Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e4e9e92-69f1-4054-8322-8a2c2a4d9ce5.roa
File:                     6e4e9e92-69f1-4054-8322-8a2c2a4d9ce5.roa (raw, json)
Hash identifier:          A+b4A8S2Lu/t/h7/Qa5gGN1riwHIehTSpuekbJ+gnAY=
Subject key identifier:   59:D3:CA:40:A6:7E:9E:BA:48:D7:67:18:DE:17:10:E4:5D:96:5D:E9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       37229644E191BD686270DBC265DC3668F5FF9445
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e4e9e92-69f1-4054-8322-8a2c2a4d9ce5.roa
Signing time:             Sun 19 Oct 2025 04:50:10 +0000
ROA not before:           Sun 19 Oct 2025 04:50:10 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:22:96:44:e1:91:bd:68:62:70:db:c2:65:dc:36:68:f5:ff:94:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 04:50:10 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=4da34c473eaf693b9bd92ca31d526fe007ec2986dabc68650addace1f187ee71, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d3:fe:bd:e3:c7:07:7b:95:4c:cb:d9:99:20:
                    54:4b:b3:62:07:71:ad:a1:ea:d4:73:6f:22:c0:18:
                    61:56:63:db:e9:f5:53:38:76:30:cb:4f:0a:57:04:
                    64:91:d0:14:6d:2b:d7:b6:53:e5:e4:8a:c2:2d:6f:
                    68:32:ba:2c:82:f3:8b:b3:c5:27:e8:e1:3d:ec:2f:
                    31:7c:ef:96:49:17:de:91:90:3c:ac:aa:37:e1:10:
                    fb:48:71:aa:0e:d1:a7:78:39:c6:50:35:3d:c6:2b:
                    44:6c:4e:52:c1:10:6e:f5:a5:63:c7:8d:59:5d:97:
                    da:69:c8:30:32:be:ab:50:2a:71:16:fa:47:22:31:
                    8e:1f:f3:79:e1:f3:8a:15:77:1f:16:8a:4f:94:99:
                    18:0e:58:c4:89:1e:a8:2b:7a:ba:39:fd:e1:b4:81:
                    3b:97:97:40:a5:43:fb:3c:5a:ae:96:ac:4a:81:fe:
                    bb:65:f7:72:b9:a6:82:0b:3c:01:ea:82:01:4b:d3:
                    d2:54:79:f0:e0:1c:15:e0:2a:b6:66:96:8e:58:a0:
                    13:71:68:98:42:29:a7:8a:e0:ce:9b:dc:47:25:08:
                    ce:98:5f:27:2f:dc:64:a7:32:4c:99:46:0a:77:4a:
                    5e:ed:d9:de:f3:d4:7e:ef:78:7b:d4:ee:cd:7c:8c:
                    6d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D3:CA:40:A6:7E:9E:BA:48:D7:67:18:DE:17:10:E4:5D:96:5D:E9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e4e9e92-69f1-4054-8322-8a2c2a4d9ce5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:c6:8d:cc:ce:3d:a2:ce:2d:73:b0:35:87:81:7d:12:97:a1:
         3e:61:2a:61:7b:3d:91:ac:c2:c0:97:e4:97:96:1d:51:9c:5f:
         87:f1:88:80:46:77:07:c3:ba:90:53:9a:87:dd:40:f7:fb:47:
         80:ef:cd:63:45:80:fa:84:44:5d:94:b9:6b:52:60:7c:ba:70:
         5f:e1:81:33:b2:09:f0:23:c4:7f:d3:ba:f0:26:57:a0:2d:54:
         8e:62:76:1b:7b:36:0d:61:ef:c3:c7:d6:98:ac:14:a9:ae:29:
         0b:46:47:e7:ca:a6:f7:72:2a:4b:db:bb:45:d6:b8:e0:c9:83:
         7c:af:41:a0:23:84:31:45:87:10:b3:a5:7c:31:d1:45:2e:dd:
         2e:96:d5:e4:69:60:cb:d7:03:7b:cc:52:fe:62:b4:bb:42:02:
         03:0b:fc:13:f2:2a:b8:65:3d:70:60:ed:09:a5:f6:6e:1d:37:
         18:78:35:65:3e:d2:83:33:f1:70:a2:ff:d5:df:b7:12:a3:c3:
         cd:f8:dd:e7:ca:2b:89:be:e6:75:50:8b:15:88:97:ed:77:83:
         a0:be:75:7a:5d:18:ea:68:08:6b:91:af:6a:0f:4a:ca:ce:26:
         4c:79:14:ce:d6:0f:13:66:ab:5a:72:fd:24:63:76:76:56:c8:
         9f:e3:69:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNyKWROGRvWhicNvCZdw2aPX/lEUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDQ1MDEwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGEzNGM0NzNlYWY2OTNiOWJkOTJjYTMxZDUyNmZlMDA3
ZWMyOTg2ZGFiYzY4NjUwYWRkYWNlMWYxODdlZTcxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCg0/6948cHe5VMy9mZIFRLs2IHca2h6tRzbyLAGGFWY9vp
9VM4djDLTwpXBGSR0BRtK9e2U+XkisItb2gyuiyC84uzxSfo4T3sLzF875ZJF96R
kDysqjfhEPtIcaoO0ad4OcZQNT3GK0RsTlLBEG71pWPHjVldl9ppyDAyvqtQKnEW
+kciMY4f83nh84oVdx8Wik+UmRgOWMSJHqgrero5/eG0gTuXl0ClQ/s8Wq6WrEqB
/rtl93K5poILPAHqggFL09JUefDgHBXgKrZmlo5YoBNxaJhCKaeK4M6b3EclCM6Y
Xycv3GSnMkyZRgp3Sl7t2d7z1H7veHvU7s18jG1DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWdPKQKZ+nrpI12cY3hcQ5F2WXekwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZlNGU5ZTkyLTY5ZjEtNDA1NC04MzIyLThhMmMyYTRkOWNlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpbAwDQYJKoZIhvcNAQELBQADggEBALDGjczOPaLOLXOwNYeBfRKXoT5h
KmF7PZGswsCX5JeWHVGcX4fxiIBGdwfDupBTmofdQPf7R4DvzWNFgPqERF2UuWtS
YHy6cF/hgTOyCfAjxH/TuvAmV6AtVI5idht7Ng1h78PH1pisFKmuKQtGR+fKpvdy
Kkvbu0XWuODJg3yvQaAjhDFFhxCzpXwx0UUu3S6W1eRpYMvXA3vMUv5itLtCAgML
/BPyKrhlPXBg7Qml9m4dNxh4NWU+0oMz8XCi/9XftxKjw8343efKK4m+5nVQixWI
l+13g6C+dXpdGOpoCGuRr2oPSsrOJkx5FM7WDxNmq1py/SRjdnZWyJ/jafQ=
-----END CERTIFICATE-----