Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/596d7b46-5edd-4a47-a272-f201758c6161.roa
File:                     596d7b46-5edd-4a47-a272-f201758c6161.roa (raw, json)
Hash identifier:          3J9RH3T9thDKmBFNmJ26LJcACKO6NRjFCuaIc1BNxF4=
Subject key identifier:   6D:DA:5F:1D:73:CE:1E:5F:7C:5D:A5:BF:72:FF:33:E2:2E:06:6A:87
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F727FE82B7791A9C5F5031F76D0C26AE9BC7CB0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/596d7b46-5edd-4a47-a272-f201758c6161.roa
Signing time:             Sat 18 Oct 2025 18:03:50 +0000
ROA not before:           Sat 18 Oct 2025 18:03:50 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:72:7f:e8:2b:77:91:a9:c5:f5:03:1f:76:d0:c2:6a:e9:bc:7c:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 18:03:50 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=444002a167338568a7edd876ef91553e66359001a7d7c10ef4a88bb43402c426, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:39:89:72:fa:41:b9:ff:ba:ea:0c:3f:5d:84:
                    de:37:17:42:0f:19:89:72:f8:8a:fe:ac:fe:06:2f:
                    c0:3d:36:f7:9d:ca:79:88:d0:1a:7d:bc:8c:e6:2a:
                    3f:72:e9:f7:ea:0c:f9:60:41:c8:4f:db:7f:05:85:
                    ad:1d:94:0d:d5:43:19:e6:31:77:ae:a5:35:52:4d:
                    af:0c:10:7a:0c:79:4c:db:ec:d6:78:2c:dc:b6:07:
                    04:dd:08:5f:78:d6:d1:b2:43:c0:fb:bf:b5:6b:66:
                    29:e0:83:02:6a:78:ef:64:bb:e0:69:30:83:5a:98:
                    11:3b:f2:ef:68:2c:e8:80:1a:63:9c:e0:0b:83:2e:
                    8b:e9:db:d2:4c:5b:70:b3:3d:cd:1b:4b:0f:4f:86:
                    83:39:17:94:bf:18:8a:05:cc:d6:7a:45:8c:92:01:
                    da:90:f9:c4:64:e0:e0:b5:c5:0f:fa:79:96:37:b6:
                    11:01:36:8b:75:f1:c5:fb:15:f9:67:df:ab:e4:42:
                    83:59:ea:3d:40:f6:d5:9f:f9:42:85:fb:81:c6:09:
                    4e:03:5f:63:5c:32:dd:00:94:8e:aa:14:75:c1:42:
                    22:9f:53:fc:a4:70:11:f6:21:ae:e7:a2:9f:70:46:
                    71:07:81:ea:90:fb:87:eb:f4:28:28:32:84:a7:08:
                    63:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DA:5F:1D:73:CE:1E:5F:7C:5D:A5:BF:72:FF:33:E2:2E:06:6A:87
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/596d7b46-5edd-4a47-a272-f201758c6161.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:cf:c4:5b:05:6f:1a:48:a1:5d:81:58:82:6b:72:1d:7b:2f:
         56:96:c7:35:6a:75:8f:e0:09:f6:1a:0e:32:16:55:ba:ba:f9:
         3e:7d:d1:af:2a:78:f7:b9:8e:ff:14:0b:c4:34:b7:fb:30:f6:
         ef:c1:56:4f:0f:19:22:f1:e1:a7:26:b0:57:49:ef:2c:52:ef:
         1a:a7:83:79:42:8b:86:a1:53:8d:17:66:68:23:24:99:3e:da:
         31:9b:3b:eb:11:03:49:f0:df:a3:7a:90:19:d4:24:7a:91:79:
         27:c6:cb:a0:8a:b0:b2:bd:5d:d4:cd:86:2b:86:c6:de:36:2c:
         ff:97:e7:77:24:59:f7:0b:31:33:91:ba:1d:59:75:77:c5:64:
         bd:ef:aa:9e:0e:80:a9:50:15:35:a6:62:ea:2a:fe:ce:1d:fb:
         56:19:f1:b5:f8:c6:88:eb:00:b8:d5:30:2d:86:89:fa:e5:f6:
         ed:8b:67:a0:32:76:27:65:f3:ee:ef:8b:dc:ee:cc:b1:6c:6a:
         38:08:98:ab:b3:60:14:66:95:08:73:42:52:a9:a2:19:6c:64:
         92:d1:5a:4f:e8:1c:16:a2:23:17:00:74:a7:80:bd:1f:f1:d7:
         50:86:50:6a:7a:b3:79:0e:f2:4b:7f:43:78:2b:36:f1:c1:7a:
         44:15:2d:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD3J/6Ct3kanF9QMfdtDCaum8fLAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTgwMzUwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDQwMDJhMTY3MzM4NTY4YTdlZGQ4NzZlZjkxNTUzZTY2
MzU5MDAxYTdkN2MxMGVmNGE4OGJiNDM0MDJjNDI2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvOYly+kG5/7rqDD9dhN43F0IPGYly+Ir+rP4GL8A9Nved
ynmI0Bp9vIzmKj9y6ffqDPlgQchP238Fha0dlA3VQxnmMXeupTVSTa8MEHoMeUzb
7NZ4LNy2BwTdCF941tGyQ8D7v7VrZinggwJqeO9ku+BpMINamBE78u9oLOiAGmOc
4AuDLovp29JMW3CzPc0bSw9PhoM5F5S/GIoFzNZ6RYySAdqQ+cRk4OC1xQ/6eZY3
thEBNot18cX7Ffln36vkQoNZ6j1A9tWf+UKF+4HGCU4DX2NcMt0AlI6qFHXBQiKf
U/ykcBH2Ia7nop9wRnEHgeqQ+4fr9CgoMoSnCGPLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbdpfHXPOHl98XaW/cv8z4i4GaocwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5NmQ3YjQ2LTVlZGQtNGE0Ny1hMjcyLWYyMDE3NThjNjE2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmsUwDQYJKoZIhvcNAQELBQADggEBAC3PxFsFbxpIoV2BWIJrch17L1aW
xzVqdY/gCfYaDjIWVbq6+T590a8qePe5jv8UC8Q0t/sw9u/BVk8PGSLx4acmsFdJ
7yxS7xqng3lCi4ahU40XZmgjJJk+2jGbO+sRA0nw36N6kBnUJHqReSfGy6CKsLK9
XdTNhiuGxt42LP+X53ckWfcLMTORuh1ZdXfFZL3vqp4OgKlQFTWmYuoq/s4d+1YZ
8bX4xojrALjVMC2Gifrl9u2LZ6Aydidl8+7vi9zuzLFsajgImKuzYBRmlQhzQlKp
ohlsZJLRWk/oHBaiIxcAdKeAvR/x11CGUGp6s3kO8kt/Q3grNvHBekQVLRE=
-----END CERTIFICATE-----