Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2ed8881-e2a1-4de8-9ff6-d2e1b1370696.roa
File:                     a2ed8881-e2a1-4de8-9ff6-d2e1b1370696.roa (raw, json)
Hash identifier:          vgc+3qflaMY1SAHDNpCvWUeTeveU3mWMeta2h4+o2B4=
Subject key identifier:   B8:53:61:9F:43:20:01:FD:E4:8E:ED:E5:8F:1E:41:C2:01:96:F5:43
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       20D204E3BAE13E69BB04B4175890220567658CE5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2ed8881-e2a1-4de8-9ff6-d2e1b1370696.roa
Signing time:             Sat 18 Oct 2025 13:00:12 +0000
ROA not before:           Sat 18 Oct 2025 13:00:12 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:d2:04:e3:ba:e1:3e:69:bb:04:b4:17:58:90:22:05:67:65:8c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 13:00:12 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=7c3b2babfd7fd9a9f561d79425e20d642d0b8c5bc426cdf6b88b1bf706df3de1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:61:35:d1:b7:c0:f0:d7:ac:60:78:a5:d8:c6:
                    6b:af:c3:0b:d6:b0:cb:e2:fe:35:35:f4:6c:f2:1f:
                    a7:18:6a:4c:6e:cf:f4:52:cc:9f:a0:f8:5e:3f:28:
                    04:46:ce:61:fc:14:03:68:73:67:f6:90:18:42:7a:
                    04:a7:e0:9f:c0:20:dc:37:6e:7f:08:1a:6e:c4:8c:
                    1a:a8:24:ca:e0:75:74:f2:78:83:b8:ea:ba:69:78:
                    eb:4c:4c:4a:4f:fd:0a:87:26:66:f4:6e:3a:13:95:
                    d9:f1:64:b0:a1:a0:25:83:b8:bd:49:65:18:5c:8f:
                    93:21:92:c0:9a:65:ec:b7:ca:c2:b6:67:af:ef:0e:
                    b9:f6:5a:22:a8:f8:18:33:60:8e:4b:81:60:ca:69:
                    d8:46:d0:9b:15:13:43:ca:fa:98:d6:c3:32:52:ff:
                    eb:80:fa:93:cf:3c:bd:d6:cb:c7:72:94:aa:54:51:
                    1e:30:77:3d:44:af:bf:60:be:03:54:d8:32:d6:97:
                    bf:61:0a:6b:03:00:fe:40:7b:52:49:6d:7c:91:5a:
                    a2:5c:33:07:e2:db:22:0c:74:10:9e:19:85:be:d7:
                    da:52:50:48:47:1b:3d:2f:36:72:3f:4f:07:87:ef:
                    34:d9:ed:d1:f6:ed:66:23:54:ac:16:bc:93:50:e7:
                    02:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:53:61:9F:43:20:01:FD:E4:8E:ED:E5:8F:1E:41:C2:01:96:F5:43
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2ed8881-e2a1-4de8-9ff6-d2e1b1370696.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ab:9d:ca:76:c3:8e:d7:6f:7d:68:71:d7:fe:ea:b3:81:72:
         8e:ec:7f:33:21:0c:78:52:13:fa:fc:f6:b4:c0:18:30:ca:bb:
         01:ef:03:08:f4:ec:19:a3:5d:02:7f:39:bd:03:ad:a2:3b:1d:
         a2:5b:6b:5a:3c:91:67:fa:50:33:7b:b2:3a:16:4d:f5:57:0e:
         19:ae:33:a1:e2:69:ac:90:b0:72:59:db:a9:4c:a5:35:fb:9d:
         c3:3d:2b:b7:78:ca:88:f4:d3:93:25:23:c3:71:44:3b:ef:5b:
         6e:a6:25:db:ca:a0:e6:37:03:bc:5d:91:52:95:a2:1d:1e:9a:
         0f:a8:71:0e:32:b2:4d:62:44:90:44:dc:94:72:93:6d:91:8a:
         a1:51:b5:dc:cf:d9:9b:fe:70:68:7c:a0:12:ae:84:1e:26:fe:
         83:17:04:22:56:ba:6f:6a:f1:47:3c:05:bc:ec:90:85:8a:20:
         98:ef:a6:c7:f0:9c:80:6e:12:fa:a6:7f:22:12:0d:b4:4d:d4:
         13:fb:07:e6:de:92:a7:a0:4b:06:01:a2:51:19:d3:95:90:67:
         b8:07:b4:5a:0a:cd:93:f3:03:4a:49:92:01:86:0a:c1:46:0d:
         52:c5:71:1c:68:b5:b7:29:ab:73:57:a3:07:21:1d:25:5b:4c:
         d0:af:09:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUINIE47rhPmm7BLQXWJAiBWdljOUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTMwMDEyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzNiMmJhYmZkN2ZkOWE5ZjU2MWQ3OTQyNWUyMGQ2NDJk
MGI4YzViYzQyNmNkZjZiODhiMWJmNzA2ZGYzZGUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwYTXRt8Dw16xgeKXYxmuvwwvWsMvi/jU19GzyH6cYakxu
z/RSzJ+g+F4/KARGzmH8FANoc2f2kBhCegSn4J/AINw3bn8IGm7EjBqoJMrgdXTy
eIO46rppeOtMTEpP/QqHJmb0bjoTldnxZLChoCWDuL1JZRhcj5MhksCaZey3ysK2
Z6/vDrn2WiKo+BgzYI5LgWDKadhG0JsVE0PK+pjWwzJS/+uA+pPPPL3Wy8dylKpU
UR4wdz1Er79gvgNU2DLWl79hCmsDAP5Ae1JJbXyRWqJcMwfi2yIMdBCeGYW+19pS
UEhHGz0vNnI/TweH7zTZ7dH27WYjVKwWvJNQ5wIfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuFNhn0MgAf3kju3ljx5BwgGW9UMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyZWQ4ODgxLWUyYTEtNGRlOC05ZmY2LWQyZTFiMTM3MDY5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS71wwDQYJKoZIhvcNAQELBQADggEBAEerncp2w47Xb31ocdf+6rOBco7s
fzMhDHhSE/r89rTAGDDKuwHvAwj07BmjXQJ/Ob0DraI7HaJba1o8kWf6UDN7sjoW
TfVXDhmuM6HiaayQsHJZ26lMpTX7ncM9K7d4yoj005MlI8NxRDvvW26mJdvKoOY3
A7xdkVKVoh0emg+ocQ4ysk1iRJBE3JRyk22RiqFRtdzP2Zv+cGh8oBKuhB4m/oMX
BCJWum9q8Uc8BbzskIWKIJjvpsfwnIBuEvqmfyISDbRN1BP7B+bekqegSwYBolEZ
05WQZ7gHtFoKzZPzA0pJkgGGCsFGDVLFcRxotbcpq3NXowchHSVbTNCvCSo=
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:10:56 2025 by rpki-client