Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a1e760fe-21ad-4449-8b25-c3f44e5c455e.roa
File:                     a1e760fe-21ad-4449-8b25-c3f44e5c455e.roa (raw, json)
Hash identifier:          MY24GL+0j8m8uAEftVK662ko9Yl8sNNV1UG7czQp5V8=
Subject key identifier:   D6:C1:29:1B:7F:9D:EF:6C:0D:30:11:7F:60:6B:32:B3:62:A9:8B:23
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       238F2B2EEE1951956AE62D23E26A42CB67C37058
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a1e760fe-21ad-4449-8b25-c3f44e5c455e.roa
Signing time:             Sat 18 Oct 2025 14:03:45 +0000
ROA not before:           Sat 18 Oct 2025 14:03:45 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:8f:2b:2e:ee:19:51:95:6a:e6:2d:23:e2:6a:42:cb:67:c3:70:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 14:03:45 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=1d49badaf4e68e28e2b61996f446528d3d02a168561db90dc0a3c4988ea7ec04, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2e:6d:8d:f6:fc:c4:84:f3:2e:e4:7d:28:93:
                    90:99:66:83:3c:25:2f:14:39:d8:83:84:6d:b8:3e:
                    a0:d1:0f:b1:4d:0f:73:1c:74:8c:6c:ad:cc:b1:94:
                    40:3d:39:21:99:65:e9:3a:ca:d9:ee:ef:9b:a2:51:
                    14:a1:78:e7:44:f0:c0:db:a4:3a:9a:6d:1b:b4:c1:
                    a2:c0:5b:ac:75:87:63:3e:b3:3d:f9:fe:86:bf:0d:
                    48:d8:f4:9f:0c:be:1e:f4:6f:71:e0:6f:c5:fd:ad:
                    b0:18:df:93:09:d1:09:53:12:0e:24:09:cf:2a:2b:
                    82:0a:c8:64:aa:80:7a:dc:cd:5d:5d:b1:6a:13:7e:
                    5d:93:44:b9:55:09:1f:80:30:1c:bf:fa:47:37:86:
                    3d:98:9f:aa:13:01:41:89:04:43:dc:d5:54:17:cb:
                    dc:c3:50:7e:43:34:9b:df:57:62:d7:8f:a9:7a:9e:
                    fb:47:54:e1:63:b8:86:e1:12:47:04:ae:d5:43:a2:
                    45:00:9f:f6:56:04:17:99:cf:06:c7:66:a6:82:c2:
                    4b:26:a1:58:0d:31:08:9e:38:1c:8e:66:2f:33:8b:
                    74:c8:a3:09:69:17:03:8c:f3:a7:32:43:9f:ef:59:
                    38:e4:b8:14:ea:6c:5a:9b:1b:53:54:9e:cd:46:5e:
                    d4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C1:29:1B:7F:9D:EF:6C:0D:30:11:7F:60:6B:32:B3:62:A9:8B:23
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a1e760fe-21ad-4449-8b25-c3f44e5c455e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:56:10:21:2e:99:33:25:e1:ce:eb:44:db:04:76:a9:a4:3e:
         a2:3a:54:2d:d8:3d:1a:27:bb:9c:f7:d3:42:84:b5:ba:69:f0:
         df:2c:21:ae:48:49:99:8f:22:88:ca:98:35:c6:97:be:c3:05:
         b3:dc:5e:a1:e6:c8:bd:72:63:5b:07:5b:ce:5f:32:33:8a:60:
         7d:30:db:d4:cf:dc:ad:6c:75:ae:e3:5c:d3:68:08:4c:01:f0:
         89:05:1b:35:f7:be:ca:52:a5:8c:d8:ca:e3:dc:5f:24:45:a4:
         10:2a:45:3e:4e:91:bf:94:bf:2c:ff:45:45:3a:75:8b:88:01:
         f4:b2:39:fe:39:2e:31:a6:0c:2e:7f:e9:48:16:86:b6:1b:eb:
         8e:70:cf:d5:41:04:24:8c:67:c7:a0:07:65:37:10:cc:8d:12:
         19:3b:aa:02:46:63:29:17:00:f6:e9:2d:c3:40:30:c0:98:ed:
         5a:b9:88:f7:e1:7b:64:7d:a4:83:fa:0b:f0:bb:ee:ad:9b:e5:
         d9:56:e5:90:97:40:ed:17:32:13:1d:4c:9b:94:c0:e6:7b:33:
         2c:b1:86:90:cc:8e:81:a2:39:1a:65:90:fa:bc:f3:33:e9:30:
         e6:01:f0:d0:f2:1b:0c:b5:25:41:4d:b5:b6:5d:f1:7a:89:26:
         84:b0:29:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI48rLu4ZUZVq5i0j4mpCy2fDcFgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTQwMzQ1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDQ5YmFkYWY0ZTY4ZTI4ZTJiNjE5OTZmNDQ2NTI4ZDNk
MDJhMTY4NTYxZGI5MGRjMGEzYzQ5ODhlYTdlYzA0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOLm2N9vzEhPMu5H0ok5CZZoM8JS8UOdiDhG24PqDRD7FN
D3McdIxsrcyxlEA9OSGZZek6ytnu75uiURSheOdE8MDbpDqabRu0waLAW6x1h2M+
sz35/oa/DUjY9J8Mvh70b3Hgb8X9rbAY35MJ0QlTEg4kCc8qK4IKyGSqgHrczV1d
sWoTfl2TRLlVCR+AMBy/+kc3hj2Yn6oTAUGJBEPc1VQXy9zDUH5DNJvfV2LXj6l6
nvtHVOFjuIbhEkcErtVDokUAn/ZWBBeZzwbHZqaCwksmoVgNMQieOByOZi8zi3TI
owlpFwOM86cyQ5/vWTjkuBTqbFqbG1NUns1GXtRTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1sEpG3+d72wNMBF/YGsys2KpiyMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ExZTc2MGZlLTIxYWQtNDQ0OS04YjI1LWMzZjQ0ZTVjNDU1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9O8wDQYJKoZIhvcNAQELBQADggEBABdWECEumTMl4c7rRNsEdqmkPqI6
VC3YPRonu5z300KEtbpp8N8sIa5ISZmPIojKmDXGl77DBbPcXqHmyL1yY1sHW85f
MjOKYH0w29TP3K1sda7jXNNoCEwB8IkFGzX3vspSpYzYyuPcXyRFpBAqRT5Okb+U
vyz/RUU6dYuIAfSyOf45LjGmDC5/6UgWhrYb645wz9VBBCSMZ8egB2U3EMyNEhk7
qgJGYykXAPbpLcNAMMCY7Vq5iPfhe2R9pIP6C/C77q2b5dlW5ZCXQO0XMhMdTJuU
wOZ7MyyxhpDMjoGiORplkPq88zPpMOYB8NDyGwy1JUFNtbZd8XqJJoSwKQA=
-----END CERTIFICATE-----