Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f86a8d09-0ea9-4b82-a3e5-8079edc97a55.roa
File:                     f86a8d09-0ea9-4b82-a3e5-8079edc97a55.roa (raw, json)
Hash identifier:          m3XWNrLuALsz9Gvys+xeD4bR2hZ8fhq/CkFKYN/hiEk=
Subject key identifier:   3B:C1:CE:B7:BC:DD:F3:B9:6B:6F:B5:F5:A0:1E:00:14:A4:FC:3A:AE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       58BDE6ECDACE3A9224D6456879766552D2CCCAD1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f86a8d09-0ea9-4b82-a3e5-8079edc97a55.roa
Signing time:             Sun 19 Oct 2025 17:52:30 +0000
ROA not before:           Sun 19 Oct 2025 17:52:30 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:bd:e6:ec:da:ce:3a:92:24:d6:45:68:79:76:65:52:d2:cc:ca:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 17:52:30 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=d9ea14de211bdd03a8e05cb4968eb3c852ccb53a5848dd8f44f20d1a98f7584d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8d:c7:e9:f0:57:b1:c1:5e:90:2b:36:dd:26:
                    53:3e:a6:13:80:dc:93:86:d0:f0:18:54:f3:81:d1:
                    d9:1f:00:b9:66:71:61:e8:c6:fc:f3:07:1e:30:2e:
                    17:03:fd:9f:0c:50:3c:db:fc:84:ac:ac:6f:73:43:
                    26:21:79:bb:e7:6d:94:0d:c1:28:c1:53:43:8a:8d:
                    ef:38:2e:16:73:3e:bb:e6:e0:ea:7e:b6:cf:c1:8c:
                    ec:1d:dc:cc:38:17:83:13:0b:5c:78:30:60:1a:86:
                    55:9f:57:8c:6a:9e:09:97:9c:f5:13:aa:48:53:2b:
                    6e:45:e1:b8:ec:a2:4a:6f:7c:e1:9b:ce:f3:b8:e9:
                    96:64:8a:53:54:83:45:1e:68:4d:48:2b:31:de:ef:
                    af:26:72:76:52:01:28:14:3e:9d:c3:76:a2:2c:6f:
                    c2:3c:47:e3:b7:9a:8d:a1:1d:44:12:e3:97:8e:db:
                    f6:36:6d:4a:cf:eb:56:96:78:98:3a:9b:2a:b1:e4:
                    62:73:6d:eb:3c:5b:63:38:f8:a4:7d:a5:8b:8b:62:
                    f6:c2:03:b8:32:1b:e9:fb:16:8f:2e:85:c9:65:cc:
                    e8:ae:89:f7:ec:ff:2b:53:ea:f0:f6:0a:36:e6:e2:
                    90:96:cb:7f:20:db:3c:2e:a6:87:72:bf:6f:cd:29:
                    c5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C1:CE:B7:BC:DD:F3:B9:6B:6F:B5:F5:A0:1E:00:14:A4:FC:3A:AE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f86a8d09-0ea9-4b82-a3e5-8079edc97a55.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:d4:04:95:df:d5:50:94:ef:b3:ba:d7:97:7d:5a:bc:e4:67:
         97:3a:af:12:50:cd:1c:2d:8e:0b:8a:fd:0c:1d:e7:b3:bb:bd:
         69:bf:24:31:71:5d:8e:57:80:f1:e8:cf:e1:85:93:5a:1b:ac:
         d5:e7:25:b7:14:fd:5d:22:d8:49:b5:9e:6b:9f:a2:c6:01:f0:
         69:5a:bd:6b:68:34:6b:70:be:1b:bf:d1:75:f9:74:4e:a3:36:
         54:2d:2e:cd:d0:d3:e9:f3:74:2f:c2:8c:72:b8:77:1e:af:45:
         6c:89:e5:da:34:d8:55:ac:cd:9e:1d:47:41:b2:cf:98:20:86:
         60:d5:3b:3e:cb:3a:49:28:f1:1e:65:b4:bb:f7:85:f6:38:14:
         f8:3c:4d:ab:7c:0b:74:96:48:80:36:05:d7:c9:a1:3c:4f:da:
         f2:ff:e0:be:2d:a7:0d:21:aa:ea:76:10:fd:5f:32:fb:ac:52:
         79:98:57:54:04:12:65:87:0e:e2:f5:cf:8b:22:e6:a4:74:3a:
         85:5c:69:4a:62:a2:97:fe:45:25:dc:bb:12:d2:82:ba:9b:7d:
         eb:ab:ae:28:77:17:c4:dd:9b:88:a9:47:74:c4:bd:6c:82:03:
         e9:17:c1:40:e8:26:2f:a3:40:91:b6:50:a2:00:20:fa:d3:1b:
         77:f5:9b:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWL3m7NrOOpIk1kVoeXZlUtLMytEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTc1MjMwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOWVhMTRkZTIxMWJkZDAzYThlMDVjYjQ5NjhlYjNjODUy
Y2NiNTNhNTg0OGRkOGY0NGYyMGQxYTk4Zjc1ODRkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNjcfp8FexwV6QKzbdJlM+phOA3JOG0PAYVPOB0dkfALlm
cWHoxvzzBx4wLhcD/Z8MUDzb/ISsrG9zQyYhebvnbZQNwSjBU0OKje84LhZzPrvm
4Op+ts/BjOwd3Mw4F4MTC1x4MGAahlWfV4xqngmXnPUTqkhTK25F4bjsokpvfOGb
zvO46ZZkilNUg0UeaE1IKzHe768mcnZSASgUPp3DdqIsb8I8R+O3mo2hHUQS45eO
2/Y2bUrP61aWeJg6myqx5GJzbes8W2M4+KR9pYuLYvbCA7gyG+n7Fo8uhcllzOiu
iffs/ytT6vD2Cjbm4pCWy38g2zwupodyv2/NKcX7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO8HOt7zd87lrb7X1oB4AFKT8Oq4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y4NmE4ZDA5LTBlYTktNGI4Mi1hM2U1LTgwNzllZGM5N2E1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQHgwDQYJKoZIhvcNAQELBQADggEBALPUBJXf1VCU77O615d9WrzkZ5c6
rxJQzRwtjguK/Qwd57O7vWm/JDFxXY5XgPHoz+GFk1obrNXnJbcU/V0i2Em1nmuf
osYB8GlavWtoNGtwvhu/0XX5dE6jNlQtLs3Q0+nzdC/CjHK4dx6vRWyJ5do02FWs
zZ4dR0Gyz5gghmDVOz7LOkko8R5ltLv3hfY4FPg8Tat8C3SWSIA2BdfJoTxP2vL/
4L4tpw0hqup2EP1fMvusUnmYV1QEEmWHDuL1z4si5qR0OoVcaUpiopf+RSXcuxLS
grqbfeurrih3F8Tdm4ipR3TEvWyCA+kXwUDoJi+jQJG2UKIAIPrTG3f1m6M=
-----END CERTIFICATE-----