Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bfb76570-48b4-4eb8-801a-6c5c1318e1fe.roa
File:                     bfb76570-48b4-4eb8-801a-6c5c1318e1fe.roa (raw, json)
Hash identifier:          hBxbQOMGVMQzmV5amTDW2ckMQSQkfotAlreZpnSIU3Q=
Subject key identifier:   F2:2B:C8:19:7C:DA:76:1A:A3:95:DC:F3:8C:0B:DB:CF:77:3A:61:9E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7F37E2187899091391CCB8BE943B5E419240FB68
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bfb76570-48b4-4eb8-801a-6c5c1318e1fe.roa
Signing time:             Sat 18 Oct 2025 09:20:10 +0000
ROA not before:           Sat 18 Oct 2025 09:20:10 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.174.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:37:e2:18:78:99:09:13:91:cc:b8:be:94:3b:5e:41:92:40:fb:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 09:20:10 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=42b2c8115b68c28618c4d70cdd667e3aec1f9e9c671f1264a8a46b40f3bd0400, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:de:7f:83:88:7d:a1:45:6e:86:42:59:25:b7:
                    72:69:8f:25:93:61:bf:cd:19:0b:4c:d3:3c:23:bb:
                    8f:d8:f6:23:73:db:db:1a:12:d9:62:38:19:a2:51:
                    53:de:68:28:0a:79:0c:5f:c9:ee:02:49:20:2a:52:
                    1f:ce:41:23:c9:55:ce:51:88:78:01:33:8c:32:52:
                    05:2e:dc:f4:37:ef:cf:15:6e:aa:8c:8f:67:47:d1:
                    54:dc:23:94:a8:3b:db:dc:aa:69:9a:70:ea:dc:ee:
                    a4:be:87:57:26:a8:b2:23:16:39:14:4d:64:86:de:
                    8d:d7:50:7b:83:71:7f:d8:5e:b1:c6:fc:bd:ae:e2:
                    c1:a8:d7:1a:fe:ef:d0:8a:a7:ec:6f:7f:c7:b7:9c:
                    e9:54:1c:00:e3:4b:49:f7:af:5f:ec:42:9e:b0:f5:
                    58:af:2c:37:09:22:2a:fc:86:ab:33:94:46:3a:76:
                    76:da:ac:d6:24:f4:73:b3:71:17:f9:c9:84:a3:92:
                    e6:ed:56:28:9d:fd:06:b3:18:08:6f:40:2e:62:8a:
                    f1:cb:48:d1:9f:22:d1:26:24:6d:b8:00:97:3f:3b:
                    f0:ce:6d:46:7e:e6:07:4d:0b:9e:c6:40:00:98:58:
                    73:e8:2d:a8:24:ad:5d:7b:24:70:46:14:a3:5b:75:
                    47:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:2B:C8:19:7C:DA:76:1A:A3:95:DC:F3:8C:0B:DB:CF:77:3A:61:9E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bfb76570-48b4-4eb8-801a-6c5c1318e1fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:7b:90:79:88:08:4a:b1:fc:e6:f4:81:5c:ae:22:98:38:1c:
         49:d2:41:ff:0e:2f:ab:25:03:96:86:6f:94:4c:ff:cd:ae:da:
         d0:a0:8f:87:90:fc:0b:0c:5c:04:71:9d:e0:d3:ee:1b:e1:fe:
         8d:19:4b:e4:31:ba:3e:25:ed:64:15:08:97:58:42:38:60:19:
         5d:60:3e:0a:65:31:89:e7:61:3f:21:ca:21:18:b9:80:df:90:
         d8:de:b5:3d:c0:13:93:ec:fe:52:54:6c:be:82:d9:60:8a:c6:
         22:c9:d7:d7:cc:04:98:b8:0a:64:ba:a9:0d:3c:ed:a3:25:76:
         53:45:3e:3d:e8:36:76:b0:b0:3b:03:e8:5c:cf:8a:2f:a5:7c:
         9f:b5:ff:b0:9a:30:d8:69:2d:41:df:57:ac:7f:c1:2f:c4:df:
         24:46:a1:f4:79:90:c5:92:b6:a0:3d:e1:b0:49:a8:4e:0e:9c:
         4e:e5:0d:b1:b1:c1:de:8a:de:c5:55:85:09:c2:5e:fd:5b:8b:
         7a:b6:0f:b2:8f:1d:82:be:e1:26:28:24:37:a1:6c:af:51:e1:
         1a:ed:e6:b2:f1:2e:8d:65:ab:c0:dc:ec:6a:d1:5f:07:e1:16:
         b2:ee:ed:bf:8b:e5:88:fc:de:5e:fd:09:0c:ab:2d:98:f9:a9:
         78:d6:7d:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfzfiGHiZCRORzLi+lDteQZJA+2gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDkyMDEwWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MmIyYzgxMTViNjhjMjg2MThjNGQ3MGNkZDY2N2UzYWVj
MWY5ZTljNjcxZjEyNjRhOGE0NmI0MGYzYmQwNDAwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCN3n+DiH2hRW6GQlklt3JpjyWTYb/NGQtM0zwju4/Y9iNz
29saEtliOBmiUVPeaCgKeQxfye4CSSAqUh/OQSPJVc5RiHgBM4wyUgUu3PQ3788V
bqqMj2dH0VTcI5SoO9vcqmmacOrc7qS+h1cmqLIjFjkUTWSG3o3XUHuDcX/YXrHG
/L2u4sGo1xr+79CKp+xvf8e3nOlUHADjS0n3r1/sQp6w9VivLDcJIir8hqszlEY6
dnbarNYk9HOzcRf5yYSjkubtViid/QazGAhvQC5iivHLSNGfItEmJG24AJc/O/DO
bUZ+5gdNC57GQACYWHPoLagkrV17JHBGFKNbdUcBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8ivIGXzadhqjldzzjAvbz3c6YZ4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JmYjc2NTcwLTQ4YjQtNGViOC04MDFhLTZjNWMxMzE4ZTFmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoa4wDQYJKoZIhvcNAQELBQADggEBAFB7kHmICEqx/Ob0gVyuIpg4HEnS
Qf8OL6slA5aGb5RM/82u2tCgj4eQ/AsMXARxneDT7hvh/o0ZS+Qxuj4l7WQVCJdY
QjhgGV1gPgplMYnnYT8hyiEYuYDfkNjetT3AE5Ps/lJUbL6C2WCKxiLJ19fMBJi4
CmS6qQ087aMldlNFPj3oNnawsDsD6FzPii+lfJ+1/7CaMNhpLUHfV6x/wS/E3yRG
ofR5kMWStqA94bBJqE4OnE7lDbGxwd6K3sVVhQnCXv1bi3q2D7KPHYK+4SYoJDeh
bK9R4Rrt5rLxLo1lq8Dc7GrRXwfhFrLu7b+L5Yj83l79CQyrLZj5qXjWfU8=
-----END CERTIFICATE-----