Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c19d43f9-02ab-4ed5-adb7-fac497f72da0.roa
File:                     c19d43f9-02ab-4ed5-adb7-fac497f72da0.roa (raw, json)
Hash identifier:          cGsrY5qt0sEtdNkc1Lq2M4rRVv0/mh/mM6K40AWOWNw=
Subject key identifier:   B0:F3:84:48:49:8C:C0:2A:8F:9F:A4:86:63:3C:52:8D:E4:D4:0E:5C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5723EBFC81E6367F464EEC430F678F58E4BBDCE5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c19d43f9-02ab-4ed5-adb7-fac497f72da0.roa
Signing time:             Sat 18 Oct 2025 12:41:28 +0000
ROA not before:           Sat 18 Oct 2025 12:41:28 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:23:eb:fc:81:e6:36:7f:46:4e:ec:43:0f:67:8f:58:e4:bb:dc:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 12:41:28 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=2a153100c8b3310b61cf091a78e5c5e26ac02c1bbc6a7e41ac7514a26ca9f3e3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a7:64:aa:db:37:f5:95:0b:f4:78:64:67:fb:
                    bf:7a:65:8d:94:59:90:ab:d7:cb:87:a0:dc:61:fa:
                    9c:51:8f:35:9c:02:07:49:4f:a0:ab:cb:6a:e2:38:
                    44:10:24:cc:aa:c2:de:a8:33:8e:44:60:d4:42:c3:
                    6e:fb:53:45:68:98:82:d1:91:53:bc:b8:92:5a:53:
                    1a:9b:79:a6:61:ae:38:43:4a:cf:e1:31:fa:dd:3e:
                    c7:22:ea:51:ce:76:9b:e8:69:19:6f:91:52:f6:2a:
                    af:c3:2f:df:d8:d1:29:84:14:cf:1d:3c:e1:12:7d:
                    64:c2:a9:a1:d7:8a:bd:0e:cf:32:6b:c4:f4:aa:6f:
                    0b:58:bd:ea:ee:ea:ea:a0:27:bd:6f:c6:f7:4a:e7:
                    65:98:6a:ef:4e:a9:13:ad:db:44:30:38:15:2b:e1:
                    c1:45:00:fe:a7:3a:ed:3c:8c:15:5c:e0:7a:c7:d9:
                    62:ce:41:b9:7c:6a:c9:af:8b:6f:e0:4e:81:6d:f8:
                    44:6c:4e:bb:84:14:84:0e:c0:49:2a:bf:c8:37:4d:
                    fe:01:e3:9a:2b:b3:2e:63:d6:bf:e0:8c:d3:b1:8f:
                    2d:f9:c7:0c:84:b5:c4:3a:67:f6:b4:b3:f7:a8:e3:
                    0f:a3:ef:ca:ad:9a:3d:af:09:3b:a5:8f:f9:f0:d8:
                    af:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F3:84:48:49:8C:C0:2A:8F:9F:A4:86:63:3C:52:8D:E4:D4:0E:5C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c19d43f9-02ab-4ed5-adb7-fac497f72da0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:73:84:70:4b:33:d4:49:80:2a:da:9b:e2:2e:f2:50:31:6f:
         09:6b:ce:68:a2:c4:82:26:3b:b5:36:25:83:7e:1c:bf:3b:00:
         73:4b:02:39:54:11:3a:90:f8:be:31:90:9a:41:6a:15:96:b8:
         b4:0e:d5:07:89:78:1e:6a:d4:f8:5d:f2:b9:95:2c:11:ba:56:
         63:4a:10:00:27:3b:66:d6:fb:8a:27:0a:6b:34:f1:4d:cf:d2:
         95:a0:4c:ba:25:82:4e:05:de:25:d9:04:da:a7:b2:c1:19:8a:
         cf:bd:53:cc:f3:74:02:06:b8:0d:90:0a:77:07:f8:36:b9:33:
         c4:76:04:da:3d:76:0c:fa:c7:d9:0d:99:79:ad:99:9e:86:37:
         8d:c2:9b:f2:43:29:f6:e4:ea:d8:d6:fc:7a:07:c3:e0:d5:ac:
         14:bf:23:d4:c1:18:a6:1d:e7:9a:b5:ff:af:fa:09:e9:74:53:
         95:75:c8:b9:55:6d:1d:82:fa:0c:cb:3e:f5:f8:89:9c:c0:8a:
         4d:d2:ed:f0:41:f8:20:47:b1:fc:c6:76:84:8e:65:38:fb:61:
         56:90:9f:ba:d4:e8:d3:39:bc:33:10:21:a8:ab:c7:2f:34:1b:
         ae:19:27:07:0f:9e:79:38:9f:29:78:c9:f0:38:e5:f1:09:03:
         cf:dc:3a:17
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVyPr/IHmNn9GTuxDD2ePWOS73OUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTI0MTI4WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTE1MzEwMGM4YjMzMTBiNjFjZjA5MWE3OGU1YzVlMjZh
YzAyYzFiYmM2YTdlNDFhYzc1MTRhMjZjYTlmM2UzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkp2Sq2zf1lQv0eGRn+796ZY2UWZCr18uHoNxh+pxRjzWc
AgdJT6Cry2riOEQQJMyqwt6oM45EYNRCw277U0VomILRkVO8uJJaUxqbeaZhrjhD
Ss/hMfrdPsci6lHOdpvoaRlvkVL2Kq/DL9/Y0SmEFM8dPOESfWTCqaHXir0OzzJr
xPSqbwtYveru6uqgJ71vxvdK52WYau9OqROt20QwOBUr4cFFAP6nOu08jBVc4HrH
2WLOQbl8asmvi2/gToFt+ERsTruEFIQOwEkqv8g3Tf4B45orsy5j1r/gjNOxjy35
xwyEtcQ6Z/a0s/eo4w+j78qtmj2vCTulj/nw2K9xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsPOESEmMwCqPn6SGYzxSjeTUDlwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MxOWQ0M2Y5LTAyYWItNGVkNS1hZGI3LWZhYzQ5N2Y3MmRhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS7pMwDQYJKoZIhvcNAQELBQADggEBAGxzhHBLM9RJgCram+Iu8lAxbwlr
zmiixIImO7U2JYN+HL87AHNLAjlUETqQ+L4xkJpBahWWuLQO1QeJeB5q1Phd8rmV
LBG6VmNKEAAnO2bW+4onCms08U3P0pWgTLolgk4F3iXZBNqnssEZis+9U8zzdAIG
uA2QCncH+Da5M8R2BNo9dgz6x9kNmXmtmZ6GN43Cm/JDKfbk6tjW/HoHw+DVrBS/
I9TBGKYd55q1/6/6Cel0U5V1yLlVbR2C+gzLPvX4iZzAik3S7fBB+CBHsfzGdoSO
ZTj7YVaQn7rU6NM5vDMQIairxy80G64ZJwcPnnk4nyl4yfA45fEJA8/cOhc=
-----END CERTIFICATE-----