Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d3032da4-5151-4657-a5da-b1c523f005ba.roa
File:                     d3032da4-5151-4657-a5da-b1c523f005ba.roa (raw, json)
Hash identifier:          WCKTzxdFew5pnY4FnZW8GYGHmOlRWxMpc+cuVNbfogk=
Subject key identifier:   FF:29:F5:B5:FB:20:DF:03:54:32:04:0F:67:F1:A3:41:05:FC:89:E2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1F267DAB433CCFF8D79F2F4993FCB0CDEEBB6DCA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d3032da4-5151-4657-a5da-b1c523f005ba.roa
Signing time:             Sat 18 Oct 2025 18:03:53 +0000
ROA not before:           Sat 18 Oct 2025 18:03:53 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.186.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:26:7d:ab:43:3c:cf:f8:d7:9f:2f:49:93:fc:b0:cd:ee:bb:6d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 18:03:53 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=4e44ea3c8e6c1fc10b5ea6e8d3a2eb71ab7d5ea936c5a7c53bde1b252996b9bc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3a:c7:f5:f2:eb:23:a6:ce:0b:10:ec:9c:70:
                    ee:f4:2e:a9:0a:63:fa:70:2f:ac:6e:a6:ea:73:69:
                    64:95:9a:7a:99:65:65:5f:84:b5:0e:8f:26:b0:9a:
                    c1:9e:52:16:37:fa:ea:d4:d7:5d:39:d6:a4:2f:e2:
                    a4:c3:a4:a8:3e:25:b7:80:ad:90:4a:06:ce:5a:aa:
                    71:40:7f:4d:ad:e0:44:57:06:cc:b5:70:cd:97:59:
                    80:dc:b2:00:7a:fc:55:67:08:70:9a:ce:bc:f6:81:
                    50:2a:40:d3:8b:48:f8:3d:41:72:7f:9c:68:ab:b4:
                    2b:b1:c9:8e:55:2e:a2:14:f8:cc:7b:d1:7c:35:b0:
                    98:13:a8:9f:61:34:6e:05:48:97:65:be:74:a9:f2:
                    87:ee:ed:9a:ad:21:c4:81:56:94:cb:e3:16:8f:30:
                    a5:e8:80:c6:80:bc:7b:a6:81:44:94:8d:9d:3c:00:
                    d1:47:71:c3:92:fc:af:00:41:32:b9:06:39:06:00:
                    5a:b6:35:6c:dd:74:19:22:7f:fe:93:63:fc:e4:56:
                    aa:a4:51:88:6c:13:39:22:0e:7c:62:1f:0c:71:be:
                    10:6b:7b:b3:bc:dc:69:79:0a:3c:1b:08:61:68:a7:
                    af:04:62:9c:33:71:ac:76:16:92:77:f2:7b:6f:db:
                    ba:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:29:F5:B5:FB:20:DF:03:54:32:04:0F:67:F1:A3:41:05:FC:89:E2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d3032da4-5151-4657-a5da-b1c523f005ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:32:13:68:ef:ed:99:44:45:dd:8a:c5:d5:d5:a4:aa:38:97:
         80:01:f3:1e:f5:2a:8c:24:c2:a7:d4:70:a4:7c:8a:3f:61:69:
         62:27:12:0d:20:01:65:c2:11:f5:f5:db:82:d8:21:7f:4f:4d:
         69:25:09:bc:1e:a6:2a:60:e7:2c:6b:45:9d:9f:8e:bf:85:71:
         3c:8f:6c:a8:3d:56:2a:26:50:09:be:96:22:f2:9b:a7:ec:90:
         cc:cf:92:78:9b:b7:55:b4:5c:c2:06:61:2b:08:3e:1b:d0:62:
         30:c5:31:7e:33:3b:7c:d4:39:99:21:73:da:a0:01:10:e2:1c:
         8e:e0:78:bb:23:fc:c4:5d:3c:e8:0d:33:e4:8d:eb:d1:b0:34:
         c5:d9:3f:01:92:f9:e5:3a:32:78:a6:ac:be:d7:d3:7c:06:6b:
         29:80:6e:5e:d8:4e:e4:c2:30:dc:02:36:52:7c:51:78:c3:5a:
         eb:4a:1b:dd:a5:78:a7:e1:f9:02:67:96:90:d1:f2:8b:37:8e:
         d1:96:db:11:22:d2:32:a1:5b:7d:64:c5:70:1f:05:68:1b:9e:
         10:84:95:d4:91:3f:bf:69:76:ea:35:a8:55:c1:26:5e:2d:51:
         9e:f2:8b:8d:0c:c1:fe:a9:91:0a:3c:f7:3b:b8:5e:3b:c3:e4:
         d2:2a:7e:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHyZ9q0M8z/jXny9Jk/ywze67bcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTgwMzUzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTQ0ZWEzYzhlNmMxZmMxMGI1ZWE2ZThkM2EyZWI3MWFi
N2Q1ZWE5MzZjNWE3YzUzYmRlMWIyNTI5OTZiOWJjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeOsf18usjps4LEOyccO70LqkKY/pwL6xupupzaWSVmnqZ
ZWVfhLUOjyawmsGeUhY3+urU11051qQv4qTDpKg+JbeArZBKBs5aqnFAf02t4ERX
Bsy1cM2XWYDcsgB6/FVnCHCazrz2gVAqQNOLSPg9QXJ/nGirtCuxyY5VLqIU+Mx7
0Xw1sJgTqJ9hNG4FSJdlvnSp8ofu7ZqtIcSBVpTL4xaPMKXogMaAvHumgUSUjZ08
ANFHccOS/K8AQTK5BjkGAFq2NWzddBkif/6TY/zkVqqkUYhsEzkiDnxiHwxxvhBr
e7O83Gl5CjwbCGFop68EYpwzcax2FpJ38ntv27obAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/yn1tfsg3wNUMgQPZ/GjQQX8ieIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QzMDMyZGE0LTUxNTEtNDY1Ny1hNWRhLWIxYzUyM2YwMDViYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESpbowDQYJKoZIhvcNAQELBQADggEBAIoyE2jv7ZlERd2KxdXVpKo4l4AB
8x71KowkwqfUcKR8ij9haWInEg0gAWXCEfX124LYIX9PTWklCbwepipg5yxrRZ2f
jr+FcTyPbKg9ViomUAm+liLym6fskMzPknibt1W0XMIGYSsIPhvQYjDFMX4zO3zU
OZkhc9qgARDiHI7geLsj/MRdPOgNM+SN69GwNMXZPwGS+eU6MnimrL7X03wGaymA
bl7YTuTCMNwCNlJ8UXjDWutKG92leKfh+QJnlpDR8os3jtGW2xEi0jKhW31kxXAf
BWgbnhCEldSRP79pduo1qFXBJl4tUZ7yi40Mwf6pkQo89zu4XjvD5NIqfps=
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:46:43 2025 by rpki-client