Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/84a797dc-b400-4855-84a6-9fe837d620ed.roa
File:                     84a797dc-b400-4855-84a6-9fe837d620ed.roa (raw, json)
Hash identifier:          d23GrrPmnj8lvKLzh4V7K+oolGViy2rOVnXzVHUuY2w=
Subject key identifier:   11:3C:CB:55:25:70:AD:DE:A7:50:30:E9:F3:4B:2E:36:87:AD:44:B0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6DC53F854B7397878BDD80AE642719549564FB37
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/84a797dc-b400-4855-84a6-9fe837d620ed.roa
Signing time:             Sat 18 Oct 2025 13:53:29 +0000
ROA not before:           Sat 18 Oct 2025 13:53:29 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.114.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c5:3f:85:4b:73:97:87:8b:dd:80:ae:64:27:19:54:95:64:fb:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 13:53:29 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=2174ae08e73fe3ca96a14e5083a3ab8b73b12c4b637647e945431b1fb74482a8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:82:30:1e:b4:28:7f:50:1c:54:ef:8f:83:24:
                    6c:91:0d:30:58:3d:ba:49:91:72:93:8f:15:69:f0:
                    9c:09:b5:03:3f:d6:f0:12:28:4e:73:bf:68:0b:b7:
                    56:a6:70:03:21:45:43:28:26:57:a0:2b:9b:f7:96:
                    2b:1c:26:59:0b:b6:2e:a6:17:d4:e8:0a:d4:a0:fb:
                    c1:fc:80:e3:46:26:6b:c7:e1:98:6b:3b:f5:23:e1:
                    05:ca:32:c4:ad:64:ff:91:5a:0e:cb:15:0b:23:d5:
                    12:01:e1:83:06:c8:1e:0f:3a:00:99:5c:a3:87:8e:
                    18:e4:bf:da:6f:f0:eb:5e:74:4c:5a:8e:19:06:f5:
                    98:41:8f:e8:9a:30:10:fd:0a:40:7e:e1:2e:f6:47:
                    9a:33:3c:99:40:92:03:da:31:d4:6d:95:1e:92:12:
                    25:0e:bd:de:d8:38:b7:7f:76:14:24:c9:c6:b7:7b:
                    03:68:7b:06:a2:dd:4d:f5:a5:bd:a4:ae:5f:de:46:
                    de:9a:27:43:a6:07:45:fb:b9:87:85:90:fe:a4:70:
                    f7:d2:de:41:c6:cd:80:88:d3:78:6e:d4:26:d4:7d:
                    3f:58:33:d5:43:9f:4a:be:85:e2:a1:2e:0d:7c:4c:
                    8a:b7:a1:ef:1e:e5:c9:7e:c4:7e:82:70:fa:e5:a6:
                    28:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3C:CB:55:25:70:AD:DE:A7:50:30:E9:F3:4B:2E:36:87:AD:44:B0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/84a797dc-b400-4855-84a6-9fe837d620ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:b3:52:aa:6a:6a:a0:5c:0e:d7:13:e9:a3:08:8f:34:dd:42:
         22:5e:09:de:c3:cf:69:ce:e8:fe:c6:15:97:5a:dd:75:c5:7e:
         19:53:18:e3:03:c9:d0:d1:97:d7:80:a5:2a:0c:a6:00:9c:91:
         96:1c:49:da:b0:cc:d7:2c:c0:00:55:88:3c:7c:57:59:cc:1a:
         16:47:1b:17:89:fe:bc:e5:56:3b:00:f9:c7:23:3a:43:1f:24:
         79:4a:0e:5a:e3:0b:c8:58:d5:5c:90:37:63:b3:f1:a8:6c:13:
         85:31:e8:c9:c8:ac:eb:b5:0e:c5:f8:be:32:da:28:19:89:ae:
         29:9f:6c:47:68:04:ca:01:d3:63:32:4b:2f:19:9e:0d:2f:32:
         cf:71:09:15:77:e0:67:b8:d4:75:9d:23:d8:a7:09:09:05:65:
         73:05:83:7e:e0:63:10:90:37:d8:cf:36:82:2c:95:e0:c3:54:
         aa:76:62:d3:05:1d:f4:1c:5e:17:f9:07:20:3a:5f:03:42:dd:
         27:44:f7:a7:75:07:95:38:7c:d6:07:92:f7:a6:88:66:82:7d:
         5e:25:50:e0:c0:c6:bd:1f:41:d1:c8:43:b1:85:e4:fb:9b:f7:
         b7:b9:e8:41:c8:14:ff:e9:c3:04:37:8b:30:d1:fc:f5:b3:c0:
         63:08:e6:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbcU/hUtzl4eL3YCuZCcZVJVk+zcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTM1MzI5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTc0YWUwOGU3M2ZlM2NhOTZhMTRlNTA4M2EzYWI4Yjcz
YjEyYzRiNjM3NjQ3ZTk0NTQzMWIxZmI3NDQ4MmE4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdgjAetCh/UBxU74+DJGyRDTBYPbpJkXKTjxVp8JwJtQM/
1vASKE5zv2gLt1amcAMhRUMoJlegK5v3liscJlkLti6mF9ToCtSg+8H8gONGJmvH
4ZhrO/Uj4QXKMsStZP+RWg7LFQsj1RIB4YMGyB4POgCZXKOHjhjkv9pv8OtedExa
jhkG9ZhBj+iaMBD9CkB+4S72R5ozPJlAkgPaMdRtlR6SEiUOvd7YOLd/dhQkyca3
ewNoewai3U31pb2krl/eRt6aJ0OmB0X7uYeFkP6kcPfS3kHGzYCI03hu1CbUfT9Y
M9VDn0q+heKhLg18TIq3oe8e5cl+xH6CcPrlpihHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUETzLVSVwrd6nUDDp80suNoetRLAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg0YTc5N2RjLWI0MDAtNDg1NS04NGE2LTlmZTgzN2Q2MjBlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoXIwDQYJKoZIhvcNAQELBQADggEBAJezUqpqaqBcDtcT6aMIjzTdQiJe
Cd7Dz2nO6P7GFZda3XXFfhlTGOMDydDRl9eApSoMpgCckZYcSdqwzNcswABViDx8
V1nMGhZHGxeJ/rzlVjsA+ccjOkMfJHlKDlrjC8hY1VyQN2Oz8ahsE4Ux6MnIrOu1
DsX4vjLaKBmJrimfbEdoBMoB02MySy8Zng0vMs9xCRV34Ge41HWdI9inCQkFZXMF
g37gYxCQN9jPNoIsleDDVKp2YtMFHfQcXhf5ByA6XwNC3SdE96d1B5U4fNYHkvem
iGaCfV4lUODAxr0fQdHIQ7GF5Pub97e56EHIFP/pwwQ3izDR/PWzwGMI5v4=
-----END CERTIFICATE-----