Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ca35a1c1-a7ba-405a-8779-7212f317d70e.roa
File:                     ca35a1c1-a7ba-405a-8779-7212f317d70e.roa (raw, json)
Hash identifier:          DqO/eI9n4NLCk3VhTHG1UKU+uMU1XFc7rLLXg77EAc8=
Subject key identifier:   40:7B:03:E2:AB:EB:03:73:3F:FA:BC:5B:F7:72:D9:B3:F7:2B:AB:27
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2F79A8FDE923788E8E4B6494F95241891F3B95AD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ca35a1c1-a7ba-405a-8779-7212f317d70e.roa
Signing time:             Sat 18 Oct 2025 07:53:45 +0000
ROA not before:           Sat 18 Oct 2025 07:53:45 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.173.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:79:a8:fd:e9:23:78:8e:8e:4b:64:94:f9:52:41:89:1f:3b:95:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 07:53:45 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=5be06921eb7d99b5086776d34ca49787f1bee47c343aff06cf0d3e846d77f719, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:09:6d:72:6f:67:47:a1:4e:77:05:a9:ce:4a:
                    32:07:c3:62:d6:95:3c:66:68:b0:c0:6b:4e:b1:3a:
                    f1:be:65:1f:f2:af:2c:c4:05:06:64:ef:a3:f3:a9:
                    fc:47:5b:86:c2:c6:29:11:2c:fe:1d:6e:04:95:2c:
                    92:2d:66:6b:c2:e1:b0:3c:96:d3:c7:68:7a:be:30:
                    b4:e1:b5:3e:01:a7:e1:50:4f:a5:dc:7c:ea:17:77:
                    13:1a:e1:ff:37:7c:30:3e:e1:f0:22:6b:b8:74:5a:
                    31:9e:67:fa:da:c2:54:14:de:a0:13:d3:48:b0:0f:
                    6f:dc:ac:44:72:3d:fc:d0:a7:a9:01:ff:72:f6:f1:
                    1f:de:cb:da:8b:44:fc:a2:b4:cb:c4:da:5c:8a:33:
                    08:cf:19:e1:a7:66:98:56:c9:f7:35:f3:90:3f:20:
                    0e:f4:a4:88:f8:a9:e3:eb:6b:73:ab:43:f4:d7:1a:
                    a1:74:83:fc:da:0e:0a:c9:06:56:0f:81:4a:27:28:
                    a3:d5:cc:ad:6a:fc:3d:f4:f4:b2:ff:8a:5d:63:d8:
                    6e:9d:48:00:85:2b:48:a9:47:ed:d0:29:9b:3f:95:
                    37:47:91:4f:42:da:18:73:5a:5b:74:09:e8:5a:72:
                    a5:59:ad:49:ad:03:97:74:83:27:d9:c2:73:2c:28:
                    b3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7B:03:E2:AB:EB:03:73:3F:FA:BC:5B:F7:72:D9:B3:F7:2B:AB:27
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ca35a1c1-a7ba-405a-8779-7212f317d70e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.173.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b2:99:d1:5a:5a:40:5d:5d:2e:c0:af:2d:8c:72:35:6d:25:
         50:72:4f:b6:3a:59:e5:e2:df:d2:16:fb:ec:61:f9:37:aa:e1:
         b9:b9:00:ec:67:d0:47:74:30:d8:87:4f:18:10:35:b0:fd:3e:
         5b:5d:d7:bb:17:f4:55:61:94:9a:7a:ef:80:3d:e2:78:02:9e:
         c5:71:66:de:4d:1a:47:2c:e3:5f:85:32:37:04:5f:0e:87:88:
         13:4d:3d:00:72:5d:55:8b:ac:20:95:60:a8:88:f7:4a:d5:38:
         f2:94:10:91:b2:29:cd:33:b5:4f:21:00:59:13:97:bb:de:bd:
         79:31:92:9d:17:ca:6b:d3:3b:4b:c3:36:80:6b:5f:73:45:a1:
         8b:a8:ae:2a:63:b6:78:32:23:21:46:33:c1:10:c3:81:11:b5:
         2a:d0:44:d8:64:32:25:a1:4c:d0:c4:be:a3:fe:d1:75:a5:81:
         f3:38:6a:92:7f:ad:5a:f5:38:d5:6d:67:6e:6a:53:30:a1:2c:
         7b:9b:a2:94:72:17:25:f7:57:6d:77:0d:ab:51:4c:a5:f8:9b:
         fc:2a:ab:c4:82:ab:2a:86:6a:4a:44:0a:68:3d:96:f2:12:7e:
         7b:09:c1:d8:00:9d:15:01:bc:f6:2e:a6:52:1e:2d:b4:77:2b:
         08:fe:19:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL3mo/ekjeI6OS2SU+VJBiR87la0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDc1MzQ1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmUwNjkyMWViN2Q5OWI1MDg2Nzc2ZDM0Y2E0OTc4N2Yx
YmVlNDdjMzQzYWZmMDZjZjBkM2U4NDZkNzdmNzE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvCW1yb2dHoU53BanOSjIHw2LWlTxmaLDAa06xOvG+ZR/y
ryzEBQZk76PzqfxHW4bCxikRLP4dbgSVLJItZmvC4bA8ltPHaHq+MLThtT4Bp+FQ
T6XcfOoXdxMa4f83fDA+4fAia7h0WjGeZ/rawlQU3qAT00iwD2/crERyPfzQp6kB
/3L28R/ey9qLRPyitMvE2lyKMwjPGeGnZphWyfc185A/IA70pIj4qePra3OrQ/TX
GqF0g/zaDgrJBlYPgUonKKPVzK1q/D309LL/il1j2G6dSACFK0ipR+3QKZs/lTdH
kU9C2hhzWlt0CehacqVZrUmtA5d0gyfZwnMsKLPxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQHsD4qvrA3M/+rxb93LZs/crqycwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NhMzVhMWMxLWE3YmEtNDA1YS04Nzc5LTcyMTJmMzE3ZDcwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASrSgwDQYJKoZIhvcNAQELBQADggEBAIWymdFaWkBdXS7Ary2McjVtJVBy
T7Y6WeXi39IW++xh+Teq4bm5AOxn0Ed0MNiHTxgQNbD9Pltd17sX9FVhlJp674A9
4ngCnsVxZt5NGkcs41+FMjcEXw6HiBNNPQByXVWLrCCVYKiI90rVOPKUEJGyKc0z
tU8hAFkTl7vevXkxkp0XymvTO0vDNoBrX3NFoYuoripjtngyIyFGM8EQw4ERtSrQ
RNhkMiWhTNDEvqP+0XWlgfM4apJ/rVr1ONVtZ25qUzChLHubopRyFyX3V213DatR
TKX4m/wqq8SCqyqGakpECmg9lvISfnsJwdgAnRUBvPYuplIeLbR3Kwj+GUQ=
-----END CERTIFICATE-----