Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ce61002-83f0-44c1-ada1-8e34dce7c101.roa
File:                     7ce61002-83f0-44c1-ada1-8e34dce7c101.roa (raw, json)
Hash identifier:          khxUnU57U3JGkll+wiTNhSN7rD9WtZnSvJ7kumf1hTM=
Subject key identifier:   AD:72:F8:F2:BF:2C:63:3F:E0:74:03:41:10:EB:78:BE:5E:A3:41:8E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7F23ECAEDE84B598016ED4171BFED2546F43F038
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ce61002-83f0-44c1-ada1-8e34dce7c101.roa
Signing time:             Sat 18 Oct 2025 15:03:49 +0000
ROA not before:           Sat 18 Oct 2025 15:03:49 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:23:ec:ae:de:84:b5:98:01:6e:d4:17:1b:fe:d2:54:6f:43:f0:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 15:03:49 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=9892cf9b8804c3f854ea24d183a6ba744bce1a97e8a59543682203a33e584a1f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ed:05:41:45:f1:a2:d9:a4:34:7c:eb:9f:de:
                    d4:1f:5f:06:cd:b5:fe:db:80:40:0a:60:e9:e5:1f:
                    59:0e:c9:64:e0:a9:79:4a:dc:29:57:69:96:a3:70:
                    e7:85:fe:9f:7f:a5:10:72:2a:2d:88:d6:a8:1f:54:
                    4e:c1:bd:7e:50:36:e3:61:d3:99:ac:26:df:b8:89:
                    40:7a:49:65:88:63:32:7c:bf:8d:61:7b:a8:91:4c:
                    ad:92:7d:f6:3c:35:85:65:3e:e9:57:e6:4a:b9:86:
                    43:2e:a9:de:02:7e:c5:30:be:16:b8:98:f5:f3:30:
                    8b:08:f5:f6:d9:e2:92:33:7f:34:d5:0d:73:13:e8:
                    d0:cd:22:a9:05:e8:cf:c1:29:d9:1b:ce:a5:c3:d8:
                    43:b2:0c:03:0c:69:86:39:ba:7f:6e:6c:7f:24:b2:
                    1c:e6:26:b1:64:f7:ed:ac:ba:bf:74:88:7f:ca:a0:
                    ee:5c:f9:f9:0d:7b:45:e7:ae:89:e8:10:40:68:1a:
                    0b:6b:cc:4e:c9:89:bb:35:08:7c:4b:29:24:22:bc:
                    af:5b:bd:ce:cd:e6:4c:f2:41:dc:21:0b:39:22:97:
                    17:a9:4f:13:2c:1b:21:13:f3:4d:81:b6:39:c6:e8:
                    56:0a:41:5f:e9:17:39:59:7d:4a:90:c2:7c:6d:0c:
                    cf:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:72:F8:F2:BF:2C:63:3F:E0:74:03:41:10:EB:78:BE:5E:A3:41:8E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ce61002-83f0-44c1-ada1-8e34dce7c101.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:eb:88:0f:25:92:1e:df:33:f1:13:64:f7:70:13:42:79:46:
         1c:96:1e:df:2e:95:ae:a1:cd:89:a7:d4:69:09:d2:09:9a:84:
         2d:7b:03:98:da:0b:68:2f:d0:ce:35:3f:f5:99:20:a2:d6:ae:
         1a:2c:dd:90:9e:08:af:97:26:23:fb:56:d7:67:41:82:e9:8b:
         30:2d:0b:66:99:81:53:89:ce:eb:02:d6:d9:61:6d:02:b2:eb:
         9f:eb:89:b9:e3:2a:a6:89:d9:d2:57:e5:d0:25:71:36:d8:13:
         32:48:41:2e:87:14:08:59:9d:2b:7d:3a:08:2d:e9:8a:96:5e:
         52:b4:0b:c4:80:c0:c4:d6:5d:9c:4e:2a:46:17:c1:aa:4c:8f:
         2c:fd:a5:fe:8d:4c:19:b1:2a:7b:72:ac:82:5f:73:ef:54:78:
         78:55:53:ab:17:78:37:2e:8b:56:02:62:33:88:ec:f0:93:0e:
         58:2c:ad:82:7b:41:ca:75:f0:7b:33:7c:1f:69:5f:a5:f2:59:
         b3:ce:7b:7e:74:ec:f4:11:ae:e4:86:13:b1:b7:95:9b:8a:0b:
         40:2a:35:9c:3b:50:2c:bb:d4:5a:94:34:ce:fa:cc:33:0c:3f:
         9f:83:02:f4:07:41:fc:fb:36:80:7c:0c:aa:4a:7f:ba:e8:70:
         67:08:42:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfyPsrt6EtZgBbtQXG/7SVG9D8DgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTUwMzQ5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODkyY2Y5Yjg4MDRjM2Y4NTRlYTI0ZDE4M2E2YmE3NDRi
Y2UxYTk3ZThhNTk1NDM2ODIyMDNhMzNlNTg0YTFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW7QVBRfGi2aQ0fOuf3tQfXwbNtf7bgEAKYOnlH1kOyWTg
qXlK3ClXaZajcOeF/p9/pRByKi2I1qgfVE7BvX5QNuNh05msJt+4iUB6SWWIYzJ8
v41he6iRTK2SffY8NYVlPulX5kq5hkMuqd4CfsUwvha4mPXzMIsI9fbZ4pIzfzTV
DXMT6NDNIqkF6M/BKdkbzqXD2EOyDAMMaYY5un9ubH8kshzmJrFk9+2sur90iH/K
oO5c+fkNe0XnronoEEBoGgtrzE7Jibs1CHxLKSQivK9bvc7N5kzyQdwhCzkilxep
TxMsGyET802BtjnG6FYKQV/pFzlZfUqQwnxtDM91AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrXL48r8sYz/gdANBEOt4vl6jQY4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdjZTYxMDAyLTgzZjAtNDRjMS1hZGExLThlMzRkY2U3YzEwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASoYswDQYJKoZIhvcNAQELBQADggEBADjriA8lkh7fM/ETZPdwE0J5RhyW
Ht8ula6hzYmn1GkJ0gmahC17A5jaC2gv0M41P/WZIKLWrhos3ZCeCK+XJiP7Vtdn
QYLpizAtC2aZgVOJzusC1tlhbQKy65/ribnjKqaJ2dJX5dAlcTbYEzJIQS6HFAhZ
nSt9Oggt6YqWXlK0C8SAwMTWXZxOKkYXwapMjyz9pf6NTBmxKntyrIJfc+9UeHhV
U6sXeDcui1YCYjOI7PCTDlgsrYJ7Qcp18HszfB9pX6XyWbPOe3507PQRruSGE7G3
lZuKC0AqNZw7UCy71FqUNM76zDMMP5+DAvQHQfz7NoB8DKpKf7rocGcIQjc=
-----END CERTIFICATE-----