Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/56783d29-2f42-4a5d-bcdc-0b5575c2b930.roa
File:                     56783d29-2f42-4a5d-bcdc-0b5575c2b930.roa (raw, json)
Hash identifier:          kEYnxZ+C0bYCm7kMPZFip0mGRs2m7UFdX93vCvM8VjM=
Subject key identifier:   EC:A0:EE:99:60:D9:57:31:F8:8B:80:90:43:E0:FB:DB:AA:E1:10:0B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4EED2B3167B935DA1F2AC22048EC6F60DD76FA06
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/56783d29-2f42-4a5d-bcdc-0b5575c2b930.roa
Signing time:             Sat 18 Oct 2025 15:23:54 +0000
ROA not before:           Sat 18 Oct 2025 15:23:54 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.172.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ed:2b:31:67:b9:35:da:1f:2a:c2:20:48:ec:6f:60:dd:76:fa:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 15:23:54 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=47165faab1e809475a15ca1e6163cd4a8ecab153fc4463a23ff676f6026d6546, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:88:95:2a:bb:17:65:e7:2e:ef:a2:81:a7:74:
                    3a:1b:bb:2b:b3:15:93:ff:12:b2:a2:b0:07:1a:ee:
                    66:92:ba:99:93:96:37:02:cf:e3:3a:e9:01:3b:34:
                    f8:a2:cc:b8:4b:84:73:db:a0:8e:0b:88:92:da:db:
                    94:f3:f9:6d:a4:02:d2:73:26:4a:32:f2:34:92:cc:
                    1d:bc:d9:f6:1e:49:4a:5e:1a:09:d2:11:7b:21:17:
                    af:78:e3:e8:8f:91:70:87:89:87:cd:14:d1:9b:5a:
                    dd:3a:37:88:c9:74:20:45:22:f0:9d:9f:07:c3:67:
                    ff:27:8b:7d:cc:b3:73:5d:e9:d4:1d:7f:bd:67:52:
                    f2:a9:f5:af:b3:5c:0b:8d:a0:3b:e1:2a:e8:51:e6:
                    77:02:ac:c8:a0:05:65:d7:65:7f:16:9f:4d:35:df:
                    24:64:9f:0b:7a:07:87:e4:92:57:f2:aa:eb:cc:53:
                    66:f1:11:0f:2d:a4:dc:b7:07:b8:97:ef:3a:23:d7:
                    c1:fc:52:43:4d:df:cd:5b:de:57:56:9a:fe:42:81:
                    fc:1c:85:ab:83:da:b3:90:0d:a3:38:c8:02:70:77:
                    cc:57:9a:7a:ba:18:53:f6:fc:d2:3e:4a:34:e8:87:
                    1a:c7:42:00:e0:2f:d2:e7:a1:41:c6:3c:b1:a5:3a:
                    72:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A0:EE:99:60:D9:57:31:F8:8B:80:90:43:E0:FB:DB:AA:E1:10:0B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/56783d29-2f42-4a5d-bcdc-0b5575c2b930.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.172.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:da:b1:53:78:15:7d:58:46:bb:b4:33:65:bf:74:81:90:0a:
         b3:1a:5d:d4:11:2c:54:fd:a6:46:6e:e8:61:70:1a:2d:8f:00:
         be:49:d6:8c:f0:71:4d:62:86:28:c5:68:b7:73:c3:b4:dd:08:
         cf:27:1a:c1:41:f5:ad:15:f6:bd:b5:8e:39:74:e3:1f:14:d8:
         db:ff:d4:79:94:95:31:8c:18:eb:e1:18:75:8c:43:2f:83:7e:
         48:02:b7:4f:f5:c8:76:19:70:c8:95:e9:72:c6:a9:95:aa:b0:
         21:d8:e8:21:63:b6:d7:d0:37:f6:92:82:e2:89:2f:ce:20:d2:
         9a:b0:8d:63:26:7f:44:32:90:be:9a:e8:55:a9:02:1b:9f:8a:
         a9:2c:e8:c5:f6:94:89:80:a5:63:0f:65:13:f6:a1:38:02:2d:
         68:2a:c3:fb:d4:f1:dc:be:8b:9c:fb:7f:b8:9a:60:8b:e3:06:
         4e:50:c4:9c:86:70:e3:bc:bc:58:ed:19:d3:53:f0:fb:88:47:
         37:cb:a6:b7:f2:8c:77:ed:8c:ef:78:53:87:31:bf:3d:9a:a7:
         d4:e3:3c:bf:d8:96:02:f7:fe:17:14:d6:59:3a:a5:19:ff:0f:
         f3:39:d8:70:33:38:fe:ec:80:a1:11:2a:01:ba:ce:ab:03:53:
         72:d1:80:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTu0rMWe5NdofKsIgSOxvYN12+gYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTUyMzU0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzE2NWZhYWIxZTgwOTQ3NWExNWNhMWU2MTYzY2Q0YThl
Y2FiMTUzZmM0NDYzYTIzZmY2NzZmNjAyNmQ2NTQ2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRiJUquxdl5y7vooGndDobuyuzFZP/ErKisAca7maSupmT
ljcCz+M66QE7NPiizLhLhHPboI4LiJLa25Tz+W2kAtJzJkoy8jSSzB282fYeSUpe
GgnSEXshF6944+iPkXCHiYfNFNGbWt06N4jJdCBFIvCdnwfDZ/8ni33Ms3Nd6dQd
f71nUvKp9a+zXAuNoDvhKuhR5ncCrMigBWXXZX8Wn0013yRknwt6B4fkklfyquvM
U2bxEQ8tpNy3B7iX7zoj18H8UkNN381b3ldWmv5CgfwchauD2rOQDaM4yAJwd8xX
mnq6GFP2/NI+SjTohxrHQgDgL9LnoUHGPLGlOnKRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7KDumWDZVzH4i4CQQ+D726rhEAswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU2NzgzZDI5LTJmNDItNGE1ZC1iY2RjLTBiNTU3NWMyYjkzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISrMAwDQYJKoZIhvcNAQELBQADggEBAKzasVN4FX1YRru0M2W/dIGQCrMa
XdQRLFT9pkZu6GFwGi2PAL5J1ozwcU1ihijFaLdzw7TdCM8nGsFB9a0V9r21jjl0
4x8U2Nv/1HmUlTGMGOvhGHWMQy+DfkgCt0/1yHYZcMiV6XLGqZWqsCHY6CFjttfQ
N/aSguKJL84g0pqwjWMmf0QykL6a6FWpAhufiqks6MX2lImApWMPZRP2oTgCLWgq
w/vU8dy+i5z7f7iaYIvjBk5QxJyGcOO8vFjtGdNT8PuIRzfLprfyjHftjO94U4cx
vz2ap9TjPL/YlgL3/hcU1lk6pRn/D/M52HAzOP7sgKERKgG6zqsDU3LRgLQ=
-----END CERTIFICATE-----