Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/556d9752-9ec2-45f3-b812-4b5ceb539239.roa
File:                     556d9752-9ec2-45f3-b812-4b5ceb539239.roa (raw, json)
Hash identifier:          4SIwOpOtjSIcDFNY8X+qUezoWk/iogOIKHU6RBTtvAc=
Subject key identifier:   6F:D2:9F:52:A3:7A:44:D6:D7:1D:B1:C5:DF:CC:0E:6F:85:09:1B:B3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5A297DD6783591EE3A80CB9081FFDB15830202
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/556d9752-9ec2-45f3-b812-4b5ceb539239.roa
Signing time:             Thu 16 Oct 2025 15:08:56 +0000
ROA not before:           Thu 16 Oct 2025 15:08:56 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:29:7d:d6:78:35:91:ee:3a:80:cb:90:81:ff:db:15:83:02:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 15:08:56 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=11ed9be80d21a14525c6455f18eb9f01121af43903c35582cf2586c02ed0ce13, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:99:af:f9:2b:a9:7e:c0:cf:0a:8f:8d:86:38:
                    1a:2d:5d:f9:af:cb:2b:50:d1:33:01:b2:00:81:a0:
                    2d:de:3e:84:dd:ea:b9:49:1b:9c:65:14:87:83:4f:
                    64:a0:6c:e8:52:6f:3c:55:3f:44:64:ac:3b:65:34:
                    cc:0a:85:74:93:4b:a5:5e:77:3f:f4:9f:b4:33:ee:
                    06:d6:a8:87:43:e4:9d:43:ec:a9:b2:cc:b4:2f:aa:
                    bf:11:95:03:ab:69:97:cf:b8:63:09:06:88:33:6c:
                    81:4c:a0:43:40:1c:63:64:d2:55:63:ba:f1:96:3b:
                    de:58:e4:a2:7e:5d:e7:5e:d3:6f:e1:f0:8b:27:fa:
                    ee:5a:b9:34:ac:d8:09:2e:24:bc:60:b6:cf:a4:12:
                    ed:19:38:c4:83:da:ac:80:d9:f8:73:d9:6e:bb:bf:
                    1c:75:fe:f9:b3:73:50:a8:f2:76:b4:f1:06:c1:12:
                    1b:5d:28:2e:a5:94:92:af:c2:42:5c:d7:f0:aa:35:
                    25:be:60:ad:9c:f9:7e:39:88:96:c2:2e:96:ba:10:
                    44:ef:10:1e:d6:38:5c:64:a6:4e:e8:69:62:af:b0:
                    8a:28:6a:fc:3f:13:d2:73:7e:74:e5:08:02:6c:79:
                    7f:3c:a1:46:c3:ec:04:fa:09:1f:cf:d7:f7:79:06:
                    a8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D2:9F:52:A3:7A:44:D6:D7:1D:B1:C5:DF:CC:0E:6F:85:09:1B:B3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/556d9752-9ec2-45f3-b812-4b5ceb539239.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:33:1d:29:21:1a:6a:cd:fb:9f:fb:ee:40:8b:8f:d5:d7:68:
         b9:cb:11:84:8a:b5:15:a3:a8:ba:d1:53:8a:bd:ec:be:f2:eb:
         e5:bc:d8:0d:33:f1:f9:86:24:d5:5a:b0:f4:39:e4:d8:08:72:
         f9:14:b2:40:eb:42:be:8e:df:ca:39:eb:d0:35:fc:72:9d:01:
         b4:3b:36:6d:ce:af:68:24:c5:d9:d2:b7:65:75:32:03:17:ff:
         51:8f:51:f5:b9:06:5b:53:65:40:2d:4d:15:04:d5:e9:83:c9:
         eb:e8:46:55:1c:d6:2f:09:c8:d5:8d:92:43:e6:78:ab:d0:a8:
         0f:f6:59:8b:60:87:b6:e4:e0:64:ca:72:a1:6e:b3:f1:7b:7c:
         ae:b4:d7:9f:73:da:47:0b:17:b9:ed:0a:bc:3e:4d:ec:02:2a:
         26:bb:0f:8a:0d:6b:8e:bb:c4:45:89:cb:f6:e1:f8:d6:76:2b:
         d3:81:92:7e:85:69:06:18:26:d8:45:09:0a:b2:85:fc:9b:cd:
         e4:de:d2:55:f3:cd:18:c0:1b:ea:97:66:58:5c:25:fd:ce:84:
         0c:a5:f0:cb:bb:d9:be:fb:ea:6e:fd:2b:67:cb:30:36:24:29:
         01:38:57:a5:08:93:9f:75:60:f2:20:a1:e9:d1:0d:5c:88:f4:
         cd:26:a7:63
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITWil91ng1ke46gMuQgf/bFYMCAjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTEwMTYxNTA4NTZaFw0yNTExMjAyMzU5NTla
MHoxSTBHBgNVBAUTQDExZWQ5YmU4MGQyMWExNDUyNWM2NDU1ZjE4ZWI5ZjAxMTIx
YWY0MzkwM2MzNTU4MmNmMjU4NmMwMmVkMGNlMTMxLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIOZr/krqX7AzwqPjYY4Gi1d+a/LK1DRMwGyAIGgLd4+hN3q
uUkbnGUUh4NPZKBs6FJvPFU/RGSsO2U0zAqFdJNLpV53P/SftDPuBtaoh0PknUPs
qbLMtC+qvxGVA6tpl8+4YwkGiDNsgUygQ0AcY2TSVWO68ZY73ljkon5d517Tb+Hw
iyf67lq5NKzYCS4kvGC2z6QS7Rk4xIParIDZ+HPZbru/HHX++bNzUKjydrTxBsES
G10oLqWUkq/CQlzX8Ko1Jb5grZz5fjmIlsIulroQRO8QHtY4XGSmTuhpYq+wiihq
/D8T0nN+dOUIAmx5fzyhRsPsBPoJH8/X93kGqKsCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBRv0p9So3pE1tcdscXfzA5vhQkbszAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvNTU2ZDk3NTItOWVjMi00NWYzLWI4MTItNGI1Y2ViNTM5MjM5LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEABJECjANBgkqhkiG9w0BAQsFAAOCAQEArzMdKSEaas37n/vuQIuP1ddoucsR
hIq1FaOoutFTir3svvLr5bzYDTPx+YYk1Vqw9Dnk2Ahy+RSyQOtCvo7fyjnr0DX8
cp0BtDs2bc6vaCTF2dK3ZXUyAxf/UY9R9bkGW1NlQC1NFQTV6YPJ6+hGVRzWLwnI
1Y2SQ+Z4q9CoD/ZZi2CHtuTgZMpyoW6z8Xt8rrTXn3PaRwsXue0KvD5N7AIqJrsP
ig1rjrvERYnL9uH41nYr04GSfoVpBhgm2EUJCrKF/JvN5N7SVfPNGMAb6pdmWFwl
/c6EDKXwy7vZvvvqbv0rZ8swNiQpAThXpQiTn3Vg8iCh6dENXIj0zSanYw==
-----END CERTIFICATE-----