Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61c98c33-259e-4df8-91e7-fb463250a5a9.roa
File:                     61c98c33-259e-4df8-91e7-fb463250a5a9.roa (raw, json)
Hash identifier:          JEQwNdOxzkEQGhlsScHspXRutxLF0bxGnJcCY7T9OqY=
Subject key identifier:   6E:5A:BF:F8:52:78:A6:A6:E9:25:EA:01:9F:1B:77:46:11:0A:2D:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       33E6A335FE1D8A1FD09587AC4F61B1137A799597
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61c98c33-259e-4df8-91e7-fb463250a5a9.roa
Signing time:             Sat 18 Oct 2025 06:23:20 +0000
ROA not before:           Sat 18 Oct 2025 06:23:20 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e6:a3:35:fe:1d:8a:1f:d0:95:87:ac:4f:61:b1:13:7a:79:95:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 06:23:20 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=426c6c102414806a5fe1058caf8e831fd3d261c0a46a07bd775890841d92c1bd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ea:11:79:3d:04:fb:11:c1:87:b6:f8:b9:fa:
                    09:e0:93:6e:82:d9:8d:b5:f1:6f:bc:22:89:8c:fc:
                    e1:f6:52:92:ac:d2:c7:48:92:ca:97:33:33:6b:e5:
                    8d:31:3b:db:7d:13:71:1e:32:54:bb:ea:d0:40:ae:
                    6e:24:50:2a:8a:57:0a:9e:5c:02:3d:b5:b4:3e:ed:
                    d8:70:05:29:f5:c3:bb:9e:9a:c4:40:71:20:ec:2e:
                    1a:65:89:54:6e:74:ca:14:5a:cd:63:ba:67:99:2c:
                    a3:0d:e4:10:2b:43:21:61:78:34:b5:6a:a2:7e:5c:
                    a0:ca:17:e0:50:de:b6:41:56:74:bd:06:2b:58:16:
                    ce:60:01:1d:92:91:d3:52:af:44:7f:ba:d2:4e:7e:
                    ce:57:0b:e7:e8:87:b1:ba:f2:16:26:38:8f:06:af:
                    ec:fc:95:de:fa:bc:47:99:f0:a9:ea:b3:a1:62:d8:
                    d2:fa:14:5c:1d:32:7f:0d:9f:0f:31:84:89:69:3e:
                    c0:00:f6:91:5e:fa:0a:bd:99:7b:f7:68:b7:12:51:
                    d9:74:ce:7c:0c:06:29:24:74:70:f8:7f:79:be:a4:
                    99:e4:05:2f:8a:04:b5:37:e4:7d:74:39:5f:ab:a4:
                    51:d4:c7:41:66:dc:a9:43:76:dd:7b:61:eb:2b:60:
                    42:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5A:BF:F8:52:78:A6:A6:E9:25:EA:01:9F:1B:77:46:11:0A:2D:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61c98c33-259e-4df8-91e7-fb463250a5a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:ca:43:aa:c7:e0:ba:30:dc:96:af:84:84:9d:73:b9:36:b8:
         d0:18:26:00:9d:cb:ad:de:d1:e7:3b:6f:ab:ef:f2:ba:53:6e:
         14:a6:b3:eb:98:c2:93:14:e4:5c:55:c3:cd:61:b3:f9:2b:b8:
         84:d4:27:42:a6:68:a2:4c:c8:0b:22:85:85:55:93:d4:61:8e:
         10:b1:dc:a6:08:91:06:16:76:41:6d:e2:d0:f4:ed:48:b0:d4:
         9b:ee:39:ee:9b:21:66:db:b0:96:2d:fe:71:4e:44:ae:d9:9c:
         9a:64:3e:ae:8c:eb:8b:11:07:4c:47:aa:1c:62:8e:b5:ad:d4:
         91:55:00:50:22:24:07:aa:70:d9:35:2e:2e:0c:3d:05:3e:87:
         51:17:50:79:d2:2f:87:71:39:f6:e5:c2:9e:ed:e0:98:a1:f7:
         d0:74:c1:5f:6f:ae:b1:41:13:08:e4:e1:b0:31:31:23:09:2c:
         ec:f2:ba:c6:66:db:67:3f:94:e4:fa:8b:99:df:6b:65:16:02:
         f9:db:6f:ff:5c:79:21:1c:42:ab:8c:c8:23:c7:3b:5c:e0:0e:
         0f:bf:9d:82:26:22:c4:18:80:f0:2c:a0:48:04:c1:a1:e9:48:
         4e:52:b0:52:ee:90:d5:17:2e:45:86:08:d5:f4:09:3e:a1:a2:
         df:c8:25:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM+ajNf4dih/QlYesT2GxE3p5lZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDYyMzIwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjZjNmMxMDI0MTQ4MDZhNWZlMTA1OGNhZjhlODMxZmQz
ZDI2MWMwYTQ2YTA3YmQ3NzU4OTA4NDFkOTJjMWJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDh6hF5PQT7EcGHtvi5+gngk26C2Y218W+8IomM/OH2UpKs
0sdIksqXMzNr5Y0xO9t9E3EeMlS76tBArm4kUCqKVwqeXAI9tbQ+7dhwBSn1w7ue
msRAcSDsLhpliVRudMoUWs1jumeZLKMN5BArQyFheDS1aqJ+XKDKF+BQ3rZBVnS9
BitYFs5gAR2SkdNSr0R/utJOfs5XC+foh7G68hYmOI8Gr+z8ld76vEeZ8Knqs6Fi
2NL6FFwdMn8Nnw8xhIlpPsAA9pFe+gq9mXv3aLcSUdl0znwMBikkdHD4f3m+pJnk
BS+KBLU35H10OV+rpFHUx0Fm3KlDdt17YesrYEKhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUblq/+FJ4pqbpJeoBnxt3RhEKLdEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYxYzk4YzMzLTI1OWUtNGRmOC05MWU3LWZiNDYzMjUwYTVhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS7xswDQYJKoZIhvcNAQELBQADggEBADzKQ6rH4Low3JavhISdc7k2uNAY
JgCdy63e0ec7b6vv8rpTbhSms+uYwpMU5FxVw81hs/kruITUJ0KmaKJMyAsihYVV
k9RhjhCx3KYIkQYWdkFt4tD07Uiw1JvuOe6bIWbbsJYt/nFORK7ZnJpkPq6M64sR
B0xHqhxijrWt1JFVAFAiJAeqcNk1Li4MPQU+h1EXUHnSL4dxOfblwp7t4Jih99B0
wV9vrrFBEwjk4bAxMSMJLOzyusZm22c/lOT6i5nfa2UWAvnbb/9ceSEcQquMyCPH
O1zgDg+/nYImIsQYgPAsoEgEwaHpSE5SsFLukNUXLkWGCNX0CT6hot/IJXk=
-----END CERTIFICATE-----