Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ce0a77c3-9866-4605-bd94-a29a7b1800f9.roa
File:                     ce0a77c3-9866-4605-bd94-a29a7b1800f9.roa (raw, json)
Hash identifier:          I7U6ZNyyEXFtc+yKcVoLBJAV1VrxBMJG9q+8wLxbDOc=
Subject key identifier:   03:CF:1D:A3:E7:06:18:1F:11:36:E1:3C:30:D8:E1:5C:D6:5E:E0:AB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       497DD784F6D0B79E32E1827B7B79635D14467700
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ce0a77c3-9866-4605-bd94-a29a7b1800f9.roa
Signing time:             Sun 19 Oct 2025 03:51:20 +0000
ROA not before:           Sun 19 Oct 2025 03:51:20 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:7d:d7:84:f6:d0:b7:9e:32:e1:82:7b:7b:79:63:5d:14:46:77:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 03:51:20 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=20fb1ef4752721ba10d638e3ab46d46c7ef895c7e154599d451d4a250bf70089, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:01:4b:b2:70:66:46:cb:a4:1e:8b:e6:c3:bd:
                    f8:05:c4:b8:f0:77:48:f7:47:e2:dc:1c:28:c0:3e:
                    15:77:dc:e9:f9:e0:62:ec:b4:17:91:6a:54:b0:c1:
                    b4:a5:66:e2:e5:6e:2e:d9:c2:7a:83:1a:ce:5f:65:
                    f6:59:bf:a1:75:99:a6:e0:a9:7c:f1:4e:b1:61:6d:
                    cc:8f:50:b8:fc:3b:fc:46:09:db:94:a1:80:98:b8:
                    75:3c:4a:df:d3:4f:b8:8d:f6:7c:00:01:9e:54:a3:
                    7e:ed:3a:ae:b9:07:fd:51:07:99:00:77:6e:cc:e8:
                    17:0b:87:c6:5c:e4:f9:b0:bb:80:22:29:9f:7b:88:
                    2e:47:b1:fb:0b:16:13:99:7e:4f:47:61:79:07:86:
                    79:0d:bd:cd:bf:8c:ed:bf:ce:e7:06:07:32:c3:cb:
                    7e:33:1b:5b:c1:9d:d0:c4:40:11:92:68:ca:4d:e1:
                    10:94:bc:d8:4c:89:ed:55:7a:ca:8e:16:ff:1f:74:
                    7e:17:3f:f3:5a:c4:bb:07:34:92:e6:37:52:aa:da:
                    c1:42:a2:ab:00:e9:ba:6b:2e:da:31:6f:13:36:0d:
                    02:52:77:7b:44:18:1a:a1:58:b3:28:a2:8d:66:f6:
                    41:af:1e:a5:bd:f0:27:2e:01:e5:3e:07:c2:e4:0a:
                    36:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:CF:1D:A3:E7:06:18:1F:11:36:E1:3C:30:D8:E1:5C:D6:5E:E0:AB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ce0a77c3-9866-4605-bd94-a29a7b1800f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:f9:c5:83:58:03:97:74:4f:31:11:16:fa:68:ab:3c:5b:8d:
         5b:9d:ea:47:3c:34:ab:5d:9c:99:86:7a:8c:7d:d6:bd:96:d4:
         4f:e1:4e:67:fc:89:cf:68:15:51:b1:d4:c9:83:a5:af:c8:1d:
         ff:1e:f2:ae:b9:d4:62:f3:59:04:a0:c1:33:cd:bd:15:16:18:
         34:32:bd:3a:21:9f:90:4a:bf:27:36:4b:96:53:b8:93:0b:87:
         e2:9b:b8:e2:b1:dc:24:d0:b7:a8:d2:76:16:a9:a6:25:0d:d2:
         13:a0:fd:34:b6:31:c5:f0:b6:29:2e:26:42:7c:3d:33:f5:9b:
         e8:6a:3c:98:92:c9:9d:b8:da:0e:a0:b5:79:07:16:76:2f:0a:
         f5:6b:10:dc:e3:a5:9a:f2:7d:9a:92:b0:22:06:a0:fe:62:7e:
         8c:71:23:a9:45:47:36:7e:39:97:13:2d:57:87:86:ed:4b:f0:
         dc:cb:c5:ff:86:c2:b2:5d:c3:bb:e7:5c:15:58:61:ee:d5:f0:
         64:5b:20:a1:54:55:29:65:73:39:c7:42:d4:d8:de:df:4c:79:
         c6:4f:24:77:fb:f2:77:aa:5d:24:b3:ef:f1:2b:40:b2:fd:3d:
         47:f0:6f:3b:af:67:07:09:10:cb:92:05:f2:38:4a:50:94:09:
         0f:4a:b6:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSX3XhPbQt54y4YJ7e3ljXRRGdwAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDM1MTIwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMGZiMWVmNDc1MjcyMWJhMTBkNjM4ZTNhYjQ2ZDQ2Yzdl
Zjg5NWM3ZTE1NDU5OWQ0NTFkNGEyNTBiZjcwMDg5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmAUuycGZGy6Qei+bDvfgFxLjwd0j3R+LcHCjAPhV33On5
4GLstBeRalSwwbSlZuLlbi7ZwnqDGs5fZfZZv6F1mabgqXzxTrFhbcyPULj8O/xG
CduUoYCYuHU8St/TT7iN9nwAAZ5Uo37tOq65B/1RB5kAd27M6BcLh8Zc5Pmwu4Ai
KZ97iC5HsfsLFhOZfk9HYXkHhnkNvc2/jO2/zucGBzLDy34zG1vBndDEQBGSaMpN
4RCUvNhMie1VesqOFv8fdH4XP/NaxLsHNJLmN1Kq2sFCoqsA6bprLtoxbxM2DQJS
d3tEGBqhWLMooo1m9kGvHqW98CcuAeU+B8LkCjajAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUA88do+cGGB8RNuE8MNjhXNZe4KswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NlMGE3N2MzLTk4NjYtNDYwNS1iZDk0LWEyOWE3YjE4MDBmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpcgwDQYJKoZIhvcNAQELBQADggEBACD5xYNYA5d0TzERFvpoqzxbjVud
6kc8NKtdnJmGeox91r2W1E/hTmf8ic9oFVGx1MmDpa/IHf8e8q651GLzWQSgwTPN
vRUWGDQyvTohn5BKvyc2S5ZTuJMLh+KbuOKx3CTQt6jSdhappiUN0hOg/TS2McXw
tikuJkJ8PTP1m+hqPJiSyZ242g6gtXkHFnYvCvVrENzjpZryfZqSsCIGoP5ifoxx
I6lFRzZ+OZcTLVeHhu1L8NzLxf+GwrJdw7vnXBVYYe7V8GRbIKFUVSllcznHQtTY
3t9MecZPJHf78neqXSSz7/ErQLL9PUfwbzuvZwcJEMuSBfI4SlCUCQ9Kti0=
-----END CERTIFICATE-----