Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e6d54423-e257-46e6-bfcb-1db165ee9a87.roa
File:                     e6d54423-e257-46e6-bfcb-1db165ee9a87.roa (raw, json)
Hash identifier:          DlMq+tXpBye+8Zx1oMvckCd/pjqPf1kG1FJPRRIOctw=
Subject key identifier:   32:B6:31:80:77:D8:B7:BA:0F:24:F6:56:B8:EF:A5:3B:AA:03:71:03
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       489CACB60C6D80930C3810A615F4E09A2C7537E0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e6d54423-e257-46e6-bfcb-1db165ee9a87.roa
Signing time:             Sat 18 Oct 2025 06:23:17 +0000
ROA not before:           Sat 18 Oct 2025 06:23:17 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:9c:ac:b6:0c:6d:80:93:0c:38:10:a6:15:f4:e0:9a:2c:75:37:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 06:23:17 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=22af56459b481160f46e21a88822837eeb470b7b50d2b623b88037dd4d530abb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:51:cc:35:8d:1d:ae:53:ce:16:11:70:0b:74:
                    02:c7:d0:4b:19:fd:44:24:f9:c4:49:e5:64:41:a6:
                    93:1c:2e:cd:b1:76:af:cb:b7:18:0f:0c:0a:91:df:
                    6d:64:b2:0b:bb:ed:de:d3:24:0f:ec:82:e8:23:03:
                    49:be:dd:81:41:d3:35:8b:a6:ac:56:a7:7e:45:7e:
                    a2:2d:e8:41:4d:93:56:17:5d:1c:04:d0:6c:cc:d7:
                    2b:bb:66:76:2e:d6:07:a5:db:50:98:1c:63:5c:a7:
                    b5:5f:70:af:30:39:4e:37:f4:00:36:42:6a:d0:75:
                    41:8e:37:4c:8e:ca:99:cb:37:27:77:7d:47:a3:6e:
                    73:22:33:df:0d:38:0b:be:34:39:01:ff:91:f3:c8:
                    dc:f8:bc:36:81:a2:fe:a2:c5:a8:8c:5d:42:23:df:
                    8f:b7:12:56:7c:b2:02:99:21:53:48:61:cd:91:24:
                    c4:3c:57:fd:58:33:24:27:60:18:1d:99:74:c4:c9:
                    37:9c:fd:41:fb:c2:22:cb:13:8f:b1:ce:4b:0a:4d:
                    ad:ca:62:b8:6f:44:85:44:de:6a:2e:6b:83:0e:9e:
                    85:11:a7:dd:2a:9c:8b:c1:46:6d:cf:4e:33:74:80:
                    53:a0:45:e5:04:da:04:4a:1d:80:fe:fa:bc:46:d8:
                    3a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:B6:31:80:77:D8:B7:BA:0F:24:F6:56:B8:EF:A5:3B:AA:03:71:03
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e6d54423-e257-46e6-bfcb-1db165ee9a87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:0a:f2:59:1e:2f:fc:05:cb:e7:14:a3:50:20:a5:bb:c4:41:
         64:69:cb:01:a0:ed:ec:be:7c:85:17:0f:14:7d:61:49:da:b8:
         e3:45:69:55:22:80:6a:0b:00:8c:6a:30:0d:d6:3c:ef:df:c0:
         ef:46:67:62:12:17:7b:15:db:c4:be:48:bb:9d:2a:f2:a5:77:
         85:54:8f:04:61:9d:d5:f5:b6:14:6e:98:6d:99:ef:46:89:d0:
         a8:d1:cd:5f:97:bd:63:56:71:48:70:e6:55:1d:0a:2c:e7:b9:
         77:3a:11:10:3e:70:20:5c:e3:d0:eb:c8:d1:16:be:f1:fb:ff:
         16:c6:34:b4:93:3b:9e:d2:90:c0:0b:c5:63:94:0c:02:96:ef:
         ed:50:2c:0c:2e:90:ba:33:44:70:5d:bf:b4:e2:b2:37:bb:63:
         da:14:84:36:62:6a:86:16:27:7c:8c:77:b6:93:cb:ce:6e:b7:
         7d:73:aa:96:52:fc:2e:19:e2:6b:48:67:cb:32:87:26:de:98:
         4b:9c:fe:8c:72:e1:13:e3:cf:31:ce:00:7f:84:a8:26:2e:f3:
         a6:55:f9:32:7e:10:4c:8a:2d:3f:cf:bc:61:9b:be:e3:8f:7d:
         d6:7a:a2:c5:b8:c5:ed:6c:41:26:46:c4:a8:a9:00:96:8b:7b:
         50:85:53:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSJystgxtgJMMOBCmFfTgmix1N+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDYyMzE3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMmFmNTY0NTliNDgxMTYwZjQ2ZTIxYTg4ODIyODM3ZWVi
NDcwYjdiNTBkMmI2MjNiODgwMzdkZDRkNTMwYWJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9Ucw1jR2uU84WEXALdALH0EsZ/UQk+cRJ5WRBppMcLs2x
dq/LtxgPDAqR321ksgu77d7TJA/sgugjA0m+3YFB0zWLpqxWp35FfqIt6EFNk1YX
XRwE0GzM1yu7ZnYu1gel21CYHGNcp7VfcK8wOU439AA2QmrQdUGON0yOypnLNyd3
fUejbnMiM98NOAu+NDkB/5HzyNz4vDaBov6ixaiMXUIj34+3ElZ8sgKZIVNIYc2R
JMQ8V/1YMyQnYBgdmXTEyTec/UH7wiLLE4+xzksKTa3KYrhvRIVE3moua4MOnoUR
p90qnIvBRm3PTjN0gFOgReUE2gRKHYD++rxG2DojAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMrYxgHfYt7oPJPZWuO+lO6oDcQMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U2ZDU0NDIzLWUyNTctNDZlNi1iZmNiLTFkYjE2NWVlOWE4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESmiwwDQYJKoZIhvcNAQELBQADggEBADwK8lkeL/wFy+cUo1AgpbvEQWRp
ywGg7ey+fIUXDxR9YUnauONFaVUigGoLAIxqMA3WPO/fwO9GZ2ISF3sV28S+SLud
KvKld4VUjwRhndX1thRumG2Z70aJ0KjRzV+XvWNWcUhw5lUdCiznuXc6ERA+cCBc
49DryNEWvvH7/xbGNLSTO57SkMALxWOUDAKW7+1QLAwukLozRHBdv7Tisje7Y9oU
hDZiaoYWJ3yMd7aTy85ut31zqpZS/C4Z4mtIZ8syhybemEuc/oxy4RPjzzHOAH+E
qCYu86ZV+TJ+EEyKLT/PvGGbvuOPfdZ6osW4xe1sQSZGxKipAJaLe1CFUyI=
-----END CERTIFICATE-----