Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa
File:                     f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa (raw, json)
Hash identifier:          Ft/7X2o35lw1JAVowCdcenf0SPCZiJluw7aOT4K1Cao=
Subject key identifier:   38:40:A5:65:93:C9:8E:04:1A:E3:03:53:89:B9:37:F8:5E:30:CC:2E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2DBB39C62769F804DD7909373B737F3E5BF92810
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa
Signing time:             Fri 26 Sep 2025 16:24:55 +0000
ROA not before:           Fri 26 Sep 2025 16:24:55 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.252.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:bb:39:c6:27:69:f8:04:dd:79:09:37:3b:73:7f:3e:5b:f9:28:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:24:55 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4f70e104b5707f98950441588bbe834b80dc92ad10e577923d438a183df00d67, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f4:9f:9c:6b:6c:0d:3e:73:0a:e3:eb:3a:0a:
                    53:12:a8:0d:75:63:8c:6d:79:fd:1e:d9:80:25:2b:
                    a2:f4:17:91:d7:25:e7:b7:50:7c:58:e4:32:35:3e:
                    93:0d:3c:6c:00:a7:09:16:94:a4:74:16:83:2e:12:
                    69:f0:60:33:99:5d:b7:be:08:2a:ab:6b:04:53:8f:
                    8d:60:a8:97:32:3a:eb:31:39:6c:c1:81:5f:bf:1c:
                    e5:88:bc:ac:58:41:f2:3a:55:b0:51:71:2b:6e:a7:
                    2d:ac:ce:31:07:aa:58:9c:9b:99:28:89:7f:b9:1a:
                    bb:5f:14:17:91:54:5e:74:ae:62:4f:3e:da:38:1e:
                    76:90:c0:c2:92:75:d4:7d:3d:82:d5:02:9f:cc:30:
                    0e:18:88:64:ca:2d:b6:ca:bf:25:50:cc:ad:02:30:
                    55:44:54:52:75:6c:25:44:16:51:32:6e:a8:75:f5:
                    d0:91:66:65:86:b9:00:5b:f0:59:59:1c:17:48:9e:
                    d3:f5:ab:71:b9:99:ba:b7:01:22:6d:89:04:1d:0b:
                    09:79:2e:95:89:20:6f:fd:62:3f:e5:0b:5f:d3:b0:
                    ca:ca:91:56:41:9d:97:a1:b2:3a:29:f4:74:0c:c1:
                    e3:40:3c:b8:e0:1a:ed:3f:dc:55:d1:4d:b8:aa:aa:
                    cf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:40:A5:65:93:C9:8E:04:1A:E3:03:53:89:B9:37:F8:5E:30:CC:2E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9a:16:37:d5:49:f3:07:bc:53:59:53:4f:1e:09:66:d2:02:3f:
         91:0f:77:45:a1:bf:e7:bd:2d:1b:aa:7c:22:a5:27:b1:25:23:
         cd:7e:10:ee:b7:da:8d:73:0b:52:83:e8:45:80:b0:81:14:9e:
         7a:46:b7:a3:fe:d7:6f:57:02:45:06:c2:76:a6:f8:3a:8e:17:
         11:0c:91:c5:ee:24:26:39:71:be:68:61:50:e6:7f:21:06:12:
         a7:3b:66:3e:d6:d5:d2:b0:01:64:df:9b:aa:73:a8:81:82:f1:
         c5:a2:82:a1:99:8b:5e:1e:04:7d:e0:dd:24:f7:0a:db:88:21:
         8d:e6:ab:06:87:e4:d1:94:4c:31:92:85:a5:ec:78:75:5f:26:
         85:10:ab:44:79:7c:90:e0:97:79:ae:55:0f:6a:68:16:87:88:
         fb:1e:32:af:89:bf:1b:b8:de:a3:7d:d3:6a:cc:a3:b4:3b:12:
         44:0e:38:db:e2:1c:5c:af:56:8d:19:57:3b:22:7c:78:b3:ef:
         eb:54:7e:06:65:01:2a:9d:0f:69:94:a0:bb:8d:31:d1:02:a3:
         bc:3f:27:09:94:64:9f:e8:d6:96:21:80:da:d6:90:ef:7e:85:
         93:48:6f:58:92:80:6f:76:46:cf:0f:c8:ee:ba:2d:e8:ec:80:
         49:49:f6:43
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULbs5xidp+ATdeQk3O3N/Plv5KBAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYyNDU1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjcwZTEwNGI1NzA3Zjk4OTUwNDQxNTg4YmJlODM0Yjgw
ZGM5MmFkMTBlNTc3OTIzZDQzOGExODNkZjAwZDY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN9J+ca2wNPnMK4+s6ClMSqA11Y4xtef0e2YAlK6L0F5HX
Jee3UHxY5DI1PpMNPGwApwkWlKR0FoMuEmnwYDOZXbe+CCqrawRTj41gqJcyOusx
OWzBgV+/HOWIvKxYQfI6VbBRcStupy2szjEHqlicm5koiX+5GrtfFBeRVF50rmJP
Pto4HnaQwMKSddR9PYLVAp/MMA4YiGTKLbbKvyVQzK0CMFVEVFJ1bCVEFlEybqh1
9dCRZmWGuQBb8FlZHBdIntP1q3G5mbq3ASJtiQQdCwl5LpWJIG/9Yj/lC1/TsMrK
kVZBnZehsjop9HQMweNAPLjgGu0/3FXRTbiqqs+TAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOEClZZPJjgQa4wNTibk3+F4wzC4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3Y2E3ZThlLTc5NjgtNGNkOC1iYjM0LThjMjEwNjJiNDBmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAS/DANBgkqhkiG9w0BAQsFAAOCAQEAmhY31UnzB7xTWVNPHglm0gI/kQ93
RaG/570tG6p8IqUnsSUjzX4Q7rfajXMLUoPoRYCwgRSeeka3o/7Xb1cCRQbCdqb4
Oo4XEQyRxe4kJjlxvmhhUOZ/IQYSpztmPtbV0rABZN+bqnOogYLxxaKCoZmLXh4E
feDdJPcK24ghjearBofk0ZRMMZKFpex4dV8mhRCrRHl8kOCXea5VD2poFoeI+x4y
r4m/G7jeo33TasyjtDsSRA442+IcXK9WjRlXOyJ8eLPv61R+BmUBKp0PaZSgu40x
0QKjvD8nCZRkn+jWliGA2taQ736Fk0hvWJKAb3ZGzw/I7rot6OyASUn2Qw==
-----END CERTIFICATE-----