Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90dd2914-63ce-4467-b85c-a9100542e7e8.roa
File:                     90dd2914-63ce-4467-b85c-a9100542e7e8.roa (raw, json)
Hash identifier:          t72gBZdWUyc45yadJjgezirdT6G3SX19J8Lv/1taqmw=
Subject key identifier:   B8:50:39:32:33:61:EE:11:04:28:F1:81:78:D5:A6:EB:4B:FC:EF:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       50A30F0394AE4898AB410436CDFF9268A0EC81FF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90dd2914-63ce-4467-b85c-a9100542e7e8.roa
Signing time:             Sat 18 Oct 2025 06:52:13 +0000
ROA not before:           Sat 18 Oct 2025 06:52:13 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:a3:0f:03:94:ae:48:98:ab:41:04:36:cd:ff:92:68:a0:ec:81:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 06:52:13 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=917ef955594ddfb152a84cd0bd156b7f8a701a4ed53173da53a1af996e20d0b2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:79:cc:d8:b8:e1:c1:93:7c:19:e9:2d:9b:37:
                    4d:98:11:63:c0:61:34:be:fe:12:cb:a7:ad:7c:94:
                    13:fb:ef:09:01:91:d6:a3:a2:8c:f1:16:26:75:0e:
                    b3:60:68:99:14:95:41:22:17:bc:3c:1e:24:d1:0c:
                    ed:8f:a6:4a:eb:0d:25:71:7a:17:17:48:e8:d9:12:
                    cd:10:51:e8:1b:11:6a:d8:b3:72:ba:04:6c:9f:9c:
                    d5:d3:92:ea:df:1c:20:66:c3:94:0b:9c:b0:5c:a0:
                    20:07:f1:1f:fb:ee:58:5b:00:f9:18:9b:c9:89:b1:
                    13:36:9e:1a:63:8f:c6:08:70:af:2e:70:bd:4e:28:
                    e7:91:53:1f:cd:0c:bd:96:21:33:e3:73:3e:9b:72:
                    75:83:7c:87:76:18:7d:b2:f6:e9:67:57:b8:74:d0:
                    24:bb:e1:8e:0e:0e:c0:e4:8a:0e:e5:44:2b:1d:a8:
                    64:75:61:0d:cc:b9:ef:cc:84:7a:4d:92:b8:f3:36:
                    ae:3c:71:b2:51:86:e7:59:c4:0d:7f:55:f9:45:f4:
                    32:f0:ee:14:61:f6:29:35:7b:cc:6f:73:74:d4:62:
                    c5:bb:f6:3e:44:b0:7a:a0:4c:bf:2b:e4:02:0c:92:
                    f2:36:50:83:28:20:3f:15:7c:41:fc:94:dc:b6:24:
                    6f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:50:39:32:33:61:EE:11:04:28:F1:81:78:D5:A6:EB:4B:FC:EF:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90dd2914-63ce-4467-b85c-a9100542e7e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:6e:70:14:5f:46:11:35:e5:4c:f2:30:6f:32:5b:36:2e:04:
         54:6d:f7:a7:7b:4d:fd:69:58:1f:e1:8f:12:e5:14:97:82:00:
         52:84:fa:fd:03:d3:cf:a3:e9:8f:a2:78:bb:30:9e:28:34:73:
         eb:ad:72:de:6f:c1:f5:70:c9:c2:30:3e:9e:db:f1:91:5a:29:
         b9:81:0a:18:bf:76:76:5f:43:d9:f2:ac:7f:38:af:c9:21:5e:
         93:c9:df:b0:5c:d7:1a:4d:d4:e2:07:05:cc:c6:29:bb:92:06:
         25:61:a2:b3:bd:26:2d:f7:7c:79:f5:31:a5:c4:1d:cb:c5:ec:
         f4:11:d9:62:b1:a9:c1:ef:59:d6:da:6a:e3:58:c1:fb:89:77:
         0a:a9:2c:38:24:f0:15:cf:35:db:86:25:50:73:fc:d2:4a:21:
         5a:63:df:1f:c0:24:2f:bc:18:ac:41:8b:f5:09:4c:8e:ce:f6:
         06:7d:34:d2:e5:1c:16:8b:07:c6:94:d5:e0:a0:11:7b:63:01:
         7f:83:94:89:03:ce:d5:0f:94:f0:92:c8:d0:fd:9f:63:29:58:
         02:34:05:86:aa:c1:82:8f:01:94:92:9b:69:f8:69:41:21:23:
         69:74:ab:9c:e3:ee:2a:c7:87:d4:79:d3:cd:63:d2:62:cc:85:
         e5:f0:b9:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUKMPA5SuSJirQQQ2zf+SaKDsgf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDY1MjEzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTdlZjk1NTU5NGRkZmIxNTJhODRjZDBiZDE1NmI3Zjhh
NzAxYTRlZDUzMTczZGE1M2ExYWY5OTZlMjBkMGIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEeczYuOHBk3wZ6S2bN02YEWPAYTS+/hLLp618lBP77wkB
kdajoozxFiZ1DrNgaJkUlUEiF7w8HiTRDO2PpkrrDSVxehcXSOjZEs0QUegbEWrY
s3K6BGyfnNXTkurfHCBmw5QLnLBcoCAH8R/77lhbAPkYm8mJsRM2nhpjj8YIcK8u
cL1OKOeRUx/NDL2WITPjcz6bcnWDfId2GH2y9ulnV7h00CS74Y4ODsDkig7lRCsd
qGR1YQ3Mue/MhHpNkrjzNq48cbJRhudZxA1/VflF9DLw7hRh9ik1e8xvc3TUYsW7
9j5EsHqgTL8r5AIMkvI2UIMoID8VfEH8lNy2JG/tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuFA5MjNh7hEEKPGBeNWm60v87xowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwZGQyOTE0LTYzY2UtNDQ2Ny1iODVjLWE5MTAwNTQyZTdlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9bwwDQYJKoZIhvcNAQELBQADggEBAHFucBRfRhE15UzyMG8yWzYuBFRt
96d7Tf1pWB/hjxLlFJeCAFKE+v0D08+j6Y+ieLswnig0c+utct5vwfVwycIwPp7b
8ZFaKbmBChi/dnZfQ9nyrH84r8khXpPJ37Bc1xpN1OIHBczGKbuSBiVhorO9Ji33
fHn1MaXEHcvF7PQR2WKxqcHvWdbaauNYwfuJdwqpLDgk8BXPNduGJVBz/NJKIVpj
3x/AJC+8GKxBi/UJTI7O9gZ9NNLlHBaLB8aU1eCgEXtjAX+DlIkDztUPlPCSyND9
n2MpWAI0BYaqwYKPAZSSm2n4aUEhI2l0q5zj7irHh9R5081j0mLMheXwue4=
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:40:28 2025 by rpki-client