Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e372e746-e8f2-4789-b1a2-da48549dca59.roa
File:                     e372e746-e8f2-4789-b1a2-da48549dca59.roa (raw, json)
Hash identifier:          HWdHlWvXMSUGz8NePe0tB7JrQmqdlhcMHAZwc7axg6w=
Subject key identifier:   88:0E:3D:0F:ED:24:61:6B:45:79:A8:45:93:90:77:1A:2C:BD:EC:A6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       37ABD6B6799E0A459721E0C22C0EE0A059D091DB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e372e746-e8f2-4789-b1a2-da48549dca59.roa
Signing time:             Sat 18 Oct 2025 14:33:44 +0000
ROA not before:           Sat 18 Oct 2025 14:33:44 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.86.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ab:d6:b6:79:9e:0a:45:97:21:e0:c2:2c:0e:e0:a0:59:d0:91:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 14:33:44 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=e87faaefa8223c63d0c30867c3e4f0d16b40e989ed656517b91808325c5551e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f7:68:9a:f5:1a:dc:e3:be:ca:9c:03:fd:69:
                    d1:27:5a:47:a6:f9:00:81:e5:69:06:09:fb:e7:9c:
                    69:35:20:a2:58:ea:0c:11:d0:d3:4f:fa:7f:29:39:
                    24:4d:5a:5a:b4:a5:41:f2:a5:6f:33:19:b9:18:16:
                    69:36:50:af:45:88:a2:cf:ea:a3:96:2c:7c:23:7c:
                    01:55:7a:cb:b4:70:7d:1c:24:66:c3:f8:88:bb:8d:
                    cb:e9:8f:50:cb:95:38:11:64:0d:29:bc:07:ad:98:
                    86:52:d9:9e:2f:97:9e:ec:60:2a:2b:11:a0:8b:41:
                    41:d1:3a:ea:5e:dc:69:77:23:77:30:9f:f5:52:27:
                    3b:21:f8:99:dc:7d:4d:5e:19:76:31:ab:90:58:7e:
                    00:ac:c6:32:c5:16:9f:81:34:0b:7c:6f:b1:fa:ba:
                    57:7e:ce:4f:ed:0e:d9:fa:3d:43:49:8a:fa:e7:b8:
                    5e:f8:07:81:17:0c:41:e9:e7:e7:81:d4:c5:a6:11:
                    08:b3:9b:77:5a:a0:19:3e:5c:d2:33:91:1a:8f:94:
                    87:28:00:7e:5a:3d:81:37:74:c1:7b:0c:09:fa:f4:
                    87:f1:81:e7:f2:03:87:7c:ec:c8:fc:28:a1:2a:2c:
                    c2:02:d6:3e:3e:e2:25:fd:bf:49:c3:63:42:ad:ce:
                    74:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:0E:3D:0F:ED:24:61:6B:45:79:A8:45:93:90:77:1A:2C:BD:EC:A6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e372e746-e8f2-4789-b1a2-da48549dca59.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:27:43:12:62:b2:8c:4e:95:5c:ac:8b:44:cf:91:cb:b3:3a:
         48:73:98:c3:cd:32:31:64:df:98:03:76:46:ce:95:79:7f:dc:
         78:8f:85:68:06:88:ac:a0:4b:bc:ad:9f:9f:07:b1:a8:3f:09:
         26:13:aa:bc:b0:34:83:ea:e3:8d:03:04:d7:00:2b:d1:31:49:
         25:81:eb:e1:e5:3c:28:c3:3b:08:4d:50:7f:d7:f4:d7:b6:e1:
         c3:40:8c:1e:4f:49:d3:0c:47:11:e9:10:56:6a:89:c5:c3:84:
         43:87:8f:90:16:c7:4b:da:53:bb:17:12:1c:96:88:04:71:e7:
         03:36:5b:2c:7d:86:61:cf:1e:44:e1:52:3b:57:22:45:90:c8:
         ee:c4:55:13:91:06:7c:66:b5:d0:10:d3:76:0d:a4:06:7e:af:
         89:1e:86:43:c7:a5:84:28:52:9a:04:a6:68:c6:3e:3b:22:24:
         94:f1:70:3f:40:36:c6:16:e2:8d:de:0a:6e:78:d5:d9:84:90:
         31:27:52:80:76:fd:e1:92:b3:0a:ee:d3:16:18:d5:eb:97:17:
         c0:5d:26:50:f1:90:c8:4b:0e:20:c7:2a:1e:d8:77:1d:2c:92:
         cf:a9:6a:c3:ba:4e:f1:b9:b4:47:26:05:36:1d:b5:ff:78:20:
         e7:5a:c9:bc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN6vWtnmeCkWXIeDCLA7goFnQkdswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTQzMzQ0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlODdmYWFlZmE4MjIzYzYzZDBjMzA4NjdjM2U0ZjBkMTZi
NDBlOTg5ZWQ2NTY1MTdiOTE4MDgzMjVjNTU1MWU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC792ia9Rrc477KnAP9adEnWkem+QCB5WkGCfvnnGk1IKJY
6gwR0NNP+n8pOSRNWlq0pUHypW8zGbkYFmk2UK9FiKLP6qOWLHwjfAFVesu0cH0c
JGbD+Ii7jcvpj1DLlTgRZA0pvAetmIZS2Z4vl57sYCorEaCLQUHROupe3Gl3I3cw
n/VSJzsh+JncfU1eGXYxq5BYfgCsxjLFFp+BNAt8b7H6uld+zk/tDtn6PUNJivrn
uF74B4EXDEHp5+eB1MWmEQizm3daoBk+XNIzkRqPlIcoAH5aPYE3dMF7DAn69Ifx
gefyA4d87Mj8KKEqLMIC1j4+4iX9v0nDY0KtznTDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiA49D+0kYWtFeahFk5B3Giy97KYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UzNzJlNzQ2LWU4ZjItNDc4OS1iMWEyLWRhNDg1NDlkY2E1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAES7lYwDQYJKoZIhvcNAQELBQADggEBAEonQxJisoxOlVysi0TPkcuzOkhz
mMPNMjFk35gDdkbOlXl/3HiPhWgGiKygS7ytn58Hsag/CSYTqrywNIPq440DBNcA
K9ExSSWB6+HlPCjDOwhNUH/X9Ne24cNAjB5PSdMMRxHpEFZqicXDhEOHj5AWx0va
U7sXEhyWiARx5wM2Wyx9hmHPHkThUjtXIkWQyO7EVRORBnxmtdAQ03YNpAZ+r4ke
hkPHpYQoUpoEpmjGPjsiJJTxcD9ANsYW4o3eCm541dmEkDEnUoB2/eGSswru0xYY
1euXF8BdJlDxkMhLDiDHKh7Ydx0sks+pasO6TvG5tEcmBTYdtf94IOdaybw=
-----END CERTIFICATE-----