Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa
File:                     5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa (raw, json)
Hash identifier:          W0TJN1mixhE/foAhv8ZcMRQeqdYs6W1yenZAgq59O+M=
Subject key identifier:   9C:DC:CF:B7:3B:F2:A6:C9:96:94:5D:FC:13:9A:02:C4:0A:CE:AF:A4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6E0F35B30D04E3018FE5A90BDF2278A4976FD89B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa
Signing time:             Wed 15 Oct 2025 18:31:10 +0000
ROA not before:           Wed 15 Oct 2025 18:31:10 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        128.181.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:0f:35:b3:0d:04:e3:01:8f:e5:a9:0b:df:22:78:a4:97:6f:d8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 18:31:10 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=1017caf3b7198920f4c11cb3898cd9fa5c5328b961c77c78eb0d8e80cb8f072c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:fb:c9:e7:52:0a:5a:99:ad:4d:93:82:98:c6:
                    44:29:fc:48:d1:29:a0:62:d0:82:83:d4:fc:c3:bc:
                    52:89:9f:1d:6f:f9:0e:3d:b9:29:6d:d0:7f:fd:14:
                    c8:29:83:50:5e:c1:f3:63:42:5b:13:1f:67:1d:14:
                    d9:62:c3:b9:0c:7f:01:8e:45:de:81:33:53:e8:a0:
                    1e:44:67:59:e4:44:1d:e8:f1:ce:83:7a:c0:fd:5c:
                    ff:91:1b:a6:7f:3a:42:3f:19:ce:7c:53:85:7a:96:
                    2a:aa:57:25:4f:b1:ef:46:7d:3a:7b:59:12:a1:ca:
                    d9:d5:f4:ac:6d:55:a2:59:b1:db:55:56:1c:02:53:
                    6e:15:9d:19:e2:be:08:3e:c3:10:ed:de:41:a1:70:
                    50:33:48:9d:9e:03:3e:40:db:8c:14:ca:b9:27:7f:
                    c6:96:9b:17:9e:d0:8a:c4:c4:f5:c8:93:3e:45:90:
                    3a:bf:0c:71:8b:2f:4e:b0:d8:e5:94:b0:55:cf:6e:
                    d3:39:2e:af:7f:9d:2b:0a:89:46:87:ef:b6:12:39:
                    70:f0:d5:93:f6:62:b9:3a:30:e0:88:f5:84:f9:1e:
                    eb:45:66:5e:83:13:3e:6e:f0:73:e5:27:eb:e2:73:
                    55:91:03:b1:9e:d7:3d:7c:9a:22:47:53:d9:71:3a:
                    bd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DC:CF:B7:3B:F2:A6:C9:96:94:5D:FC:13:9A:02:C4:0A:CE:AF:A4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e9689be-d86a-4ada-9b31-610dcf35ec4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.181.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         85:c5:c6:03:e0:da:e2:85:26:1f:40:3f:44:6a:62:68:5f:29:
         74:2d:a9:05:a0:ce:61:68:19:77:b6:f1:74:59:d8:b6:d8:a7:
         00:68:ba:4c:a3:da:20:91:f3:7e:ef:26:7f:c4:9c:4d:66:28:
         d2:16:66:91:c1:5d:89:95:6d:15:99:52:94:9c:fd:87:9f:01:
         f4:fe:72:ff:f8:31:d7:d2:b6:6e:d3:68:da:2d:5b:05:82:2c:
         b8:1c:f0:43:1c:6b:70:ba:b0:d6:16:2c:ac:a3:f7:9d:66:f7:
         d0:a0:4a:bd:9e:33:20:b5:b1:60:e3:8f:be:16:56:70:88:b4:
         e3:09:d4:8e:8d:0f:e3:7e:5e:05:d7:98:c3:cd:88:d4:b1:58:
         51:06:cb:16:2c:7d:b3:11:46:a2:ae:84:1e:fe:da:07:1f:c6:
         a3:14:04:8c:f7:d8:58:db:be:53:85:5b:03:72:8f:3a:22:0b:
         8b:5d:95:2d:4f:78:22:11:58:5b:13:bf:f1:3f:4d:b1:bf:0b:
         f9:ff:ae:93:83:39:7a:13:bd:b5:7f:22:80:91:31:cd:31:ff:
         74:55:ed:6e:0e:3f:65:b6:07:11:f5:63:9a:fe:99:c6:46:86:
         29:77:bd:94:f7:12:45:0b:62:e5:d3:a0:95:a9:29:31:c9:7e:
         8d:f9:2b:3c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbg81sw0E4wGP5akL3yJ4pJdv2JswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MTgzMTEwWhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMDE3Y2FmM2I3MTk4OTIwZjRjMTFjYjM4OThjZDlmYTVj
NTMyOGI5NjFjNzdjNzhlYjBkOGU4MGNiOGYwNzJjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW+8nnUgpama1Nk4KYxkQp/EjRKaBi0IKD1PzDvFKJnx1v
+Q49uSlt0H/9FMgpg1BewfNjQlsTH2cdFNliw7kMfwGORd6BM1PooB5EZ1nkRB3o
8c6DesD9XP+RG6Z/OkI/Gc58U4V6liqqVyVPse9GfTp7WRKhytnV9KxtVaJZsdtV
VhwCU24VnRnivgg+wxDt3kGhcFAzSJ2eAz5A24wUyrknf8aWmxee0IrExPXIkz5F
kDq/DHGLL06w2OWUsFXPbtM5Lq9/nSsKiUaH77YSOXDw1ZP2Yrk6MOCI9YT5HutF
Zl6DEz5u8HPlJ+vic1WRA7Ge1z18miJHU9lxOr3dAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnNzPtzvypsmWlF38E5oCxArOr6QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVlOTY4OWJlLWQ4NmEtNGFkYS05YjMxLTYxMGRjZjM1ZWM0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCAtTANBgkqhkiG9w0BAQsFAAOCAQEAhcXGA+Da4oUmH0A/RGpiaF8pdC2p
BaDOYWgZd7bxdFnYttinAGi6TKPaIJHzfu8mf8ScTWYo0hZmkcFdiZVtFZlSlJz9
h58B9P5y//gx19K2btNo2i1bBYIsuBzwQxxrcLqw1hYsrKP3nWb30KBKvZ4zILWx
YOOPvhZWcIi04wnUjo0P435eBdeYw82I1LFYUQbLFix9sxFGoq6EHv7aBx/GoxQE
jPfYWNu+U4VbA3KPOiILi12VLU94IhFYWxO/8T9Nsb8L+f+uk4M5ehO9tX8igJEx
zTH/dFXtbg4/ZbYHEfVjmv6ZxkaGKXe9lPcSRQti5dOglakpMcl+jfkrPA==
-----END CERTIFICATE-----