Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78480268-fe39-4d7b-b1e0-cf22049c862e.roa
File:                     78480268-fe39-4d7b-b1e0-cf22049c862e.roa (raw, json)
Hash identifier:          KotMKniBr317Gw+UFqTa8Hu6k2mgHzd11fffO/kRjhU=
Subject key identifier:   91:01:1D:64:8D:C0:4A:94:76:FF:AB:5E:74:0A:B2:0D:E7:A1:EB:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       373A71AE326F9E8CE454EFEAF083AC17CAAF101C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78480268-fe39-4d7b-b1e0-cf22049c862e.roa
Signing time:             Sat 18 Oct 2025 14:10:10 +0000
ROA not before:           Sat 18 Oct 2025 14:10:10 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.173.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:3a:71:ae:32:6f:9e:8c:e4:54:ef:ea:f0:83:ac:17:ca:af:10:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 14:10:10 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=0a089661165094f0582f61f0e4b03db8ecb245e03a7b57c36164af42ce940a5b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:75:17:d2:8e:60:c4:f2:72:fc:c3:30:83:73:
                    8d:1b:67:7d:73:3f:4b:f3:ab:d9:c5:02:e1:73:88:
                    dd:f3:ff:da:e4:3b:3c:0b:6a:f2:85:74:e2:ac:18:
                    b3:2d:25:b2:01:d1:68:d4:98:c3:81:a6:82:13:7b:
                    c9:dd:55:41:27:6e:f9:29:2b:00:53:0f:94:d8:b1:
                    f4:d9:4f:be:97:18:f6:e2:b3:28:fd:1a:45:5b:de:
                    3e:b2:f1:39:9c:83:80:ca:e6:04:79:1d:e4:b7:fe:
                    1e:53:ee:d0:b9:7f:de:40:82:89:e0:08:4e:66:b5:
                    85:38:a5:ee:28:5d:31:83:a1:5c:a3:19:a7:4b:e3:
                    09:78:e6:19:1a:4e:9b:7f:48:87:a4:a9:1f:09:f9:
                    73:db:47:47:23:4e:a1:16:a9:50:07:fc:cf:40:bc:
                    24:4e:a4:a3:ca:59:9b:1f:13:35:c4:de:5f:b7:d4:
                    08:f6:bc:12:82:2d:7e:a8:e5:5e:e2:c5:65:f9:fb:
                    06:b8:70:ea:2b:44:dd:67:58:14:b7:2f:6c:16:c1:
                    9e:d7:5d:eb:f1:3b:8b:58:0b:c9:c9:fc:5d:37:94:
                    4d:08:f2:ae:21:5e:59:96:39:fd:59:90:f6:14:1f:
                    dd:c3:b4:36:0c:ef:e7:e7:a8:dd:24:02:de:21:75:
                    ce:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:01:1D:64:8D:C0:4A:94:76:FF:AB:5E:74:0A:B2:0D:E7:A1:EB:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78480268-fe39-4d7b-b1e0-cf22049c862e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.173.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:ae:53:3c:b8:cc:eb:cd:79:cb:cf:a2:f9:7a:b1:df:af:f6:
         ea:dc:47:40:ce:cb:28:68:c7:ae:45:fe:b1:8e:4a:1b:72:d6:
         78:4a:e3:ec:6e:b5:c4:f0:f2:45:3a:a6:44:40:b3:e1:52:e1:
         86:ee:c6:29:b1:2e:40:26:5d:1f:00:20:93:02:8a:37:df:96:
         7b:11:d5:4a:dd:f4:5b:79:1e:40:cd:0e:96:10:f5:95:7e:5a:
         f6:82:28:af:e7:91:6e:f2:76:d4:a4:27:19:2a:0b:8d:ca:1a:
         d8:ff:2e:c7:ca:12:51:ac:66:42:b8:6d:e8:6b:9b:de:83:1c:
         d6:da:62:5e:da:e5:b1:e5:2b:d8:53:2b:eb:40:2b:19:33:8c:
         2e:19:8d:8f:d8:db:49:59:5f:80:a9:ef:91:6d:44:f9:d1:a2:
         7d:14:51:55:22:26:33:82:10:2e:a4:28:fc:3e:b2:ce:7d:02:
         a7:5a:a9:59:66:e3:f0:af:b6:04:38:d2:bf:70:ad:2a:6b:86:
         4f:d2:75:06:58:66:a3:e8:0e:7f:d6:64:77:1f:4c:98:ad:80:
         c0:b1:8e:d9:d1:67:69:e6:f1:9a:8d:db:03:43:01:d6:79:95:
         46:5f:58:05:b1:7c:18:53:82:8c:6b:93:63:dc:9a:37:98:8c:
         1a:77:2c:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNzpxrjJvnozkVO/q8IOsF8qvEBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTQxMDEwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTA4OTY2MTE2NTA5NGYwNTgyZjYxZjBlNGIwM2RiOGVj
YjI0NWUwM2E3YjU3YzM2MTY0YWY0MmNlOTQwYTViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTdRfSjmDE8nL8wzCDc40bZ31zP0vzq9nFAuFziN3z/9rk
OzwLavKFdOKsGLMtJbIB0WjUmMOBpoITe8ndVUEnbvkpKwBTD5TYsfTZT76XGPbi
syj9GkVb3j6y8Tmcg4DK5gR5HeS3/h5T7tC5f95AgongCE5mtYU4pe4oXTGDoVyj
GadL4wl45hkaTpt/SIekqR8J+XPbR0cjTqEWqVAH/M9AvCROpKPKWZsfEzXE3l+3
1Aj2vBKCLX6o5V7ixWX5+wa4cOorRN1nWBS3L2wWwZ7XXevxO4tYC8nJ/F03lE0I
8q4hXlmWOf1ZkPYUH93DtDYM7+fnqN0kAt4hdc7FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkQEdZI3ASpR2/6tedAqyDeeh68UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc4NDgwMjY4LWZlMzktNGQ3Yi1iMWUwLWNmMjIwNDljODYyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISrdAwDQYJKoZIhvcNAQELBQADggEBAKmuUzy4zOvNecvPovl6sd+v9urc
R0DOyyhox65F/rGOShty1nhK4+xutcTw8kU6pkRAs+FS4YbuximxLkAmXR8AIJMC
ijfflnsR1Urd9Ft5HkDNDpYQ9ZV+WvaCKK/nkW7ydtSkJxkqC43KGtj/LsfKElGs
ZkK4behrm96DHNbaYl7a5bHlK9hTK+tAKxkzjC4ZjY/Y20lZX4Cp75FtRPnRon0U
UVUiJjOCEC6kKPw+ss59AqdaqVlm4/CvtgQ40r9wrSprhk/SdQZYZqPoDn/WZHcf
TJitgMCxjtnRZ2nm8ZqN2wNDAdZ5lUZfWAWxfBhTgoxrk2PcmjeYjBp3LEc=
-----END CERTIFICATE-----