Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/577a21df-0b1a-439f-b919-279ef7e01d9d.roa
File:                     577a21df-0b1a-439f-b919-279ef7e01d9d.roa (raw, json)
Hash identifier:          I+E0ZLKsXWTPSHJ2rugfUhtAioelNgSeDPEMsxTJqys=
Subject key identifier:   AF:C2:88:76:35:50:23:B7:A2:19:81:8C:41:FA:82:5D:92:F8:2E:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       38134C0AA75E39A469D5589F968E38857E16EB1B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/577a21df-0b1a-439f-b919-279ef7e01d9d.roa
Signing time:             Thu 16 Oct 2025 15:19:52 +0000
ROA not before:           Thu 16 Oct 2025 15:19:52 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:13:4c:0a:a7:5e:39:a4:69:d5:58:9f:96:8e:38:85:7e:16:eb:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 15:19:52 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=4bb099750e9962c0094c04424fb92d5c8381e6a22881eefb3d62e80c5fadea98, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:c2:f8:a5:60:94:1f:73:4f:32:b7:4a:ba:
                    f6:ab:cb:15:bf:29:9b:f8:d0:b8:75:32:8c:e3:f2:
                    a0:a4:46:12:08:3f:4c:09:15:f4:9f:d5:e6:20:0c:
                    e8:88:66:68:4d:49:fa:c6:3d:7a:d0:49:cb:f4:7e:
                    74:b7:06:bd:28:2f:1b:94:f3:81:8a:c9:8a:1e:64:
                    d6:7b:e4:0c:48:df:cf:2a:97:36:d3:04:a2:52:b4:
                    72:ce:66:30:c1:fa:0f:b7:9b:25:df:b0:0e:b8:f8:
                    af:02:45:e1:f4:d5:e2:34:fe:d5:a8:c3:0e:72:7e:
                    d4:6e:69:45:8c:86:3e:00:f3:33:0e:ed:9a:0e:7e:
                    87:ab:65:9a:c4:82:35:f0:bf:06:ac:a5:2e:16:13:
                    10:84:51:06:21:ee:10:b4:86:de:e8:5d:9d:51:84:
                    d7:b5:a9:1d:65:3d:17:cd:a1:f3:68:16:2c:87:ac:
                    42:1a:bc:04:a4:99:97:ed:18:2f:21:eb:55:ab:2f:
                    7a:37:6b:a2:34:90:03:dc:ee:88:cd:a8:33:1d:c9:
                    b5:89:ce:11:53:f4:33:b1:0f:35:b0:4b:0c:ae:64:
                    db:10:85:55:3d:f2:64:1b:b7:32:2d:ec:ac:53:9c:
                    70:24:19:81:96:00:be:42:b3:41:3e:c6:5c:f2:af:
                    2c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:C2:88:76:35:50:23:B7:A2:19:81:8C:41:FA:82:5D:92:F8:2E:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/577a21df-0b1a-439f-b919-279ef7e01d9d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:a0:18:09:9a:59:9e:cb:5d:17:cf:c3:40:30:1a:c4:49:13:
         05:43:52:38:0f:be:bf:96:77:e5:6e:da:c8:0a:c7:90:b3:66:
         2a:e0:8b:3a:18:95:26:15:05:d0:cd:d2:3b:90:96:b4:0f:34:
         8a:be:48:99:ec:c0:ad:85:1f:ec:a8:84:e9:92:55:e1:e0:0e:
         16:75:78:85:64:b6:23:26:0b:c7:59:3b:6d:c8:0f:90:d3:2e:
         aa:c9:e5:b3:5a:37:5c:06:db:26:6e:14:da:25:49:dd:fe:ee:
         61:c3:d2:fb:54:87:c9:a8:75:42:47:7a:27:f8:5b:40:50:e8:
         e3:58:e6:38:fd:73:6a:bf:d6:38:a7:be:d4:82:6b:33:85:c7:
         8f:ae:50:ed:cc:00:11:59:3e:d7:a1:14:84:44:02:13:7f:25:
         7f:97:3c:5b:42:ac:ee:41:c5:92:db:a1:2b:5d:b8:d1:46:f6:
         99:62:bf:0a:0c:94:37:1c:05:b3:ee:e7:c4:fa:e2:90:68:c6:
         54:87:2e:18:31:ae:af:68:ea:43:a8:c1:73:66:8d:04:b1:b6:
         d9:1d:85:9a:e8:64:6e:55:f7:35:a0:59:25:d2:7b:c8:15:ea:
         0d:3e:68:8c:56:2a:0b:e5:9f:ad:9b:79:3c:d7:98:4f:8a:9c:
         76:dd:76:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOBNMCqdeOaRp1Viflo44hX4W6xswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTUxOTUyWhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmIwOTk3NTBlOTk2MmMwMDk0YzA0NDI0ZmI5MmQ1Yzgz
ODFlNmEyMjg4MWVlZmIzZDYyZTgwYzVmYWRlYTk4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3aML4pWCUH3NPMrdKuvaryxW/KZv40Lh1Mozj8qCkRhII
P0wJFfSf1eYgDOiIZmhNSfrGPXrQScv0fnS3Br0oLxuU84GKyYoeZNZ75AxI388q
lzbTBKJStHLOZjDB+g+3myXfsA64+K8CReH01eI0/tWoww5yftRuaUWMhj4A8zMO
7ZoOfoerZZrEgjXwvwaspS4WExCEUQYh7hC0ht7oXZ1RhNe1qR1lPRfNofNoFiyH
rEIavASkmZftGC8h61WrL3o3a6I0kAPc7ojNqDMdybWJzhFT9DOxDzWwSwyuZNsQ
hVU98mQbtzIt7KxTnHAkGYGWAL5Cs0E+xlzyryxLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr8KIdjVQI7eiGYGMQfqCXZL4LhowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU3N2EyMWRmLTBiMWEtNDM5Zi1iOTE5LTI3OWVmN2UwMWQ5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASRGIwDQYJKoZIhvcNAQELBQADggEBADCgGAmaWZ7LXRfPw0AwGsRJEwVD
UjgPvr+Wd+Vu2sgKx5CzZirgizoYlSYVBdDN0juQlrQPNIq+SJnswK2FH+yohOmS
VeHgDhZ1eIVktiMmC8dZO23ID5DTLqrJ5bNaN1wG2yZuFNolSd3+7mHD0vtUh8mo
dUJHeif4W0BQ6ONY5jj9c2q/1jinvtSCazOFx4+uUO3MABFZPtehFIREAhN/JX+X
PFtCrO5BxZLboStduNFG9plivwoMlDccBbPu58T64pBoxlSHLhgxrq9o6kOowXNm
jQSxttkdhZroZG5V9zWgWSXSe8gV6g0+aIxWKgvln62beTzXmE+KnHbddpQ=
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:40:15 2025 by rpki-client