Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c76d7afd-b118-4a23-883a-b0eb8d5663a5.roa
File:                     c76d7afd-b118-4a23-883a-b0eb8d5663a5.roa (raw, json)
Hash identifier:          Z5638jERi3qgSmHNZieP6MgKghxN0WObYhS51Y0SjdM=
Subject key identifier:   24:A1:38:8E:70:73:4D:C8:93:73:FD:D2:DD:E6:7A:28:38:C6:08:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2588359732D501DF3969862C86C70816EE2A89
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c76d7afd-b118-4a23-883a-b0eb8d5663a5.roa
Signing time:             Sat 18 Oct 2025 16:52:26 +0000
ROA not before:           Sat 18 Oct 2025 16:52:26 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.234.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:88:35:97:32:d5:01:df:39:69:86:2c:86:c7:08:16:ee:2a:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 16:52:26 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=12964a721fe1bbfd6a8ca339a4994d15062de886889ba233dee08d62080b3dcc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:90:bb:0b:5e:7b:2c:fd:4b:37:54:86:41:
                    97:83:9b:9d:04:58:e0:2e:70:f5:34:98:81:81:49:
                    16:14:2e:d9:59:b4:60:b6:1a:0f:d0:ad:36:ed:1b:
                    f0:af:6c:3c:38:1c:28:9c:39:79:80:4a:4c:4c:2f:
                    a1:cc:b5:81:fd:49:c2:dc:e5:bd:99:11:14:0c:f6:
                    c8:d1:c1:d8:15:3f:07:cd:a1:cb:53:ad:0d:f0:41:
                    a9:34:b5:8f:6a:e7:4a:65:34:c1:e1:93:49:07:81:
                    ec:c7:ad:b6:f6:00:60:aa:4f:58:a1:d7:19:cb:b6:
                    9a:97:52:64:b5:5c:f6:33:f2:13:ef:d5:d2:0c:ca:
                    25:7e:85:c0:41:6f:15:0f:17:d1:68:8c:33:06:a7:
                    c7:2c:ee:e4:b3:ec:d4:0b:e2:13:e2:12:6a:a8:4d:
                    64:74:5e:4d:17:a2:ab:a5:4b:10:b1:6d:46:24:21:
                    91:4d:57:df:36:19:7a:92:2d:b6:46:2e:6e:68:56:
                    fc:3c:ce:96:6c:8e:e1:5e:e8:8d:c2:4e:ef:b4:3a:
                    7a:3d:3d:e3:22:80:e7:94:be:3b:9a:e3:06:ef:f9:
                    22:ed:c1:76:78:a2:b6:94:84:6d:d7:60:0d:53:13:
                    56:de:3d:f9:56:80:b0:e4:34:b5:19:d9:f1:91:51:
                    84:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A1:38:8E:70:73:4D:C8:93:73:FD:D2:DD:E6:7A:28:38:C6:08:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c76d7afd-b118-4a23-883a-b0eb8d5663a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:b6:42:eb:13:9a:3c:fd:0e:32:c8:1c:1b:b1:5e:22:91:09:
         04:97:28:c8:ce:b7:40:5f:f6:96:74:4f:07:2f:89:d8:e3:a0:
         ab:5f:94:71:43:f4:91:82:ef:79:53:56:a6:60:02:86:9b:d0:
         14:83:48:7d:3f:a7:6f:3c:43:40:23:5e:c1:be:4b:1e:b7:7d:
         97:ad:58:b9:a8:88:7b:aa:30:74:94:81:27:d6:ad:58:e1:2d:
         e0:fe:14:4b:fa:e9:a2:f2:84:05:e3:d8:86:4a:73:01:2f:d2:
         7d:ef:fa:df:17:45:b3:37:57:ec:21:47:64:05:a3:fa:89:5e:
         41:58:b9:3b:ea:75:1f:ea:e7:20:46:d1:a9:b6:78:7f:99:dd:
         bd:5c:8c:07:02:68:cf:2c:13:fd:2c:57:aa:62:86:dd:b0:ae:
         6d:d4:f4:ad:a1:5c:98:07:c0:d6:29:1d:22:13:c8:fe:f7:18:
         fe:83:f7:45:e9:a8:15:8e:6e:22:84:82:e8:2b:20:d6:3c:04:
         98:6e:a2:e1:e4:11:f6:15:76:ce:43:86:d0:fb:ad:59:c4:95:
         77:ee:a4:82:17:3c:a4:0f:77:6e:5a:ff:43:88:2f:30:e0:e2:
         b7:4e:4f:e8:3a:b0:be:24:5a:26:85:d7:20:c9:67:0b:10:c2:
         06:31:1e:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITJYg1lzLVAd85aYYshscIFu4qiTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTEwMTgxNjUyMjZaFw0yNTExMjIyMzU5NTla
MHoxSTBHBgNVBAUTQDEyOTY0YTcyMWZlMWJiZmQ2YThjYTMzOWE0OTk0ZDE1MDYy
ZGU4ODY4ODliYTIzM2RlZTA4ZDYyMDgwYjNkY2MxLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALSMkLsLXnss/Us3VIZBl4ObnQRY4C5w9TSYgYFJFhQu2Vm0
YLYaD9CtNu0b8K9sPDgcKJw5eYBKTEwvocy1gf1JwtzlvZkRFAz2yNHB2BU/B82h
y1OtDfBBqTS1j2rnSmU0weGTSQeB7MettvYAYKpPWKHXGcu2mpdSZLVc9jPyE+/V
0gzKJX6FwEFvFQ8X0WiMMwanxyzu5LPs1AviE+ISaqhNZHReTReiq6VLELFtRiQh
kU1X3zYZepIttkYubmhW/DzOlmyO4V7ojcJO77Q6ej094yKA55S+O5rjBu/5Iu3B
dniitpSEbddgDVMTVt49+VaAsOQ0tRnZ8ZFRhJMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQkoTiOcHNNyJNz/dLd5nooOMYIyjAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvYzc2ZDdhZmQtYjExOC00YTIzLTg4M2EtYjBlYjhkNTY2M2E1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEARLu6jANBgkqhkiG9w0BAQsFAAOCAQEAGrZC6xOaPP0OMsgcG7FeIpEJBJco
yM63QF/2lnRPBy+J2OOgq1+UcUP0kYLveVNWpmAChpvQFINIfT+nbzxDQCNewb5L
Hrd9l61YuaiIe6owdJSBJ9atWOEt4P4US/rpovKEBePYhkpzAS/Sfe/63xdFszdX
7CFHZAWj+oleQVi5O+p1H+rnIEbRqbZ4f5ndvVyMBwJozywT/SxXqmKG3bCubdT0
raFcmAfA1ikdIhPI/vcY/oP3RemoFY5uIoSC6Csg1jwEmG6i4eQR9hV2zkOG0Put
WcSVd+6kghc8pA93blr/Q4gvMODit05P6DqwviRaJoXXIMlnCxDCBjEeLQ==
-----END CERTIFICATE-----