuwyXoEnckJ+iciwqqGtHd
jzDzIH0cvgIKVFZIyk7g8ItTC1i4mgef2I0WX44NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfsQlFwSXxV4HpRPK6wcG13O3LukwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUzMmU2ZmYzLWY2OTUtNGMwZi1hMzNiLTIwZDhiMjUwYzM2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpVQwDQYJKoZIhvcNAQELBQADggEBAKEHBC8OvQ7xxcOd1WItT1SH/3VB
lyi8iPci+Zr76X26sCLdPdfr4igStBCU9gVm1zCbA6APXInv/NMB0s8SsJLB2Hbj
r2MjSPFLdCnunzMzNhuTB2pU6YQGu6tYjOx7RcDHSOS1BaC3zpklN0raHQ8n4M0i
5sC7SZnAHUsQR08A0E/7/VcJFqM1mCx1vdpsDQ8/Q7Cdr1n8LB1IitWaDkewDpvT
N6pLPtMnjrC6iORT5UoCJBqvjiqZOw2/P5zxjmwMOaIQqG4CeZwppx/ZAVB2+lPC
8QBE54manuNFcS/ayCkdcXI1Fcf01e8K5/xuZfgw23QTfoWEWrWLY3SPiBE=
-----END CERTIFICATE-----