Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/acf6f62d-28e6-45ae-b806-066ad3f02a22.roa
File:                     acf6f62d-28e6-45ae-b806-066ad3f02a22.roa (raw, json)
Hash identifier:          /YGylJpZKh1jHJ2TwETi76L1vXOyViIvdNcefMdO1Pg=
Subject key identifier:   60:B6:90:A4:DB:B5:A9:C6:2D:3A:3D:B6:93:07:85:E8:65:79:F7:AF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6C9EE7E2A21ECC52E7DD3CC4A144EAE0E8EDFBE2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/acf6f62d-28e6-45ae-b806-066ad3f02a22.roa
Signing time:             Sat 18 Oct 2025 14:31:43 +0000
ROA not before:           Sat 18 Oct 2025 14:31:43 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:9e:e7:e2:a2:1e:cc:52:e7:dd:3c:c4:a1:44:ea:e0:e8:ed:fb:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 14:31:43 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=d64b61661e5bfcc6a7dc9ab7bfae99a341cbdc0bc82ae244bd22f897922432fe, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a5:4a:76:2a:29:ee:22:77:00:1a:06:3f:a2:
                    b6:aa:cc:20:0b:c7:46:fa:4c:ce:76:79:43:1e:bc:
                    2a:da:fe:cf:21:bf:16:0a:c1:a9:a4:44:d3:d9:c3:
                    34:ff:10:d5:0f:35:b4:42:68:85:b2:5b:c2:3e:4a:
                    f2:25:81:c8:60:bd:f5:c5:87:a0:98:fb:07:3d:a0:
                    e9:7b:bb:6f:84:16:c9:de:ad:e4:74:f3:28:b9:af:
                    7b:de:cd:e7:76:51:4c:27:c6:95:81:66:7b:72:89:
                    b4:b7:df:c4:08:ee:b6:ba:f5:e8:c2:4f:6b:5f:54:
                    57:aa:1a:7b:3d:f1:6e:cb:2a:1a:46:6c:08:d2:3d:
                    3b:c3:00:42:61:50:3e:43:55:1b:09:18:82:f9:f2:
                    aa:17:ba:a5:65:f7:e9:69:13:e6:40:32:bb:e4:aa:
                    69:b8:bb:e2:f8:ad:c0:ab:90:2e:69:80:df:aa:aa:
                    b2:8d:fc:80:39:fd:4f:0c:b3:e2:8a:b1:8d:8f:05:
                    b1:0b:69:c4:1c:db:07:56:e7:5b:ec:97:9a:4f:25:
                    1c:e1:09:82:46:bb:cb:86:25:4d:b9:3a:1b:55:a6:
                    3f:22:44:1a:dd:48:9e:52:72:99:20:e3:8c:c3:d1:
                    ad:54:ee:9c:21:86:00:69:ea:0c:bb:df:ee:74:d4:
                    60:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B6:90:A4:DB:B5:A9:C6:2D:3A:3D:B6:93:07:85:E8:65:79:F7:AF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/acf6f62d-28e6-45ae-b806-066ad3f02a22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:05:59:4d:a2:b7:1e:bf:de:01:9d:32:7f:36:c6:f2:f6:e5:
         2e:23:a0:9f:a2:f3:74:d4:e7:d4:fa:10:0d:03:5a:65:13:89:
         9a:0d:e8:29:78:67:a2:dd:af:6c:1f:c0:c4:b0:15:59:9c:0f:
         16:f6:f6:d2:1b:80:89:75:a0:8e:2f:3a:50:24:16:50:33:a4:
         fa:25:7c:40:e6:8f:3b:f0:a1:f5:1c:59:f3:a5:86:57:bf:80:
         2f:95:d6:dd:fd:d0:5c:3a:fe:16:43:58:80:61:a2:b5:09:44:
         d1:b6:22:73:bf:7f:e8:4b:f7:ca:e0:f6:5d:7e:1a:17:e7:8b:
         5b:b9:89:9a:7c:d1:e0:76:db:6e:67:1f:ba:db:c6:90:f3:ef:
         c3:1d:79:cb:56:c5:8d:46:38:a5:5f:e8:4a:ae:ed:d5:fe:b3:
         23:ce:11:dc:db:f2:3c:af:21:0f:08:dd:f6:49:7b:b7:46:ef:
         cd:65:42:f2:bf:71:07:f5:c3:dd:d9:ed:68:88:b4:31:7f:aa:
         3d:e4:20:f1:73:74:0c:4d:6d:9d:6b:34:57:c3:be:d6:10:0b:
         31:20:31:e0:f7:16:a9:b3:04:3a:fc:aa:5c:d7:58:17:43:e1:
         1e:ed:ed:6c:f2:5d:a8:a2:31:74:da:ad:3b:a3:51:58:45:7d:
         67:48:3b:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbJ7n4qIezFLn3TzEoUTq4Ojt++IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTQzMTQzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjRiNjE2NjFlNWJmY2M2YTdkYzlhYjdiZmFlOTlhMzQx
Y2JkYzBiYzgyYWUyNDRiZDIyZjg5NzkyMjQzMmZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnpUp2KinuIncAGgY/oraqzCALx0b6TM52eUMevCra/s8h
vxYKwamkRNPZwzT/ENUPNbRCaIWyW8I+SvIlgchgvfXFh6CY+wc9oOl7u2+EFsne
reR08yi5r3vezed2UUwnxpWBZntyibS338QI7ra69ejCT2tfVFeqGns98W7LKhpG
bAjSPTvDAEJhUD5DVRsJGIL58qoXuqVl9+lpE+ZAMrvkqmm4u+L4rcCrkC5pgN+q
qrKN/IA5/U8Ms+KKsY2PBbELacQc2wdW51vsl5pPJRzhCYJGu8uGJU25OhtVpj8i
RBrdSJ5Scpkg44zD0a1U7pwhhgBp6gy73+501GBJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYLaQpNu1qcYtOj22kweF6GV5968wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FjZjZmNjJkLTI4ZTYtNDVhZS1iODA2LTA2NmFkM2YwMmEyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpQMwDQYJKoZIhvcNAQELBQADggEBAK8FWU2itx6/3gGdMn82xvL25S4j
oJ+i83TU59T6EA0DWmUTiZoN6Cl4Z6Ldr2wfwMSwFVmcDxb29tIbgIl1oI4vOlAk
FlAzpPolfEDmjzvwofUcWfOlhle/gC+V1t390Fw6/hZDWIBhorUJRNG2InO/f+hL
98rg9l1+Ghfni1u5iZp80eB2225nH7rbxpDz78MdectWxY1GOKVf6Equ7dX+syPO
Edzb8jyvIQ8I3fZJe7dG781lQvK/cQf1w93Z7WiItDF/qj3kIPFzdAxNbZ1rNFfD
vtYQCzEgMeD3FqmzBDr8qlzXWBdD4R7t7WzyXaiiMXTarTujUVhFfWdIO6E=
-----END CERTIFICATE-----