Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2816ba7-fcd3-43d0-80fe-3e5c80132c9c.roa
File:                     f2816ba7-fcd3-43d0-80fe-3e5c80132c9c.roa (raw, json)
Hash identifier:          GVnSfqoRxtdZw5hWtwwogEzm6XjO6QWvGFWBfIth9+Q=
Subject key identifier:   67:A4:CD:3E:1A:16:A4:CC:06:EC:A9:1C:90:46:0D:AD:82:ED:9C:03
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E984B1D4AA335E28529DDD6EB88F0FBAF481462
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2816ba7-fcd3-43d0-80fe-3e5c80132c9c.roa
Signing time:             Sat 18 Oct 2025 20:52:32 +0000
ROA not before:           Sat 18 Oct 2025 20:52:32 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:98:4b:1d:4a:a3:35:e2:85:29:dd:d6:eb:88:f0:fb:af:48:14:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 20:52:32 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=3be52869b1599a106a28dea89d34da022f9e4e1c644c1064d187036f5cf64c77, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a4:76:a7:bf:93:a4:75:71:e1:85:c9:5c:cc:
                    38:67:8c:d4:ba:9d:70:7f:17:8c:67:c0:66:a5:ff:
                    2a:cb:8e:71:c9:3a:26:26:96:63:bc:2b:95:4c:7c:
                    14:25:2f:9a:73:48:55:31:10:b5:9e:39:55:15:91:
                    77:f6:98:65:b9:80:f0:b6:31:fd:5e:92:eb:d6:4f:
                    39:10:67:84:8b:63:ec:81:74:32:77:63:9a:8a:fd:
                    db:35:c9:ac:f2:cd:d8:90:5b:9b:05:1e:b0:ff:8c:
                    8e:e2:b7:37:ad:47:fe:ff:d3:53:e4:d3:c6:81:ab:
                    16:38:03:7a:75:61:66:da:8e:6d:d4:78:5e:94:57:
                    a2:ec:74:a4:89:79:ca:96:9b:de:b0:f0:6f:cb:a2:
                    5e:28:f7:93:7c:1c:6b:b4:7c:c4:9d:00:bc:32:84:
                    16:3c:1b:2e:ef:35:aa:8d:a3:f1:72:13:46:ff:a5:
                    cc:a9:92:3a:37:4d:92:2d:54:71:77:52:a7:ec:fc:
                    4f:4b:24:e8:69:ea:45:f4:7d:4e:6d:0d:0a:77:48:
                    ca:12:c8:fa:d7:4a:6f:1a:e9:67:51:17:12:66:6f:
                    0c:bd:a7:61:c0:fe:b9:7c:4d:a7:7e:63:ae:7b:6a:
                    53:10:06:10:ea:15:ce:b3:8a:08:f1:a8:06:b6:e6:
                    b9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A4:CD:3E:1A:16:A4:CC:06:EC:A9:1C:90:46:0D:AD:82:ED:9C:03
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2816ba7-fcd3-43d0-80fe-3e5c80132c9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:bf:f0:fe:15:f6:1d:36:ed:80:a6:6c:e2:39:55:37:8d:ea:
         16:66:8e:4f:86:e7:57:6e:7b:df:29:e7:9c:cb:bc:0f:9c:7f:
         1f:5a:24:a8:ab:75:94:41:d5:fe:08:75:ae:2d:62:32:58:8f:
         e6:4e:41:70:cc:b5:8b:7f:7e:b7:47:21:c3:4b:54:40:2a:05:
         81:47:a2:ee:8c:90:71:e4:3f:7a:4c:e8:3e:4b:d9:f6:74:11:
         22:42:8e:f3:8f:a7:42:77:d1:45:d7:ca:65:a3:06:17:a5:8a:
         bb:9f:1d:b3:ec:ac:f0:a6:e5:3c:6f:6a:37:2f:dc:42:77:d8:
         b6:1f:92:c8:37:a2:15:65:f3:17:b2:c6:e6:55:ad:26:d0:38:
         ba:5e:ba:01:32:0c:e3:87:2c:3c:61:db:e5:35:50:9e:d2:53:
         b0:47:48:c1:23:9d:41:b7:13:8c:1c:9a:09:45:a7:19:af:5e:
         03:b0:90:de:03:fb:ed:41:62:cf:96:3f:51:09:64:2f:f6:8a:
         d2:8b:8d:1f:d1:01:01:31:f1:99:cc:fd:f6:fb:60:26:94:1a:
         dc:7a:10:13:45:fc:6e:8c:59:02:40:d5:5c:d3:2b:35:7c:92:
         1b:f4:91:d2:9e:48:cb:dc:24:a6:69:6e:37:84:f6:c6:fd:bf:
         b8:3f:6b:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXphLHUqjNeKFKd3W64jw+69IFGIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MjA1MjMyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmU1Mjg2OWIxNTk5YTEwNmEyOGRlYTg5ZDM0ZGEwMjJm
OWU0ZTFjNjQ0YzEwNjRkMTg3MDM2ZjVjZjY0Yzc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUpHanv5OkdXHhhclczDhnjNS6nXB/F4xnwGal/yrLjnHJ
OiYmlmO8K5VMfBQlL5pzSFUxELWeOVUVkXf2mGW5gPC2Mf1ekuvWTzkQZ4SLY+yB
dDJ3Y5qK/ds1yazyzdiQW5sFHrD/jI7itzetR/7/01Pk08aBqxY4A3p1YWbajm3U
eF6UV6LsdKSJecqWm96w8G/Lol4o95N8HGu0fMSdALwyhBY8Gy7vNaqNo/FyE0b/
pcypkjo3TZItVHF3Uqfs/E9LJOhp6kX0fU5tDQp3SMoSyPrXSm8a6WdRFxJmbwy9
p2HA/rl8Tad+Y657alMQBhDqFc6zigjxqAa25rmZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ6TNPhoWpMwG7KkckEYNrYLtnAMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyODE2YmE3LWZjZDMtNDNkMC04MGZlLTNlNWM4MDEzMmM5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESpWwwDQYJKoZIhvcNAQELBQADggEBAF2/8P4V9h027YCmbOI5VTeN6hZm
jk+G51due98p55zLvA+cfx9aJKirdZRB1f4Ida4tYjJYj+ZOQXDMtYt/frdHIcNL
VEAqBYFHou6MkHHkP3pM6D5L2fZ0ESJCjvOPp0J30UXXymWjBhelirufHbPsrPCm
5Txvajcv3EJ32LYfksg3ohVl8xeyxuZVrSbQOLpeugEyDOOHLDxh2+U1UJ7SU7BH
SMEjnUG3E4wcmglFpxmvXgOwkN4D++1BYs+WP1EJZC/2itKLjR/RAQEx8ZnM/fb7
YCaUGtx6EBNF/G6MWQJA1VzTKzV8khv0kdKeSMvcJKZpbjeE9sb9v7g/a+k=
-----END CERTIFICATE-----