Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b14f836-7504-43b6-9ec9-9713593060bc.roa
File:                     7b14f836-7504-43b6-9ec9-9713593060bc.roa (raw, json)
Hash identifier:          KdJUDGRF32oltUBbvVSYySuKX+ix9rS2grYiKBGxVVA=
Subject key identifier:   B3:3A:2D:95:DB:BB:E4:13:F8:B0:F9:7C:C3:C1:B8:83:4E:AE:F8:1B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3F435702568EC2745DB388F4726DFECBD2783CE0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b14f836-7504-43b6-9ec9-9713593060bc.roa
Signing time:             Sat 18 Oct 2025 14:51:17 +0000
ROA not before:           Sat 18 Oct 2025 14:51:17 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:43:57:02:56:8e:c2:74:5d:b3:88:f4:72:6d:fe:cb:d2:78:3c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 14:51:17 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=b2764d589f8423a613138b98eab3aebbf05013e1c0e140e520c073056c3781f0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a3:d7:fb:e2:7e:2f:ef:d1:e2:7a:70:14:0a:
                    aa:19:7f:66:70:21:dc:18:3c:a6:0a:c6:95:cc:60:
                    67:1f:ef:b0:2b:57:43:1d:76:94:9f:e8:ae:cd:75:
                    6b:e2:74:c5:e7:80:21:82:b7:71:83:1e:24:9f:60:
                    2e:f5:b8:0d:6f:b2:70:2b:de:c5:60:a0:41:f8:2e:
                    f5:56:89:e3:6f:e1:b3:2c:c3:a0:9b:f4:dc:90:82:
                    7d:c1:96:40:50:22:bb:9d:57:25:6d:2e:66:bd:c0:
                    a1:12:54:77:d1:cc:60:60:93:63:4b:e4:7a:c9:9d:
                    60:1e:ee:ce:47:9f:46:3d:69:4e:1b:a5:fd:0e:e8:
                    3d:67:1a:19:f9:6d:ff:9d:36:10:5a:97:bb:15:b3:
                    71:49:af:0e:1b:61:f5:19:4e:6d:fa:19:89:c0:28:
                    5d:e4:28:15:dc:65:6f:84:97:0e:14:28:22:19:06:
                    7e:c3:85:e4:95:a1:4a:67:13:21:f8:5f:6c:29:a6:
                    39:75:ec:ea:9d:a9:26:7c:0f:2e:81:31:52:e8:1a:
                    b9:40:b7:8a:09:00:0f:54:34:30:bf:a6:3d:38:85:
                    ac:ab:bb:73:b5:0f:c4:1b:e9:df:3b:2a:fb:60:15:
                    a6:00:d0:9e:1f:84:e9:b7:54:cc:f1:bc:e4:2d:90:
                    b2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:3A:2D:95:DB:BB:E4:13:F8:B0:F9:7C:C3:C1:B8:83:4E:AE:F8:1B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b14f836-7504-43b6-9ec9-9713593060bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:79:e9:0e:74:5c:22:fe:80:22:8d:19:83:d4:96:99:d8:ed:
         ec:82:4a:bd:45:64:b1:fa:64:24:9f:98:fd:f0:69:5d:bf:63:
         0a:91:36:33:64:59:b8:2c:c0:e4:66:66:b2:be:00:c8:29:22:
         bd:84:82:62:6a:b2:1a:cd:d3:e6:55:45:3d:a6:ec:d5:f3:70:
         d8:f9:23:b8:7d:bd:c4:4a:7b:37:a6:e5:ea:03:da:56:be:97:
         c4:92:33:c9:a3:a0:4e:83:19:d7:fe:ef:3c:e9:05:f1:75:c6:
         a1:75:46:fe:09:d1:9b:63:d7:c5:36:c2:39:59:6b:bf:1c:31:
         c0:6c:65:f8:f9:d8:b5:94:8c:3b:f5:19:aa:7a:94:ce:ca:ba:
         3f:82:d4:25:84:86:db:61:a9:8c:53:5e:06:5c:d3:5e:a2:ab:
         52:35:82:cb:0e:08:55:d6:6c:f9:d4:fd:58:42:de:53:f3:77:
         9e:9d:1a:f1:60:78:22:6c:d7:ad:d5:da:74:ff:f5:46:78:0e:
         b2:90:ba:07:9a:38:a7:f0:6a:5e:7b:ee:f5:33:cf:ad:fe:4d:
         38:fd:7f:71:e3:e7:45:9b:9e:e6:68:07:d4:38:63:60:25:e0:
         ae:0b:96:bb:51:a3:4c:f6:fb:dd:14:a1:3a:23:70:38:d4:fc:
         a5:23:25:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP0NXAlaOwnRds4j0cm3+y9J4POAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTQ1MTE3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjc2NGQ1ODlmODQyM2E2MTMxMzhiOThlYWIzYWViYmYw
NTAxM2UxYzBlMTQwZTUyMGMwNzMwNTZjMzc4MWYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYo9f74n4v79HienAUCqoZf2ZwIdwYPKYKxpXMYGcf77Ar
V0MddpSf6K7NdWvidMXngCGCt3GDHiSfYC71uA1vsnAr3sVgoEH4LvVWieNv4bMs
w6Cb9NyQgn3BlkBQIrudVyVtLma9wKESVHfRzGBgk2NL5HrJnWAe7s5Hn0Y9aU4b
pf0O6D1nGhn5bf+dNhBal7sVs3FJrw4bYfUZTm36GYnAKF3kKBXcZW+Elw4UKCIZ
Bn7DheSVoUpnEyH4X2wppjl17OqdqSZ8Dy6BMVLoGrlAt4oJAA9UNDC/pj04hayr
u3O1D8Qb6d87KvtgFaYA0J4fhOm3VMzxvOQtkLJrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUszotldu75BP4sPl8w8G4g06u+BswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdiMTRmODM2LTc1MDQtNDNiNi05ZWM5LTk3MTM1OTMwNjBiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9PEwDQYJKoZIhvcNAQELBQADggEBAKx56Q50XCL+gCKNGYPUlpnY7eyC
Sr1FZLH6ZCSfmP3waV2/YwqRNjNkWbgswORmZrK+AMgpIr2EgmJqshrN0+ZVRT2m
7NXzcNj5I7h9vcRKezem5eoD2la+l8SSM8mjoE6DGdf+7zzpBfF1xqF1Rv4J0Ztj
18U2wjlZa78cMcBsZfj52LWUjDv1Gap6lM7Kuj+C1CWEhtthqYxTXgZc016iq1I1
gssOCFXWbPnU/VhC3lPzd56dGvFgeCJs163V2nT/9UZ4DrKQugeaOKfwal577vUz
z63+TTj9f3Hj50WbnuZoB9Q4Y2Al4K4LlrtRo0z2+90UoTojcDjU/KUjJWw=
-----END CERTIFICATE-----