Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/746cb78f-882a-40fb-8950-495f0fb3b5db.roa
File:                     746cb78f-882a-40fb-8950-495f0fb3b5db.roa (raw, json)
Hash identifier:          tnhT1NPwdIQWVUG3E0yrdnQCV2Rs+T4QuQ2Tvgws1h4=
Subject key identifier:   A0:EC:6E:FB:CE:25:96:70:83:D0:BC:A6:01:87:D8:93:B3:06:5B:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0D15AE091819ADE529E5B85168866A39D339D325
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/746cb78f-882a-40fb-8950-495f0fb3b5db.roa
Signing time:             Sun 19 Oct 2025 18:31:34 +0000
ROA not before:           Sun 19 Oct 2025 18:31:34 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:15:ae:09:18:19:ad:e5:29:e5:b8:51:68:86:6a:39:d3:39:d3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 18:31:34 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b53431cc02563808605ad51a7a32fe8bf37d74ce1585ec0e6b57b9197c85ae30, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b2:6a:47:34:68:94:77:74:fc:42:65:1a:ee:
                    f3:1a:28:d6:e8:d5:47:16:3b:de:9b:5c:8f:02:93:
                    6a:a3:3b:83:b7:5f:88:4d:cd:08:5a:4b:a8:0d:33:
                    3e:5b:24:c4:a1:5a:b8:b3:a6:0f:07:9e:d2:3f:9a:
                    f8:3a:ce:b1:fe:37:9a:25:82:db:71:72:a7:70:7f:
                    56:d7:17:b2:4d:7e:d0:00:91:0d:ef:38:5f:32:98:
                    f3:1d:bc:0a:da:4a:fa:37:e9:90:6a:b1:b6:25:5a:
                    b0:f4:44:65:ec:a9:e1:5f:0f:e4:ca:5a:26:62:c6:
                    98:54:7b:81:05:02:ef:eb:d9:23:3c:17:17:dc:1e:
                    91:8d:a1:a5:b6:c3:af:78:28:3c:fc:22:bc:06:09:
                    7d:29:84:20:f2:31:91:8a:6e:0c:87:a3:23:48:74:
                    62:13:00:cf:f5:a2:ab:24:ff:9f:64:1b:ad:3a:79:
                    6e:50:d6:8f:b1:f7:21:66:9a:f2:c9:43:33:57:e0:
                    e6:75:f2:c1:2c:41:d4:30:a9:df:98:3b:c2:e2:72:
                    a8:76:db:eb:14:ae:ee:65:a2:f6:67:fc:09:c8:e9:
                    39:5b:1e:7d:21:f3:e5:74:17:f5:e2:49:83:2a:c0:
                    56:16:af:74:70:6e:db:6f:24:07:24:06:f5:ae:83:
                    d5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:EC:6E:FB:CE:25:96:70:83:D0:BC:A6:01:87:D8:93:B3:06:5B:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/746cb78f-882a-40fb-8950-495f0fb3b5db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:68:5e:1a:40:f1:ee:b6:af:3b:47:e4:05:60:1b:17:b4:f6:
         cf:77:ec:9d:28:76:b7:3f:b6:a0:29:56:37:0f:2e:13:76:83:
         6f:24:ae:15:c8:9e:0f:af:8c:27:1c:0f:b4:54:02:a7:b5:0f:
         c0:f0:4b:06:7f:49:d2:46:ed:d1:13:68:42:3a:a3:05:d4:ef:
         b3:b3:d3:0d:b6:e2:73:54:6e:63:08:32:1a:5d:83:2c:a6:65:
         dc:3f:25:65:ef:28:f8:75:bc:e6:1e:04:a0:a5:7e:55:2a:f8:
         db:77:13:fc:3c:e7:51:47:1e:75:13:80:df:df:03:9c:0e:07:
         98:84:bd:69:b7:36:93:c8:a4:b7:6e:1f:21:43:11:66:5e:8f:
         ad:9a:53:9f:85:e3:e2:35:c5:9c:23:e5:33:e0:4f:3b:7d:a1:
         5e:db:9c:2d:2a:d1:d7:fc:86:2f:6e:bf:3e:47:3f:c1:34:80:
         61:a7:e3:0c:4c:b3:0b:b4:11:2a:d7:4a:01:29:25:5a:74:cc:
         67:28:a9:7f:4a:08:c0:e2:70:5d:09:6d:09:2d:2b:8e:b5:65:
         84:40:db:f8:84:a3:57:f3:83:af:48:5e:ac:3b:4c:32:34:15:
         0d:75:3e:bf:85:42:75:5e:d3:15:5f:41:29:01:c1:e7:3d:18:
         70:a5:0b:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDRWuCRgZreUp5bhRaIZqOdM50yUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTgzMTM0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTM0MzFjYzAyNTYzODA4NjA1YWQ1MWE3YTMyZmU4YmYz
N2Q3NGNlMTU4NWVjMGU2YjU3YjkxOTdjODVhZTMwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZsmpHNGiUd3T8QmUa7vMaKNbo1UcWO96bXI8Ck2qjO4O3
X4hNzQhaS6gNMz5bJMShWrizpg8HntI/mvg6zrH+N5olgttxcqdwf1bXF7JNftAA
kQ3vOF8ymPMdvAraSvo36ZBqsbYlWrD0RGXsqeFfD+TKWiZixphUe4EFAu/r2SM8
FxfcHpGNoaW2w694KDz8IrwGCX0phCDyMZGKbgyHoyNIdGITAM/1oqsk/59kG606
eW5Q1o+x9yFmmvLJQzNX4OZ18sEsQdQwqd+YO8Licqh22+sUru5lovZn/AnI6Tlb
Hn0h8+V0F/XiSYMqwFYWr3RwbttvJAckBvWug9WZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoOxu+84llnCD0LymAYfYk7MGWxowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0NmNiNzhmLTg4MmEtNDBmYi04OTUwLTQ5NWYwZmIzYjVkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSQSgwDQYJKoZIhvcNAQELBQADggEBAGhoXhpA8e62rztH5AVgGxe09s93
7J0odrc/tqApVjcPLhN2g28krhXIng+vjCccD7RUAqe1D8DwSwZ/SdJG7dETaEI6
owXU77Oz0w224nNUbmMIMhpdgyymZdw/JWXvKPh1vOYeBKClflUq+Nt3E/w851FH
HnUTgN/fA5wOB5iEvWm3NpPIpLduHyFDEWZej62aU5+F4+I1xZwj5TPgTzt9oV7b
nC0q0df8hi9uvz5HP8E0gGGn4wxMswu0ESrXSgEpJVp0zGcoqX9KCMDicF0JbQkt
K461ZYRA2/iEo1fzg69IXqw7TDI0FQ11Pr+FQnVe0xVfQSkBwec9GHClC+g=
-----END CERTIFICATE-----