Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8042d2fc-bbe8-4420-a43a-40e6f676999b.roa
File:                     8042d2fc-bbe8-4420-a43a-40e6f676999b.roa (raw, json)
Hash identifier:          rU96x8UnaDOykFW7s2+BbH+KiaH0mzzct8Ogl5ozpCM=
Subject key identifier:   72:CA:A8:55:73:69:30:95:BE:49:36:54:DA:32:31:77:69:FD:9F:8A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74048C2158E314174C2CE56C008FE1ACBB43DAC2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8042d2fc-bbe8-4420-a43a-40e6f676999b.roa
Signing time:             Sat 18 Oct 2025 15:52:39 +0000
ROA not before:           Sat 18 Oct 2025 15:52:39 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:04:8c:21:58:e3:14:17:4c:2c:e5:6c:00:8f:e1:ac:bb:43:da:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 15:52:39 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=fc07b62577d0f7253c3755af80e1dbfd1521f5c37618839afaa71cb3d9a009e1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0c:07:41:67:77:bf:d7:f6:e4:a2:11:49:2b:
                    71:44:a8:ae:b5:f7:69:93:2b:2d:74:84:a1:cf:7b:
                    98:f2:1b:d6:cd:01:ed:52:22:ac:5c:47:6b:13:37:
                    27:38:e1:43:8b:81:4b:b5:72:18:0d:90:aa:08:18:
                    3c:32:4f:05:03:21:51:fc:0e:51:ec:8c:cd:8b:d3:
                    45:c0:d9:fa:57:d5:78:9c:a1:bd:64:5a:d8:fe:e5:
                    b8:d1:1f:eb:79:67:a4:b8:57:b3:04:a5:51:72:fb:
                    8f:48:a1:40:bf:bd:68:d6:de:21:98:a1:83:4b:f5:
                    76:51:13:07:5f:55:5b:f6:a6:25:71:80:98:ff:9d:
                    f2:38:ad:43:3d:89:d2:6f:63:03:63:bb:d0:0d:52:
                    36:95:8c:4d:0e:0a:cd:96:a5:7a:cf:df:c5:24:97:
                    27:cb:5e:20:6f:55:cf:16:8b:df:96:f1:c1:e3:23:
                    95:cb:f9:5e:a1:af:15:c5:ac:bf:02:dc:b0:93:49:
                    d6:8a:65:e2:d9:3a:f8:9a:ad:30:88:6c:08:7c:8c:
                    fb:0e:c0:42:f6:d1:62:7e:42:95:d8:bb:a3:e6:26:
                    75:74:9a:a5:28:3b:95:88:5e:05:00:dd:20:10:96:
                    14:67:d3:4a:23:a1:6f:94:26:2a:07:10:c7:ce:11:
                    cc:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:CA:A8:55:73:69:30:95:BE:49:36:54:DA:32:31:77:69:FD:9F:8A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8042d2fc-bbe8-4420-a43a-40e6f676999b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:ff:ed:a0:72:ba:82:df:24:20:26:64:a0:da:51:98:31:f9:
         d6:bf:0d:86:3c:d1:d0:9e:9c:3b:c7:5e:6c:f1:07:1c:ce:1a:
         41:2b:8d:5b:ae:a6:a9:b6:b2:71:02:ab:34:67:ea:52:ad:e9:
         2d:b1:32:2e:9f:95:1f:e2:b1:23:2c:7b:71:62:b2:c7:57:76:
         5c:db:4e:7e:61:57:70:98:a8:19:1d:86:8e:48:6e:17:a5:f6:
         fe:6e:8c:63:ba:e9:ce:ea:34:2b:78:64:ff:a5:e9:45:82:cc:
         5a:a5:a2:98:85:ae:ad:1e:9f:e7:57:c6:5f:0b:bd:9e:fd:f9:
         48:e4:28:da:67:f3:be:4f:0d:eb:45:33:10:46:e4:63:48:92:
         9b:b7:d3:c3:6a:8b:02:f7:63:4d:b6:bc:08:30:74:30:f2:be:
         9f:a7:01:71:f4:c9:9c:85:ba:ed:b4:2e:41:69:4b:28:b3:6a:
         b0:da:12:c2:d7:77:33:56:0a:bd:c6:0b:d8:9e:e4:5c:92:51:
         cf:30:3f:67:24:7b:58:2b:91:91:f9:24:bf:eb:18:39:38:21:
         9b:59:67:95:fa:5f:b2:52:15:eb:09:15:d6:fd:47:ac:6d:e6:
         a8:7e:2d:1c:0b:27:d5:43:e8:77:11:04:b8:60:d9:16:1f:e9:
         1d:0f:bf:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdASMIVjjFBdMLOVsAI/hrLtD2sIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTU1MjM5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzA3YjYyNTc3ZDBmNzI1M2MzNzU1YWY4MGUxZGJmZDE1
MjFmNWMzNzYxODgzOWFmYWE3MWNiM2Q5YTAwOWUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwDAdBZ3e/1/bkohFJK3FEqK6192mTKy10hKHPe5jyG9bN
Ae1SIqxcR2sTNyc44UOLgUu1chgNkKoIGDwyTwUDIVH8DlHsjM2L00XA2fpX1Xic
ob1kWtj+5bjRH+t5Z6S4V7MEpVFy+49IoUC/vWjW3iGYoYNL9XZREwdfVVv2piVx
gJj/nfI4rUM9idJvYwNju9ANUjaVjE0OCs2WpXrP38UklyfLXiBvVc8Wi9+W8cHj
I5XL+V6hrxXFrL8C3LCTSdaKZeLZOviarTCIbAh8jPsOwEL20WJ+QpXYu6PmJnV0
mqUoO5WIXgUA3SAQlhRn00ojoW+UJioHEMfOEcwVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcsqoVXNpMJW+STZU2jIxd2n9n4owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgwNDJkMmZjLWJiZTgtNDQyMC1hNDNhLTQwZTZmNjc2OTk5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISpegwDQYJKoZIhvcNAQELBQADggEBAKr/7aByuoLfJCAmZKDaUZgx+da/
DYY80dCenDvHXmzxBxzOGkErjVuupqm2snECqzRn6lKt6S2xMi6flR/isSMse3Fi
ssdXdlzbTn5hV3CYqBkdho5Ibhel9v5ujGO66c7qNCt4ZP+l6UWCzFqlopiFrq0e
n+dXxl8LvZ79+UjkKNpn875PDetFMxBG5GNIkpu308NqiwL3Y022vAgwdDDyvp+n
AXH0yZyFuu20LkFpSyizarDaEsLXdzNWCr3GC9ie5FySUc8wP2cke1grkZH5JL/r
GDk4IZtZZ5X6X7JSFesJFdb9R6xt5qh+LRwLJ9VD6HcRBLhg2RYf6R0Pv+I=
-----END CERTIFICATE-----