Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d1664a26-8a4a-490d-b653-263f08c6ce2b.roa
File:                     d1664a26-8a4a-490d-b653-263f08c6ce2b.roa (raw, json)
Hash identifier:          mPA5mUdRwPkRTiOstgsXsfuyZVtZZpaINmGafwi7SsY=
Subject key identifier:   FC:B9:A6:E6:19:2C:8B:30:DD:F0:C1:EC:85:93:7C:8B:85:32:C1:F6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10D3927D44F4F510B0700500328EC12C3BB205C8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d1664a26-8a4a-490d-b653-263f08c6ce2b.roa
Signing time:             Sun 19 Oct 2025 04:50:12 +0000
ROA not before:           Sun 19 Oct 2025 04:50:12 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:d3:92:7d:44:f4:f5:10:b0:70:05:00:32:8e:c1:2c:3b:b2:05:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 04:50:12 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=0b652b7d762ee98475f1049a40f037469f8aaebfa6b1b3abacb2335ee199920c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:20:00:8e:b3:89:51:0b:99:4a:77:07:73:60:
                    c3:0a:e8:58:88:e2:20:8c:a2:3c:f1:b2:69:06:df:
                    5e:15:ea:55:60:70:0d:e4:fe:7e:3f:e4:3e:1c:95:
                    c9:86:27:af:c8:6a:52:b0:9b:56:75:12:f4:f6:e7:
                    f2:df:dd:e3:0b:80:8b:6b:a5:20:17:7e:63:a3:17:
                    fa:18:66:4d:ee:71:66:a6:57:aa:11:3e:c8:7d:93:
                    cf:f7:2b:e5:04:11:5d:a2:be:87:44:f9:e9:ca:ab:
                    5a:7c:58:c0:76:83:59:e6:32:10:28:f3:07:fb:c9:
                    d9:26:68:d5:23:30:0a:32:ba:30:69:32:52:ae:6b:
                    e3:de:d1:52:b7:3c:28:7b:11:12:e0:3d:2b:3b:04:
                    bb:78:c5:ff:66:31:49:51:ed:4e:b6:82:ab:03:42:
                    f1:61:4e:78:4b:c1:76:5a:cc:80:7d:ed:88:fc:3d:
                    08:24:bd:9c:7d:5d:89:14:c1:fe:27:e2:87:3b:75:
                    42:8d:cc:a4:4a:7d:65:ab:3a:fd:a1:c5:6f:5d:c3:
                    33:69:ad:03:f3:9d:fc:0a:ea:70:fa:c9:0c:26:6c:
                    2c:9b:8d:16:86:a1:53:5d:b8:83:b7:d5:38:2b:b4:
                    8c:dc:ee:5f:5c:f8:ce:3a:6d:73:1e:f0:56:62:64:
                    3a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B9:A6:E6:19:2C:8B:30:DD:F0:C1:EC:85:93:7C:8B:85:32:C1:F6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d1664a26-8a4a-490d-b653-263f08c6ce2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:52:a6:5b:9d:ea:97:fd:f1:d2:1a:d0:cf:c4:95:07:43:bc:
         3b:4b:f8:36:c7:40:3f:39:c4:c2:5a:c0:c6:e9:18:32:7b:98:
         55:70:29:a7:e2:e4:11:91:bb:16:fb:c8:fd:ac:2c:30:21:18:
         e3:78:aa:d4:f1:f2:f4:e7:9a:f8:8e:3d:ab:dc:e6:fb:fa:28:
         d5:25:01:07:29:9d:43:33:cf:52:0c:76:50:61:cc:9a:ee:00:
         51:a6:d5:37:bf:ca:d6:0d:a7:7c:9f:86:3c:33:42:94:b5:5c:
         21:15:f7:9c:49:fc:9a:94:8d:2a:c3:e2:a1:88:cd:07:82:70:
         95:8c:9f:0b:d7:c1:72:02:b0:f4:6b:4f:99:82:21:6f:cb:04:
         c7:14:d8:c1:1e:2f:34:13:1e:8e:49:e2:43:2a:de:18:47:63:
         81:48:d3:ed:6d:34:68:3a:d6:15:28:05:1e:a2:75:49:9d:3b:
         3a:64:4c:82:8e:ad:1a:a5:8b:73:44:81:9a:00:3b:4e:97:b4:
         c2:9b:83:e0:9f:f8:81:5b:ba:88:c5:82:15:7c:bf:29:e4:c5:
         c2:21:62:23:6d:3d:3c:d5:72:30:81:ce:49:13:31:12:47:7c:
         13:a3:7b:93:65:7d:58:4a:d4:a3:17:78:ad:97:a1:15:84:56:
         24:a1:5c:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUENOSfUT09RCwcAUAMo7BLDuyBcgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDQ1MDEyWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjY1MmI3ZDc2MmVlOTg0NzVmMTA0OWE0MGYwMzc0Njlm
OGFhZWJmYTZiMWIzYWJhY2IyMzM1ZWUxOTk5MjBjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+IACOs4lRC5lKdwdzYMMK6FiI4iCMojzxsmkG314V6lVg
cA3k/n4/5D4clcmGJ6/IalKwm1Z1EvT25/Lf3eMLgItrpSAXfmOjF/oYZk3ucWam
V6oRPsh9k8/3K+UEEV2ivodE+enKq1p8WMB2g1nmMhAo8wf7ydkmaNUjMAoyujBp
MlKua+Pe0VK3PCh7ERLgPSs7BLt4xf9mMUlR7U62gqsDQvFhTnhLwXZazIB97Yj8
PQgkvZx9XYkUwf4n4oc7dUKNzKRKfWWrOv2hxW9dwzNprQPznfwK6nD6yQwmbCyb
jRaGoVNduIO31TgrtIzc7l9c+M46bXMe8FZiZDrNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/Lmm5hksizDd8MHshZN8i4UywfYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QxNjY0YTI2LThhNGEtNDkwZC1iNjUzLTI2M2YwOGM2Y2UyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9E8wDQYJKoZIhvcNAQELBQADggEBAFNSplud6pf98dIa0M/ElQdDvDtL
+DbHQD85xMJawMbpGDJ7mFVwKafi5BGRuxb7yP2sLDAhGON4qtTx8vTnmviOPavc
5vv6KNUlAQcpnUMzz1IMdlBhzJruAFGm1Te/ytYNp3yfhjwzQpS1XCEV95xJ/JqU
jSrD4qGIzQeCcJWMnwvXwXICsPRrT5mCIW/LBMcU2MEeLzQTHo5J4kMq3hhHY4FI
0+1tNGg61hUoBR6idUmdOzpkTIKOrRqli3NEgZoAO06XtMKbg+Cf+IFbuojFghV8
vynkxcIhYiNtPTzVcjCBzkkTMRJHfBOje5NlfVhK1KMXeK2XoRWEViShXP4=
-----END CERTIFICATE-----