Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcd62ae6-4572-4af3-af16-d5f3da1866b0.roa
File:                     fcd62ae6-4572-4af3-af16-d5f3da1866b0.roa (raw, json)
Hash identifier:          Y++C9COgnmtaL+Jzdyg/1zJVsmZ4rmmrz7mDXO/vEh4=
Subject key identifier:   DC:9F:62:E2:CD:16:2A:DB:6C:45:31:7C:B9:77:33:24:9B:FC:1C:4A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3C96C2F08A81407AE608C38778D8603D0A96402B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcd62ae6-4572-4af3-af16-d5f3da1866b0.roa
Signing time:             Sat 18 Oct 2025 08:33:47 +0000
ROA not before:           Sat 18 Oct 2025 08:33:47 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:96:c2:f0:8a:81:40:7a:e6:08:c3:87:78:d8:60:3d:0a:96:40:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 08:33:47 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=9d3e6d213d466733702d79aaf84ee61e07369589d84a94c01290322ead3b0892, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2c:fb:b5:93:52:ce:0c:66:30:18:7b:a4:a0:
                    4a:32:0c:d2:e3:fe:10:f0:6d:12:30:d5:83:69:9e:
                    fb:e8:6c:b4:e9:87:b1:f4:47:90:77:09:d9:f0:9a:
                    d2:f1:a1:74:fe:45:47:c3:81:5d:a4:2a:00:b6:34:
                    0b:ad:8c:52:7b:ba:0e:cd:b1:df:e5:9d:61:6b:27:
                    5a:0b:ac:f0:88:b3:16:2b:7b:63:a4:5c:e5:ba:f7:
                    85:8c:a6:fd:e7:a0:bc:b7:f9:ad:5a:70:34:c7:84:
                    05:1f:39:46:77:56:54:a3:e3:a6:4a:10:eb:98:4b:
                    23:3c:06:73:ce:fa:03:7e:22:c9:b0:83:22:9a:94:
                    16:b3:16:fd:e2:4f:7e:40:9d:56:ca:9b:a1:9b:de:
                    17:17:53:8b:18:8b:0b:f7:9e:e2:62:a2:81:11:85:
                    3c:3a:4d:9f:2c:30:d2:56:1d:3a:b4:ca:bf:4e:97:
                    52:62:88:ee:76:e7:df:60:4f:aa:8d:53:a9:9f:07:
                    ce:49:27:9a:3b:4b:44:3c:ca:4a:2b:78:b6:b9:c8:
                    9c:e8:17:30:d0:f0:fb:fe:d8:e7:6a:8d:05:ae:61:
                    b4:47:45:0b:16:b8:e4:fd:3e:3d:19:e1:f9:01:34:
                    20:40:88:4b:20:b7:2b:61:75:98:58:d4:c9:be:f4:
                    16:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:9F:62:E2:CD:16:2A:DB:6C:45:31:7C:B9:77:33:24:9B:FC:1C:4A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcd62ae6-4572-4af3-af16-d5f3da1866b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:ca:da:2e:7e:13:49:f5:9f:52:80:73:c5:60:ad:d4:11:2a:
         ab:d8:ae:4c:b3:47:fa:9a:63:24:7b:24:9c:c8:25:e1:4f:75:
         30:96:12:96:ce:b5:7f:ee:ad:0d:46:1d:a0:25:8f:d7:2d:3e:
         48:fe:cc:7f:d4:8e:81:25:69:d4:dd:a9:a0:f3:10:71:87:bc:
         09:34:a9:7d:55:0a:79:c7:b2:9e:b5:43:2c:27:9c:d3:1c:14:
         c7:69:8a:02:5f:1e:20:9d:10:4b:db:c4:89:0e:26:8f:4e:2f:
         46:d6:77:d8:63:30:94:7e:37:12:09:c0:13:96:cb:18:f1:d0:
         6c:63:4b:0b:fe:fc:16:5a:97:19:70:b1:69:0e:97:76:bc:46:
         76:f3:77:fb:6f:de:89:e1:39:c6:2b:a4:c5:ca:e0:8b:c3:33:
         2a:97:60:74:3f:12:53:cb:4b:de:59:07:9a:5c:a8:f5:7c:91:
         6e:86:24:7d:7b:35:e3:cc:cb:43:9f:a3:2d:88:fd:f1:b5:35:
         45:37:aa:75:46:eb:89:87:6e:f7:66:a4:6b:65:7c:17:b5:11:
         20:f4:1f:23:27:97:e6:c3:68:f0:ec:dc:36:db:62:de:14:8b:
         c8:b9:15:d9:b2:85:43:b5:ab:a3:2f:e4:eb:ed:fb:79:61:71:
         cd:94:74:1c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPJbC8IqBQHrmCMOHeNhgPQqWQCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDgzMzQ3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDNlNmQyMTNkNDY2NzMzNzAyZDc5YWFmODRlZTYxZTA3
MzY5NTg5ZDg0YTk0YzAxMjkwMzIyZWFkM2IwODkyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcLPu1k1LODGYwGHukoEoyDNLj/hDwbRIw1YNpnvvobLTp
h7H0R5B3CdnwmtLxoXT+RUfDgV2kKgC2NAutjFJ7ug7Nsd/lnWFrJ1oLrPCIsxYr
e2OkXOW694WMpv3noLy3+a1acDTHhAUfOUZ3VlSj46ZKEOuYSyM8BnPO+gN+Ismw
gyKalBazFv3iT35AnVbKm6Gb3hcXU4sYiwv3nuJiooERhTw6TZ8sMNJWHTq0yr9O
l1JiiO52599gT6qNU6mfB85JJ5o7S0Q8ykoreLa5yJzoFzDQ8Pv+2OdqjQWuYbRH
RQsWuOT9Pj0Z4fkBNCBAiEsgtythdZhY1Mm+9BbRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3J9i4s0WKttsRTF8uXczJJv8HEowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZjZDYyYWU2LTQ1NzItNGFmMy1hZjE2LWQ1ZjNkYTE4NjZiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAES9CwwDQYJKoZIhvcNAQELBQADggEBAG/K2i5+E0n1n1KAc8VgrdQRKqvY
rkyzR/qaYyR7JJzIJeFPdTCWEpbOtX/urQ1GHaAlj9ctPkj+zH/UjoEladTdqaDz
EHGHvAk0qX1VCnnHsp61QywnnNMcFMdpigJfHiCdEEvbxIkOJo9OL0bWd9hjMJR+
NxIJwBOWyxjx0GxjSwv+/BZalxlwsWkOl3a8Rnbzd/tv3onhOcYrpMXK4IvDMyqX
YHQ/ElPLS95ZB5pcqPV8kW6GJH17NePMy0Ofoy2I/fG1NUU3qnVG64mHbvdmpGtl
fBe1ESD0HyMnl+bDaPDs3DbbYt4Ui8i5FdmyhUO1q6Mv5Ovt+3lhcc2UdBw=
-----END CERTIFICATE-----