Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/59e0ab6d-a0f7-4f7b-9050-6171881ecfc5.roa
File:                     59e0ab6d-a0f7-4f7b-9050-6171881ecfc5.roa (raw, json)
Hash identifier:          gkphb9rrUx5RrpMELmnICGTnIN2FYJM6kvhmnZeyxRo=
Subject key identifier:   CC:D2:08:BE:12:19:DA:D0:41:55:62:A6:20:02:29:B8:5F:C0:5D:FC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       01B9023B7F07A1D6DE3EC790366ACD6A4675A2C6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/59e0ab6d-a0f7-4f7b-9050-6171881ecfc5.roa
Signing time:             Sat 18 Oct 2025 12:12:21 +0000
ROA not before:           Sat 18 Oct 2025 12:12:21 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b9:02:3b:7f:07:a1:d6:de:3e:c7:90:36:6a:cd:6a:46:75:a2:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 12:12:21 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=f775e4190498657f663924d7ccc941d02651f6b80b1830bf3b614897be599538, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:69:10:c2:e7:84:0f:b5:47:c5:d8:19:c6:75:
                    2b:14:7d:e6:f0:4d:9e:c9:5f:35:f7:ca:26:be:d2:
                    2f:c3:8e:b6:e3:9f:66:3c:79:36:d4:ca:20:fd:f4:
                    cb:5a:3f:fc:d1:ca:53:81:7a:70:43:d7:0a:20:f2:
                    22:13:79:a9:54:4d:87:12:f1:21:63:c6:3c:99:de:
                    97:3d:32:d5:4a:c5:8e:b9:d4:58:1b:2b:ee:02:c5:
                    d6:7b:a5:60:f3:3d:35:11:a9:9a:47:27:ec:c6:a6:
                    e4:6f:c5:3b:da:35:9e:27:a7:d4:bd:38:5b:74:08:
                    a0:cc:34:ad:b5:87:8a:99:39:7b:2e:8f:f2:75:7c:
                    be:ea:b6:51:bb:3f:7d:dd:8e:6c:9b:8e:07:92:e9:
                    32:8d:70:15:1e:40:c7:b7:70:d4:2e:84:12:22:35:
                    20:75:0b:e1:ff:c0:26:87:46:12:d2:e7:5a:fd:10:
                    f5:28:23:33:ca:54:d1:97:66:7b:47:dd:03:75:aa:
                    d8:03:45:f9:a7:ca:a1:27:15:c3:e3:e1:4f:8b:db:
                    07:b7:8f:9f:bf:ba:a5:c2:44:0c:e3:b1:72:4a:5d:
                    36:67:41:ce:9a:e2:9e:28:d6:17:b6:2a:3d:69:62:
                    c6:39:f5:72:7f:da:f3:46:44:77:19:29:09:0c:e9:
                    99:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D2:08:BE:12:19:DA:D0:41:55:62:A6:20:02:29:B8:5F:C0:5D:FC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/59e0ab6d-a0f7-4f7b-9050-6171881ecfc5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:e9:79:0a:2a:27:86:e3:05:e1:15:08:d7:6e:ee:15:88:a1:
         8f:18:5c:89:db:cb:c4:02:83:82:bd:3c:f7:3d:9f:f1:85:63:
         b6:cd:de:f7:a7:8a:11:72:71:b6:aa:2c:58:c7:3c:95:ca:f1:
         81:77:41:f1:b2:a4:aa:64:62:03:de:a6:0e:cd:00:72:b6:ff:
         30:95:43:ac:24:8f:ab:31:42:c2:a2:91:de:7c:43:65:04:30:
         97:21:5a:bd:8e:3e:1c:e2:75:ca:db:40:14:38:69:f8:98:c6:
         dd:5e:eb:c2:8e:80:af:e3:27:7d:81:50:ef:9e:f9:93:04:7e:
         6c:4a:08:bb:5d:3f:c6:8f:93:0c:fe:16:4c:67:65:99:5e:e8:
         1f:3b:74:b2:96:09:e1:16:c8:e3:00:02:d8:04:b4:a5:e4:98:
         bc:ff:ed:04:69:40:fd:bf:1e:43:a7:36:d5:2e:18:63:fd:12:
         9d:82:66:85:dc:5d:92:f3:19:bf:69:4a:81:92:34:f9:b2:92:
         84:38:00:a3:41:ec:63:26:b3:54:ea:11:fd:a5:99:26:50:a1:
         ef:91:ae:ae:f7:ce:01:aa:33:7c:27:2e:06:15:f1:30:14:d0:
         59:16:b8:f9:b8:e8:1e:b0:e3:cc:a3:b4:c5:c8:5d:0d:61:de:
         72:e9:60:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAbkCO38HodbePseQNmrNakZ1osYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTIxMjIxWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzc1ZTQxOTA0OTg2NTdmNjYzOTI0ZDdjY2M5NDFkMDI2
NTFmNmI4MGIxODMwYmYzYjYxNDg5N2JlNTk5NTM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFaRDC54QPtUfF2BnGdSsUfebwTZ7JXzX3yia+0i/Djrbj
n2Y8eTbUyiD99MtaP/zRylOBenBD1wog8iITealUTYcS8SFjxjyZ3pc9MtVKxY65
1FgbK+4CxdZ7pWDzPTURqZpHJ+zGpuRvxTvaNZ4np9S9OFt0CKDMNK21h4qZOXsu
j/J1fL7qtlG7P33djmybjgeS6TKNcBUeQMe3cNQuhBIiNSB1C+H/wCaHRhLS51r9
EPUoIzPKVNGXZntH3QN1qtgDRfmnyqEnFcPj4U+L2we3j5+/uqXCRAzjsXJKXTZn
Qc6a4p4o1he2Kj1pYsY59XJ/2vNGRHcZKQkM6ZkbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzNIIvhIZ2tBBVWKmIAIpuF/AXfwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5ZTBhYjZkLWEwZjctNGY3Yi05MDUwLTYxNzE4ODFlY2ZjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASocIwDQYJKoZIhvcNAQELBQADggEBAJLpeQoqJ4bjBeEVCNdu7hWIoY8Y
XInby8QCg4K9PPc9n/GFY7bN3venihFycbaqLFjHPJXK8YF3QfGypKpkYgPepg7N
AHK2/zCVQ6wkj6sxQsKikd58Q2UEMJchWr2OPhzidcrbQBQ4afiYxt1e68KOgK/j
J32BUO+e+ZMEfmxKCLtdP8aPkwz+FkxnZZle6B87dLKWCeEWyOMAAtgEtKXkmLz/
7QRpQP2/HkOnNtUuGGP9Ep2CZoXcXZLzGb9pSoGSNPmykoQ4AKNB7GMms1TqEf2l
mSZQoe+Rrq73zgGqM3wnLgYV8TAU0FkWuPm46B6w48yjtMXIXQ1h3nLpYIQ=
-----END CERTIFICATE-----