Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7fa3405-e5f3-4412-adb7-20a7e65d5290.roa
File:                     b7fa3405-e5f3-4412-adb7-20a7e65d5290.roa (raw, json)
Hash identifier:          yzgQY53spx3cueupgxPXSLpxL6FaxD1sYhCykCi4VSA=
Subject key identifier:   98:ED:FE:B3:5F:DE:C4:6A:EC:19:FE:F5:09:E0:4C:C8:FC:37:C8:0C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       118ECC1FB11275AD2B2BA02AB6361B721D138CB2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7fa3405-e5f3-4412-adb7-20a7e65d5290.roa
Signing time:             Sat 18 Oct 2025 15:11:24 +0000
ROA not before:           Sat 18 Oct 2025 15:11:24 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:8e:cc:1f:b1:12:75:ad:2b:2b:a0:2a:b6:36:1b:72:1d:13:8c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 15:11:24 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=217c67da19f27868cb71e2dc7a780f8180760fd75fcf3b137eed5a4497222087, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1d:f4:64:24:d9:e8:06:3e:8b:fb:89:91:54:
                    19:0f:51:d9:fe:e8:85:eb:86:bc:07:bb:a6:01:d4:
                    ef:fe:d0:5c:b1:4c:93:2a:4e:db:b5:88:62:8f:bf:
                    a8:3b:be:75:85:a1:26:ff:3a:a0:11:1f:12:3a:c6:
                    ba:e5:64:02:06:26:23:ed:a1:65:de:6f:a1:cb:bc:
                    6c:1b:18:74:36:4c:30:35:df:98:3f:a0:9b:d3:96:
                    02:1d:14:10:ec:b7:b9:e5:d3:96:66:a4:cc:1a:30:
                    85:cd:08:87:1d:5e:cb:49:4c:8e:bb:9e:30:c9:b7:
                    d1:55:e1:98:d3:8f:bc:96:0b:d9:28:b0:ec:85:ac:
                    3e:7e:9c:50:8c:3e:7b:1f:be:e2:08:fa:d4:4d:92:
                    9f:2d:0a:24:74:80:09:49:e4:d2:e5:27:4f:52:81:
                    b3:1c:ae:bf:ce:d8:f1:48:b2:e7:7f:b7:5d:97:db:
                    8f:46:5c:ba:02:54:1b:2f:f7:c6:7d:95:02:2d:eb:
                    32:28:91:1e:00:17:d0:30:72:07:23:17:e3:47:b4:
                    02:ac:4e:f6:a7:14:0e:84:d2:ba:66:11:e5:91:d0:
                    54:7f:42:ec:c7:41:b2:9e:55:93:92:67:19:b4:bb:
                    0e:50:c9:50:77:fc:1b:69:c9:a3:37:01:e2:4e:34:
                    64:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:ED:FE:B3:5F:DE:C4:6A:EC:19:FE:F5:09:E0:4C:C8:FC:37:C8:0C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7fa3405-e5f3-4412-adb7-20a7e65d5290.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:da:02:b8:08:32:ad:c6:66:d1:47:58:2a:65:28:8a:5b:d9:
         ec:ce:27:2c:94:c4:2c:40:c6:87:e3:85:75:68:97:30:ab:a7:
         18:99:3f:4a:73:06:13:32:ee:f3:4f:a4:f8:6a:12:18:8d:db:
         ee:f8:5c:c9:33:6b:11:57:f0:6c:ec:33:c6:f8:e5:21:76:57:
         91:15:88:e7:b3:5a:c3:42:2d:70:df:d9:ce:5e:82:e6:b3:60:
         d1:62:6c:13:f1:f2:4f:f4:33:e1:f6:d8:63:8c:3c:95:43:bf:
         bc:70:1e:93:1b:cf:4d:8b:9d:55:7e:88:14:fd:e2:7b:ed:ae:
         1b:16:b0:45:0f:c7:74:b8:da:9c:85:47:5b:0e:f8:57:11:3c:
         ac:34:18:7c:ff:75:cf:16:f7:eb:23:f3:2d:d7:81:b3:21:76:
         52:79:fd:49:65:70:1d:46:f3:7b:1e:4d:97:3b:53:e2:6d:fc:
         36:88:97:2e:5b:a0:e4:3d:a9:46:20:8c:61:ae:c0:cc:04:df:
         48:f2:dd:81:42:01:37:07:75:93:ff:d4:7f:07:8d:6c:f8:26:
         4c:86:19:5a:50:e9:cb:46:e5:ae:e8:62:45:e5:b1:82:eb:86:
         14:03:a2:61:ad:2b:99:08:79:82:87:bc:d5:bb:93:01:7a:99:
         84:30:49:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEY7MH7ESda0rK6AqtjYbch0TjLIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTUxMTI0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTdjNjdkYTE5ZjI3ODY4Y2I3MWUyZGM3YTc4MGY4MTgw
NzYwZmQ3NWZjZjNiMTM3ZWVkNWE0NDk3MjIyMDg3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbHfRkJNnoBj6L+4mRVBkPUdn+6IXrhrwHu6YB1O/+0Fyx
TJMqTtu1iGKPv6g7vnWFoSb/OqARHxI6xrrlZAIGJiPtoWXeb6HLvGwbGHQ2TDA1
35g/oJvTlgIdFBDst7nl05ZmpMwaMIXNCIcdXstJTI67njDJt9FV4ZjTj7yWC9ko
sOyFrD5+nFCMPnsfvuII+tRNkp8tCiR0gAlJ5NLlJ09SgbMcrr/O2PFIsud/t12X
249GXLoCVBsv98Z9lQIt6zIokR4AF9AwcgcjF+NHtAKsTvanFA6E0rpmEeWR0FR/
QuzHQbKeVZOSZxm0uw5QyVB3/BtpyaM3AeJONGTNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmO3+s1/exGrsGf71CeBMyPw3yAwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I3ZmEzNDA1LWU1ZjMtNDQxMi1hZGI3LTIwYTdlNjVkNTI5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9QQwDQYJKoZIhvcNAQELBQADggEBADjaArgIMq3GZtFHWCplKIpb2ezO
JyyUxCxAxofjhXVolzCrpxiZP0pzBhMy7vNPpPhqEhiN2+74XMkzaxFX8GzsM8b4
5SF2V5EViOezWsNCLXDf2c5eguazYNFibBPx8k/0M+H22GOMPJVDv7xwHpMbz02L
nVV+iBT94nvtrhsWsEUPx3S42pyFR1sO+FcRPKw0GHz/dc8W9+sj8y3XgbMhdlJ5
/UllcB1G83seTZc7U+Jt/DaIly5boOQ9qUYgjGGuwMwE30jy3YFCATcHdZP/1H8H
jWz4JkyGGVpQ6ctG5a7oYkXlsYLrhhQDomGtK5kIeYKHvNW7kwF6mYQwSao=
-----END CERTIFICATE-----