Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e69c71d8-0048-4390-b619-68be6d45598f.roa
File:                     e69c71d8-0048-4390-b619-68be6d45598f.roa (raw, json)
Hash identifier:          9aGMnbocN9WjOQNOevdH0llSH9jMCnhR3Pt3bWY8fuE=
Subject key identifier:   CB:13:6D:E2:D9:B7:FF:50:44:E8:B6:F1:E7:A5:6D:44:E7:BE:DE:C2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21D5A2B796057F0FC9D4CDEEF97F1670EB75FD68
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e69c71d8-0048-4390-b619-68be6d45598f.roa
Signing time:             Sat 18 Oct 2025 15:51:32 +0000
ROA not before:           Sat 18 Oct 2025 15:51:32 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.224.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:d5:a2:b7:96:05:7f:0f:c9:d4:cd:ee:f9:7f:16:70:eb:75:fd:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 15:51:32 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=4831d9771a48e4ca54c212cb0e521ce865b164e71bb08425d3e6df5cdf2c8281, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f4:bc:61:89:39:3e:a2:60:b4:b0:ed:6c:ab:
                    32:b7:77:ce:3e:a8:e4:78:3e:d2:8d:09:fc:4f:00:
                    9c:2a:7c:d5:83:8a:36:9e:50:a8:0d:c5:7d:9a:60:
                    19:bb:da:a4:b4:a5:f4:54:8f:9c:93:8d:f2:98:df:
                    19:c4:81:03:53:4a:aa:6e:01:0f:e4:0d:73:28:d3:
                    dd:39:53:58:36:f4:9c:6c:ef:96:5f:04:33:37:ab:
                    cc:91:d9:5d:ee:33:23:d8:d2:57:c7:33:78:44:c0:
                    a2:79:b5:70:62:20:ae:d6:7f:6f:ad:04:e1:54:03:
                    98:d7:03:29:ff:13:a1:14:1d:33:15:2b:ff:59:a9:
                    d3:d4:79:29:e2:a9:f6:2f:3e:23:6c:a0:a3:ae:24:
                    9d:af:54:da:60:52:ae:cc:2c:51:da:01:15:b3:60:
                    84:0b:e2:3a:a6:78:ab:f6:5c:9f:7d:06:16:06:15:
                    f3:5a:1a:f9:02:54:c4:f2:82:1e:58:47:75:d5:3e:
                    7a:ea:e0:f2:43:16:c5:0d:51:c5:7a:1c:f0:4b:5c:
                    70:35:0a:07:0a:d7:f2:cc:03:ca:48:c3:40:cc:5a:
                    99:a9:f2:5f:96:13:0b:70:b3:c3:ed:24:8b:5b:8f:
                    cb:d1:d8:97:4c:60:6e:44:36:4b:b0:41:ac:62:5f:
                    30:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:13:6D:E2:D9:B7:FF:50:44:E8:B6:F1:E7:A5:6D:44:E7:BE:DE:C2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e69c71d8-0048-4390-b619-68be6d45598f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         75:6d:69:5a:dc:e5:f2:fa:97:6b:70:ce:ad:6d:36:b8:65:2a:
         96:e2:c9:05:db:a9:17:9e:a0:bb:c8:52:74:25:da:c9:e1:a6:
         59:f0:05:74:81:ac:fa:a0:e6:91:5f:d9:ef:5d:e8:39:fe:62:
         1b:f2:0d:22:23:16:70:53:55:0a:c0:5a:75:19:53:27:61:f2:
         04:b9:c1:32:b7:7d:8f:ad:52:00:bf:dc:a9:71:4e:c3:d6:7b:
         94:a7:ec:68:6d:64:ef:c7:f3:19:4e:a7:bc:07:c4:7f:b6:7e:
         8f:d5:d3:3f:eb:82:64:e5:45:d5:4c:76:6d:d4:53:f5:71:d5:
         e1:a5:23:01:fc:2f:e1:f1:21:33:9f:2d:fd:1c:b0:43:46:f4:
         6a:42:5d:c5:cb:9e:b8:be:69:26:64:3b:3e:93:62:90:36:90:
         c5:c3:92:1b:d3:00:db:77:60:3f:17:0f:03:c8:5a:8e:fa:1c:
         a6:ca:c1:5f:57:ff:84:42:f1:54:a2:cc:21:c6:b6:b0:2f:5f:
         44:9a:88:49:ce:23:fd:64:be:9f:04:1e:13:50:10:b5:d5:6f:
         01:d5:33:2d:7c:99:89:2a:4a:d0:e7:36:ab:87:94:df:13:fc:
         26:11:a0:69:cf:a2:f0:21:d5:90:23:92:96:75:f5:02:5f:b8:
         a6:d3:ef:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIdWit5YFfw/J1M3u+X8WcOt1/WgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTU1MTMyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODMxZDk3NzFhNDhlNGNhNTRjMjEyY2IwZTUyMWNlODY1
YjE2NGU3MWJiMDg0MjVkM2U2ZGY1Y2RmMmM4MjgxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/9LxhiTk+omC0sO1sqzK3d84+qOR4PtKNCfxPAJwqfNWD
ijaeUKgNxX2aYBm72qS0pfRUj5yTjfKY3xnEgQNTSqpuAQ/kDXMo0905U1g29Jxs
75ZfBDM3q8yR2V3uMyPY0lfHM3hEwKJ5tXBiIK7Wf2+tBOFUA5jXAyn/E6EUHTMV
K/9ZqdPUeSniqfYvPiNsoKOuJJ2vVNpgUq7MLFHaARWzYIQL4jqmeKv2XJ99BhYG
FfNaGvkCVMTygh5YR3XVPnrq4PJDFsUNUcV6HPBLXHA1CgcK1/LMA8pIw0DMWpmp
8l+WEwtws8PtJItbj8vR2JdMYG5ENkuwQaxiXzC1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyxNt4tm3/1BE6Lbx56VtROe+3sIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U2OWM3MWQ4LTAwNDgtNDM5MC1iNjE5LTY4YmU2ZDQ1NTk4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQS7+AwDQYJKoZIhvcNAQELBQADggEBAHVtaVrc5fL6l2twzq1tNrhlKpbi
yQXbqReeoLvIUnQl2snhplnwBXSBrPqg5pFf2e9d6Dn+YhvyDSIjFnBTVQrAWnUZ
Uydh8gS5wTK3fY+tUgC/3KlxTsPWe5Sn7GhtZO/H8xlOp7wHxH+2fo/V0z/rgmTl
RdVMdm3UU/Vx1eGlIwH8L+HxITOfLf0csENG9GpCXcXLnri+aSZkOz6TYpA2kMXD
khvTANt3YD8XDwPIWo76HKbKwV9X/4RC8VSizCHGtrAvX0SaiEnOI/1kvp8EHhNQ
ELXVbwHVMy18mYkqStDnNquHlN8T/CYRoGnPovAh1ZAjkpZ19QJfuKbT73o=
-----END CERTIFICATE-----