Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df7c7a05-0345-4e20-8f68-f12bfc3b2947.roa
File:                     df7c7a05-0345-4e20-8f68-f12bfc3b2947.roa (raw, json)
Hash identifier:          FWYQXgcCLGHetDJIgUBvE7nQBt6CAYUrryEIvzQzh+0=
Subject key identifier:   AB:66:31:30:00:D1:65:B4:52:BE:5C:D2:18:D2:6F:43:03:4A:29:1C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21888F2122DF3FA25B2A36C51BB7431A4DECFA8F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df7c7a05-0345-4e20-8f68-f12bfc3b2947.roa
Signing time:             Sat 18 Oct 2025 21:20:09 +0000
ROA not before:           Sat 18 Oct 2025 21:20:09 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:88:8f:21:22:df:3f:a2:5b:2a:36:c5:1b:b7:43:1a:4d:ec:fa:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 21:20:09 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=56479b7dc2f094c80aae333474b20c2c7b086ee39027eef6066ed46078fb255e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:77:f8:13:a8:15:90:a1:7e:80:9b:00:15:9e:
                    69:01:73:09:1c:c7:e7:62:b3:e8:c9:6a:fd:7c:bb:
                    a0:44:f0:68:76:c2:93:24:95:f4:85:11:e6:08:41:
                    bb:dd:f7:ee:45:ff:2f:cb:d4:10:f8:4d:fb:2a:78:
                    e0:5e:d9:8c:53:74:84:20:59:da:e8:23:05:0f:04:
                    18:a1:08:f7:e9:08:d9:1d:57:92:54:1c:e5:6a:4a:
                    7f:75:df:a3:00:52:dd:1b:9f:60:6b:20:21:e5:20:
                    8b:e2:fc:6d:21:8f:8c:3b:c7:5d:b4:2a:c4:f6:1e:
                    ed:4f:d1:ad:3a:9c:87:9c:e8:bd:65:7d:4f:fc:07:
                    61:e0:13:d0:c1:05:ce:49:10:cc:60:25:7f:9d:a6:
                    06:3d:58:3c:a1:c3:ab:c1:2d:1c:cd:ba:4b:35:9d:
                    f6:19:d2:56:2d:60:5b:a7:47:6d:59:d9:0c:c4:9c:
                    8c:9e:c7:23:3d:0d:c1:7f:fc:26:a4:2e:48:d4:41:
                    bb:a8:73:65:8f:21:f5:e2:a7:6f:9b:5f:2b:50:55:
                    37:0b:fb:3c:5f:ac:24:7a:26:4f:d6:2a:6f:ed:1b:
                    9b:cf:02:a2:c7:bc:8f:1d:68:8f:e0:ad:42:98:79:
                    5f:e5:7e:51:91:01:6b:1a:dc:d8:7a:10:e6:00:4e:
                    3f:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:66:31:30:00:D1:65:B4:52:BE:5C:D2:18:D2:6F:43:03:4A:29:1C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/df7c7a05-0345-4e20-8f68-f12bfc3b2947.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         41:be:82:13:84:57:f8:13:5a:38:24:53:17:22:14:a2:18:d1:
         d3:13:76:b6:da:68:86:ff:18:2b:d7:dc:0e:1c:b7:d3:f1:44:
         89:59:c0:1b:e4:4c:58:36:3e:a6:46:cc:ba:ff:13:24:64:42:
         0d:7a:44:6c:b3:04:08:db:25:38:79:5e:6a:c0:5a:88:56:96:
         a7:8a:f3:0f:76:26:26:65:39:1b:29:57:cb:1e:b1:f6:eb:f3:
         10:2b:dd:de:7d:07:86:2e:f5:a0:2e:9a:c7:51:a7:08:5d:cd:
         96:74:7c:0a:70:28:d2:43:ca:00:14:c7:7a:e4:e2:44:91:e9:
         72:36:74:e0:d8:57:be:a6:6e:3e:2f:63:44:bf:36:d8:59:f8:
         60:49:a2:83:e8:81:f4:2b:66:a2:78:8f:79:31:7e:db:77:f3:
         ca:aa:6e:cf:80:3d:8b:70:10:05:69:59:1d:e1:0d:68:01:41:
         db:d7:44:56:a0:a8:ca:c3:11:35:e3:8e:1f:0d:5f:7c:48:88:
         09:38:53:b0:80:58:da:ae:9c:47:ea:3b:ca:d1:5f:10:92:94:
         31:06:04:00:64:f6:5f:80:81:8c:34:33:65:2b:6b:9e:5f:36:
         b3:95:c3:b3:af:ec:27:1b:8e:f8:8d:70:b0:74:66:85:9c:59:
         39:96:38:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIYiPISLfP6JbKjbFG7dDGk3s+o8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MjEyMDA5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjQ3OWI3ZGMyZjA5NGM4MGFhZTMzMzQ3NGIyMGMyYzdi
MDg2ZWUzOTAyN2VlZjYwNjZlZDQ2MDc4ZmIyNTVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYd/gTqBWQoX6AmwAVnmkBcwkcx+dis+jJav18u6BE8Gh2
wpMklfSFEeYIQbvd9+5F/y/L1BD4TfsqeOBe2YxTdIQgWdroIwUPBBihCPfpCNkd
V5JUHOVqSn9136MAUt0bn2BrICHlIIvi/G0hj4w7x120KsT2Hu1P0a06nIec6L1l
fU/8B2HgE9DBBc5JEMxgJX+dpgY9WDyhw6vBLRzNuks1nfYZ0lYtYFunR21Z2QzE
nIyexyM9DcF//CakLkjUQbuoc2WPIfXip2+bXytQVTcL+zxfrCR6Jk/WKm/tG5vP
AqLHvI8daI/grUKYeV/lflGRAWsa3Nh6EOYATj+LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq2YxMADRZbRSvlzSGNJvQwNKKRwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RmN2M3YTA1LTAzNDUtNGUyMC04ZjY4LWYxMmJmYzNiMjk0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMS7lAwDQYJKoZIhvcNAQELBQADggEBAEG+ghOEV/gTWjgkUxciFKIY0dMT
drbaaIb/GCvX3A4ct9PxRIlZwBvkTFg2PqZGzLr/EyRkQg16RGyzBAjbJTh5XmrA
WohWlqeK8w92JiZlORspV8sesfbr8xAr3d59B4Yu9aAumsdRpwhdzZZ0fApwKNJD
ygAUx3rk4kSR6XI2dODYV76mbj4vY0S/NthZ+GBJooPogfQrZqJ4j3kxftt388qq
bs+APYtwEAVpWR3hDWgBQdvXRFagqMrDETXjjh8NX3xIiAk4U7CAWNqunEfqO8rR
XxCSlDEGBABk9l+AgYw0M2Ura55fNrOVw7Ov7CcbjviNcLB0ZoWcWTmWOOM=
-----END CERTIFICATE-----