Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c853945c-06a9-4d74-a66d-b40302e9cd49.roa
File:                     c853945c-06a9-4d74-a66d-b40302e9cd49.roa (raw, json)
Hash identifier:          WFCilRyY2kaAukdbFFCr4sX/CaDPxmgwDTShX6//o48=
Subject key identifier:   78:FD:6A:09:4B:4B:39:6A:81:AF:A8:54:40:56:E9:5F:0C:8E:45:7F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2FA2CF705B52D33B95A8BA7AACB7B996F592E9E3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c853945c-06a9-4d74-a66d-b40302e9cd49.roa
Signing time:             Sun 19 Oct 2025 21:20:11 +0000
ROA not before:           Sun 19 Oct 2025 21:20:11 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a2:cf:70:5b:52:d3:3b:95:a8:ba:7a:ac:b7:b9:96:f5:92:e9:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 21:20:11 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=32175b539113410d6011c3bd391a730e3fd25472e8047fc9843cdcbbda8e6b8b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e8:0b:06:6c:3c:a4:d7:11:8d:26:b0:b8:0c:
                    7a:3c:d8:e5:57:3f:5c:a9:c8:49:50:28:e8:c4:4c:
                    73:83:0e:f7:69:53:c3:3b:33:3d:97:2d:d2:95:82:
                    a3:6f:88:61:ed:86:91:fd:02:90:3e:e2:78:88:38:
                    dd:ef:22:a9:d4:13:0b:35:49:25:84:b5:50:95:a6:
                    2c:8c:66:5d:36:d2:00:cf:f5:ce:9d:d2:04:0f:d3:
                    00:68:f0:cd:81:38:3e:07:4c:cd:52:16:5c:b3:b6:
                    51:24:86:39:fa:83:e0:2c:23:42:08:04:28:f3:9f:
                    43:bf:33:5f:f0:37:b7:8f:62:ce:87:04:1c:40:b3:
                    b4:a6:20:21:de:bd:17:58:34:69:4e:59:48:88:06:
                    67:9b:ca:32:a4:13:ae:2d:c5:5e:f9:42:5d:16:57:
                    e0:8d:15:60:c8:1d:9e:c3:b9:5d:61:2b:9d:6d:b5:
                    96:33:bd:4f:ec:a2:fc:17:65:8b:6b:f5:c3:be:5b:
                    5b:ee:42:d7:37:9b:12:18:fd:2b:f8:95:2b:8a:27:
                    c9:b4:9e:8f:22:3b:01:c0:dd:c1:3f:e5:2f:8e:be:
                    b4:c5:9f:e6:06:f2:5b:c2:0a:53:e4:00:7a:33:eb:
                    c5:ef:15:9a:ec:5a:aa:21:f8:47:7b:c2:a0:20:92:
                    48:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:FD:6A:09:4B:4B:39:6A:81:AF:A8:54:40:56:E9:5F:0C:8E:45:7F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c853945c-06a9-4d74-a66d-b40302e9cd49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:39:b0:71:42:27:8a:dc:9e:16:40:0a:bc:b7:e5:17:25:3b:
         08:58:a9:81:56:a2:a9:c1:ae:7d:f8:f4:0a:d3:27:c4:1a:5d:
         b3:44:b0:a1:45:84:2c:48:8e:62:bc:57:09:b4:d8:eb:8d:e3:
         42:17:93:09:aa:b1:e6:90:e7:31:e9:0e:4b:17:60:86:de:bb:
         58:66:8e:8e:4e:2a:1d:83:69:e0:45:39:46:95:bb:11:dd:a2:
         35:34:7d:9f:f4:83:1f:08:83:cf:e1:7f:1f:35:7f:6d:77:a5:
         98:21:8e:02:0b:08:c1:5c:4d:a7:40:52:fe:0b:a1:ac:07:aa:
         60:71:28:b5:0e:1f:e7:03:5d:51:13:82:10:78:f8:21:37:86:
         10:3f:a1:ba:d0:51:6e:67:aa:09:71:62:60:de:de:d1:0f:04:
         43:9b:6d:87:00:89:28:e7:7f:b8:f2:c7:78:fb:ed:3f:e0:10:
         60:e8:18:f4:89:c1:a9:07:5f:5c:ec:06:70:26:a2:d1:91:f9:
         b7:51:c3:26:c6:3c:23:f1:a1:b1:bd:b7:30:d4:7c:d1:c7:9a:
         2f:4f:92:23:dc:60:8b:78:92:62:fb:ca:15:ed:f9:7f:82:75:
         08:af:63:e5:d4:5a:63:ee:09:d4:ef:6d:1c:a8:d8:21:92:8c:
         fb:3e:b6:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL6LPcFtS0zuVqLp6rLe5lvWS6eMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjEyMDExWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjE3NWI1MzkxMTM0MTBkNjAxMWMzYmQzOTFhNzMwZTNm
ZDI1NDcyZTgwNDdmYzk4NDNjZGNiYmRhOGU2YjhiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI6AsGbDyk1xGNJrC4DHo82OVXP1ypyElQKOjETHODDvdp
U8M7Mz2XLdKVgqNviGHthpH9ApA+4niION3vIqnUEws1SSWEtVCVpiyMZl020gDP
9c6d0gQP0wBo8M2BOD4HTM1SFlyztlEkhjn6g+AsI0IIBCjzn0O/M1/wN7ePYs6H
BBxAs7SmICHevRdYNGlOWUiIBmebyjKkE64txV75Ql0WV+CNFWDIHZ7DuV1hK51t
tZYzvU/sovwXZYtr9cO+W1vuQtc3mxIY/Sv4lSuKJ8m0no8iOwHA3cE/5S+OvrTF
n+YG8lvCClPkAHoz68XvFZrsWqoh+Ed7wqAgkkjVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeP1qCUtLOWqBr6hUQFbpXwyORX8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M4NTM5NDVjLTA2YTktNGQ3NC1hNjZkLWI0MDMwMmU5Y2Q0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQm4wDQYJKoZIhvcNAQELBQADggEBAHg5sHFCJ4rcnhZACry35RclOwhY
qYFWoqnBrn349ArTJ8QaXbNEsKFFhCxIjmK8Vwm02OuN40IXkwmqseaQ5zHpDksX
YIbeu1hmjo5OKh2DaeBFOUaVuxHdojU0fZ/0gx8Ig8/hfx81f213pZghjgILCMFc
TadAUv4LoawHqmBxKLUOH+cDXVETghB4+CE3hhA/obrQUW5nqglxYmDe3tEPBEOb
bYcAiSjnf7jyx3j77T/gEGDoGPSJwakHX1zsBnAmotGR+bdRwybGPCPxobG9tzDU
fNHHmi9PkiPcYIt4kmL7yhXt+X+CdQivY+XUWmPuCdTvbRyo2CGSjPs+tvc=
-----END CERTIFICATE-----