Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/065d3d73-6b2c-4433-833a-80acd47d40a7.roa
File:                     065d3d73-6b2c-4433-833a-80acd47d40a7.roa (raw, json)
Hash identifier:          zicbO8eUuPOueBL0GlIs5cmmStRC1cl5gywn98xZmAk=
Subject key identifier:   8D:3E:36:FA:79:0E:1F:9B:B0:D9:1E:09:E4:5D:C3:DF:D9:3A:FF:00
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       44A65DD1972BCC1EDCF12021BC45E59F36739413
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/065d3d73-6b2c-4433-833a-80acd47d40a7.roa
Signing time:             Fri 19 Sep 2025 00:39:14 +0000
ROA not before:           Fri 19 Sep 2025 00:39:14 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:a6:5d:d1:97:2b:cc:1e:dc:f1:20:21:bc:45:e5:9f:36:73:94:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 00:39:14 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=4fe94036fe9f4d5de63b900c5dde561a5745dc2deca6e1d3c3ef79f838b5506a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:23:9b:ad:47:9e:0f:16:8c:0e:3b:e1:f4:c9:
                    fa:05:68:5d:6e:d8:30:eb:b0:08:c7:46:8e:66:1f:
                    b6:9e:45:35:5c:98:e2:14:57:c8:27:d6:b4:2c:dd:
                    e4:66:ac:da:bd:1f:77:48:05:06:e4:8d:1f:c7:a6:
                    81:5b:e2:c3:45:6d:fd:c2:b2:df:0d:0b:80:14:c7:
                    2a:2d:68:0a:18:68:60:5c:8d:7f:16:73:1b:08:59:
                    61:52:9b:94:cc:f8:df:66:0f:93:85:c1:28:46:09:
                    27:8a:5a:1a:78:a3:d0:2a:7b:3a:f5:1a:55:0e:4f:
                    c5:35:5a:85:68:92:fe:b8:d1:81:31:53:df:61:2f:
                    fc:31:87:65:a3:e4:e0:af:bd:fb:ca:e5:19:65:b7:
                    82:14:1f:d9:29:da:a7:e0:ed:87:1e:86:65:79:f8:
                    00:6b:83:9e:39:7e:3c:6f:24:43:0c:11:04:e3:f0:
                    fa:be:81:07:ad:50:34:b5:0d:04:88:d8:db:8d:85:
                    2b:11:51:45:9c:a4:6b:cc:07:84:dd:3e:ea:88:d4:
                    bb:57:50:50:fe:50:21:bb:6b:58:69:91:1c:0a:03:
                    39:d0:35:54:98:c9:b1:b6:0c:31:04:cb:7a:eb:4b:
                    d6:12:d8:f0:df:c7:9b:83:6f:f2:80:aa:38:e1:10:
                    5e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:3E:36:FA:79:0E:1F:9B:B0:D9:1E:09:E4:5D:C3:DF:D9:3A:FF:00
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/065d3d73-6b2c-4433-833a-80acd47d40a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:cf:4b:70:b8:85:cc:8d:ec:d0:e3:80:38:ae:06:7d:d7:3e:
         55:69:91:45:57:87:9d:ff:04:38:65:c6:ec:a8:73:25:c8:c3:
         9b:4b:9b:cd:e1:5a:ac:58:6f:75:b8:c5:ca:f7:72:d6:38:d0:
         3c:5d:32:b9:2a:11:a3:ae:4a:b7:5e:12:82:70:5c:51:e3:f3:
         12:09:9a:30:97:96:c9:63:fc:5d:02:82:af:92:07:e8:a8:ac:
         b9:cb:45:d6:f8:69:7f:78:49:2d:e2:4d:da:46:97:63:fe:a0:
         c1:f8:82:ae:48:69:0c:31:c5:18:9a:92:2b:5e:8c:d3:75:0a:
         50:99:48:0b:4a:59:c8:69:c9:d9:db:ad:bd:07:53:8b:c9:87:
         67:59:f3:22:b8:18:7b:57:2a:b6:4a:1d:16:03:9f:37:c8:11:
         ac:52:32:21:99:f4:4d:a2:a1:c5:15:5f:c1:39:cc:18:53:5e:
         ea:d9:93:c0:e0:33:90:00:99:3d:42:20:3a:52:f5:98:f1:64:
         94:d1:a3:2f:37:a0:99:2c:98:1b:66:11:60:3e:d8:cc:53:1d:
         87:59:b2:34:fc:d7:d6:a6:91:d0:4a:e3:8b:4f:64:f1:83:95:
         e0:2e:07:90:45:60:d6:02:97:ec:4b:48:60:5f:03:71:ad:f9:
         fc:c7:81:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURKZd0ZcrzB7c8SAhvEXlnzZzlBMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE5MDAzOTE0WhcNMjUxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmU5NDAzNmZlOWY0ZDVkZTYzYjkwMGM1ZGRlNTYxYTU3
NDVkYzJkZWNhNmUxZDNjM2VmNzlmODM4YjU1MDZhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfI5utR54PFowOO+H0yfoFaF1u2DDrsAjHRo5mH7aeRTVc
mOIUV8gn1rQs3eRmrNq9H3dIBQbkjR/HpoFb4sNFbf3Cst8NC4AUxyotaAoYaGBc
jX8WcxsIWWFSm5TM+N9mD5OFwShGCSeKWhp4o9Aqezr1GlUOT8U1WoVokv640YEx
U99hL/wxh2Wj5OCvvfvK5Rllt4IUH9kp2qfg7YcehmV5+ABrg545fjxvJEMMEQTj
8Pq+gQetUDS1DQSI2NuNhSsRUUWcpGvMB4TdPuqI1LtXUFD+UCG7a1hpkRwKAznQ
NVSYybG2DDEEy3rrS9YS2PDfx5uDb/KAqjjhEF5jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjT42+nkOH5uw2R4J5F3D39k6/wAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA2NWQzZDczLTZiMmMtNDQzMy04MzNhLTgwYWNkNDdkNDBhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASRDwwDQYJKoZIhvcNAQELBQADggEBACrPS3C4hcyN7NDjgDiuBn3XPlVp
kUVXh53/BDhlxuyocyXIw5tLm83hWqxYb3W4xcr3ctY40DxdMrkqEaOuSrdeEoJw
XFHj8xIJmjCXlslj/F0Cgq+SB+iorLnLRdb4aX94SS3iTdpGl2P+oMH4gq5IaQwx
xRiakitejNN1ClCZSAtKWchpydnbrb0HU4vJh2dZ8yK4GHtXKrZKHRYDnzfIEaxS
MiGZ9E2iocUVX8E5zBhTXurZk8DgM5AAmT1CIDpS9ZjxZJTRoy83oJksmBtmEWA+
2MxTHYdZsjT819amkdBK44tPZPGDleAuB5BFYNYCl+xLSGBfA3Gt+fzHgQE=
-----END CERTIFICATE-----