Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cc73c463-325d-433d-8b7e-f189454ea8ea.roa
File:                     cc73c463-325d-433d-8b7e-f189454ea8ea.roa (raw, json)
Hash identifier:          QOnwoh+kIw2oy3VPGu5DgVjiplzt2/BGjaORZ4uvSc0=
Subject key identifier:   7D:9C:E8:22:57:20:DB:5F:C0:A4:57:0E:E1:FD:9B:85:FF:C2:F3:68
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A6B98A2C6A9EC8EF47B5A4F411FD58FCB9B37E0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cc73c463-325d-433d-8b7e-f189454ea8ea.roa
Signing time:             Fri 26 Sep 2025 16:13:23 +0000
ROA not before:           Fri 26 Sep 2025 16:13:23 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.100.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:6b:98:a2:c6:a9:ec:8e:f4:7b:5a:4f:41:1f:d5:8f:cb:9b:37:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:13:23 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=781231bc61ddd67c5eda6f74fdba3e7be55de8f3c0a47f8117e8c8fd823c0926, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d2:4a:1e:a8:0f:80:ae:66:85:3f:c7:a4:29:
                    41:6a:fc:cf:b4:8d:47:db:ea:45:6c:49:cd:f1:da:
                    99:71:60:2a:cd:dc:4c:ef:b2:e9:21:07:ec:75:ff:
                    b9:e3:df:8d:78:bd:b9:96:7e:f2:1f:31:cd:bb:44:
                    8c:c7:a6:6c:9f:79:f9:51:57:3b:fa:60:88:a4:13:
                    61:34:6a:69:ca:e8:9a:33:0e:4b:03:d5:72:53:ef:
                    b7:49:51:ba:29:85:16:6b:d0:77:8e:fc:61:2b:d2:
                    9f:52:63:42:38:5c:b8:42:59:02:93:94:48:59:b7:
                    fa:96:8d:c7:ed:39:4a:2c:73:3d:ec:1a:1d:b1:a4:
                    ee:8b:99:54:77:54:f3:41:61:87:33:2b:1b:78:56:
                    68:91:1b:ba:24:97:55:0c:fe:49:61:a8:eb:51:21:
                    d2:82:ce:c7:ff:6b:a7:a7:ab:9b:6e:6c:31:dd:ef:
                    c4:3f:fd:e9:6f:f7:05:67:0d:a4:aa:51:ca:d3:79:
                    2e:e5:cc:4f:76:68:9a:55:a7:4f:84:07:93:04:3b:
                    6a:a7:c1:60:91:d0:8f:6d:64:70:f0:23:b1:7b:5d:
                    59:98:bb:24:a6:07:39:b3:8b:2a:a3:48:23:3a:2e:
                    b1:23:f8:bd:5d:ca:bb:86:ea:e9:34:97:a6:fa:c9:
                    b9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:9C:E8:22:57:20:DB:5F:C0:A4:57:0E:E1:FD:9B:85:FF:C2:F3:68
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cc73c463-325d-433d-8b7e-f189454ea8ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.100.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         96:09:4b:73:d8:43:32:57:35:28:32:28:b8:61:cb:3f:53:b2:
         dd:18:a3:3a:48:7e:a1:c2:1f:dd:0d:b9:97:5d:54:6f:18:f4:
         df:61:2f:18:36:a2:13:b1:03:6c:61:e6:cb:14:f8:bc:c8:57:
         b1:ab:ee:d0:d8:65:c7:17:bd:7a:7f:0f:f8:8c:62:89:68:d3:
         9f:91:a6:a2:53:57:94:5c:76:0d:fb:9c:c2:36:a1:6b:a1:02:
         f3:8a:6b:d5:3f:57:f5:4b:eb:f6:0c:a9:29:89:95:f3:46:07:
         a9:e6:13:37:b8:5a:7a:46:60:74:fe:1b:9a:fe:f3:7e:59:b8:
         35:26:f2:e1:ea:57:cb:59:80:24:a1:50:ce:43:9a:d0:9a:06:
         20:26:46:55:b7:a2:fd:ae:ed:e1:70:89:2a:06:78:2b:63:8b:
         fc:8a:d4:6d:9d:43:0b:81:47:74:db:d8:44:f2:eb:e8:5e:b2:
         ac:fc:a0:a4:13:67:73:07:3f:9c:8a:bd:1a:50:40:e0:07:b6:
         19:7e:49:e4:50:98:1d:9d:48:96:72:34:43:6a:65:41:d0:e9:
         d2:29:42:35:cd:7f:bb:9a:a3:51:3d:59:87:82:6d:b3:5a:c5:
         ee:1f:0f:29:da:b3:b6:d3:92:2e:64:73:9b:c1:80:b8:d1:e1:
         9d:a0:81:ac
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCmuYosap7I70e1pPQR/Vj8ubN+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYxMzIzWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODEyMzFiYzYxZGRkNjdjNWVkYTZmNzRmZGJhM2U3YmU1
NWRlOGYzYzBhNDdmODExN2U4YzhmZDgyM2MwOTI2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE0koeqA+ArmaFP8ekKUFq/M+0jUfb6kVsSc3x2plxYCrN
3EzvsukhB+x1/7nj3414vbmWfvIfMc27RIzHpmyfeflRVzv6YIikE2E0amnK6Joz
DksD1XJT77dJUbophRZr0HeO/GEr0p9SY0I4XLhCWQKTlEhZt/qWjcftOUoscz3s
Gh2xpO6LmVR3VPNBYYczKxt4VmiRG7okl1UM/klhqOtRIdKCzsf/a6enq5tubDHd
78Q//elv9wVnDaSqUcrTeS7lzE92aJpVp0+EB5MEO2qnwWCR0I9tZHDwI7F7XVmY
uySmBzmziyqjSCM6LrEj+L1dyruG6uk0l6b6ybmlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfZzoIlcg21/ApFcO4f2bhf/C82gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NjNzNjNDYzLTMyNWQtNDMzZC04YjdlLWYxODk0NTRlYThlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESZDANBgkqhkiG9w0BAQsFAAOCAQEAlglLc9hDMlc1KDIouGHLP1Oy3Rij
Okh+ocIf3Q25l11Ubxj032EvGDaiE7EDbGHmyxT4vMhXsavu0Nhlxxe9en8P+Ixi
iWjTn5GmolNXlFx2Dfucwjaha6EC84pr1T9X9Uvr9gypKYmV80YHqeYTN7haekZg
dP4bmv7zflm4NSby4epXy1mAJKFQzkOa0JoGICZGVbei/a7t4XCJKgZ4K2OL/IrU
bZ1DC4FHdNvYRPLr6F6yrPygpBNncwc/nIq9GlBA4Ae2GX5J5FCYHZ1IlnI0Q2pl
QdDp0ilCNc1/u5qjUT1Zh4Jts1rF7h8PKdqzttOSLmRzm8GAuNHhnaCBrA==
-----END CERTIFICATE-----