Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d33c9d4-6851-4210-9269-c145d801e6e6.roa
File:                     7d33c9d4-6851-4210-9269-c145d801e6e6.roa (raw, json)
Hash identifier:          eaJOfCeeQ+fw2BEfjg1/3KJWa6Rj2M7fxZyKdm9BGrk=
Subject key identifier:   BC:25:47:49:1A:CD:4A:22:22:BE:C7:F6:E1:5E:0E:04:5E:22:08:09
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4F89F994A3AC886876334A7F4F047526ABAC3675
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d33c9d4-6851-4210-9269-c145d801e6e6.roa
Signing time:             Sat 18 Oct 2025 22:03:37 +0000
ROA not before:           Sat 18 Oct 2025 22:03:37 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:89:f9:94:a3:ac:88:68:76:33:4a:7f:4f:04:75:26:ab:ac:36:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 22:03:37 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=e1fb3f365b4823439b95559d68e1eb7f1b266ed2d08f1264de5597db4cfd2a29, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:39:c4:28:21:9e:3c:51:3f:d7:ac:27:0d:fc:
                    78:6e:d1:a4:ce:26:65:e0:e8:64:cc:d4:a7:fc:31:
                    c7:26:90:19:83:31:25:f5:52:ff:72:1c:10:1f:62:
                    53:98:18:02:fd:e6:65:97:5b:94:ce:07:d9:6f:a7:
                    be:bd:74:2f:5a:3b:99:91:62:60:70:09:09:8f:fb:
                    06:22:c4:84:ba:de:dc:e6:a7:11:f5:04:ab:3a:41:
                    c4:70:2e:41:71:e5:51:c3:e5:c7:68:4d:0a:1c:25:
                    85:80:08:72:30:8d:2b:59:c4:cb:ec:46:78:84:39:
                    63:79:7c:58:ed:d5:7b:ff:c7:1b:9c:e4:0b:ad:7f:
                    e0:9d:3c:4f:53:b6:1c:a9:d6:41:55:a2:60:6f:ab:
                    6e:ae:2e:d0:d3:ef:78:41:a9:8e:df:4c:e0:d2:b9:
                    aa:0c:5e:35:09:b1:a4:7c:95:c0:38:0a:b0:cc:c1:
                    b0:06:e0:92:85:19:e7:4a:59:0f:1e:d4:59:38:05:
                    af:35:1b:69:5f:c8:9a:8c:0c:44:74:89:79:7c:88:
                    12:04:b7:a5:01:47:51:5f:93:bd:d5:bd:12:03:a1:
                    c5:c4:d3:33:1c:48:43:dc:e0:ed:cd:d1:d1:7d:61:
                    53:9b:e0:d6:ad:1f:1f:d8:cd:72:21:5f:5e:13:82:
                    0c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:25:47:49:1A:CD:4A:22:22:BE:C7:F6:E1:5E:0E:04:5E:22:08:09
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d33c9d4-6851-4210-9269-c145d801e6e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:36:74:7a:18:a8:cb:dd:f1:6f:f4:d4:b4:7d:f4:8b:5c:97:
         d6:d4:c8:14:91:1d:80:e7:32:47:5c:b8:d8:7f:18:61:ab:78:
         89:da:3f:16:4a:cc:1f:fa:75:52:0c:c0:84:51:ac:08:8e:10:
         90:a7:dc:c5:db:58:f0:4d:1d:55:09:e3:68:49:a6:9b:10:3a:
         41:e2:94:9b:39:f4:97:30:fe:1c:00:09:dd:c4:7e:1d:62:05:
         74:f9:61:80:a5:71:23:4b:bb:1b:0c:03:b2:6a:af:52:a5:ad:
         90:21:3c:25:19:af:88:09:18:67:f7:6b:6d:a6:31:f2:1b:99:
         19:e2:56:13:5d:e3:3c:9e:f7:8f:b8:b4:70:2f:e8:4c:93:bb:
         be:84:ec:dc:dd:84:35:fb:a8:69:23:87:c0:44:03:24:9a:b2:
         ac:4d:82:07:5a:11:4e:da:a1:aa:59:cb:78:07:62:ee:d5:81:
         4f:6e:34:36:85:87:fc:36:3c:59:99:ce:aa:04:f3:9f:cb:db:
         06:03:f6:81:6b:0c:66:82:0e:9a:6a:e3:23:d2:0f:2e:13:6a:
         55:d7:15:8e:ca:a1:a4:a4:34:2f:26:77:66:d1:e7:4a:72:eb:
         44:46:a9:96:af:57:d2:66:d6:8a:b4:6e:5d:6e:17:90:43:63:
         32:55:46:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT4n5lKOsiGh2M0p/TwR1JqusNnUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MjIwMzM3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMWZiM2YzNjViNDgyMzQzOWI5NTU1OWQ2OGUxZWI3ZjFi
MjY2ZWQyZDA4ZjEyNjRkZTU1OTdkYjRjZmQyYTI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyOcQoIZ48UT/XrCcN/Hhu0aTOJmXg6GTM1Kf8MccmkBmD
MSX1Uv9yHBAfYlOYGAL95mWXW5TOB9lvp769dC9aO5mRYmBwCQmP+wYixIS63tzm
pxH1BKs6QcRwLkFx5VHD5cdoTQocJYWACHIwjStZxMvsRniEOWN5fFjt1Xv/xxuc
5Autf+CdPE9Tthyp1kFVomBvq26uLtDT73hBqY7fTODSuaoMXjUJsaR8lcA4CrDM
wbAG4JKFGedKWQ8e1Fk4Ba81G2lfyJqMDER0iXl8iBIEt6UBR1Ffk73VvRIDocXE
0zMcSEPc4O3N0dF9YVOb4NatHx/YzXIhX14TggzRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvCVHSRrNSiIivsf24V4OBF4iCAkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdkMzNjOWQ0LTY4NTEtNDIxMC05MjY5LWMxNDVkODAxZTZlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpTEwDQYJKoZIhvcNAQELBQADggEBADw2dHoYqMvd8W/01LR99Itcl9bU
yBSRHYDnMkdcuNh/GGGreInaPxZKzB/6dVIMwIRRrAiOEJCn3MXbWPBNHVUJ42hJ
ppsQOkHilJs59Jcw/hwACd3Efh1iBXT5YYClcSNLuxsMA7Jqr1KlrZAhPCUZr4gJ
GGf3a22mMfIbmRniVhNd4zye94+4tHAv6EyTu76E7NzdhDX7qGkjh8BEAySasqxN
ggdaEU7aoapZy3gHYu7VgU9uNDaFh/w2PFmZzqoE85/L2wYD9oFrDGaCDppq4yPS
Dy4TalXXFY7KoaSkNC8md2bR50py60RGqZavV9Jm1oq0bl1uF5BDYzJVRng=
-----END CERTIFICATE-----