Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/056c132e-4148-44cc-b263-a445ceafabdd.roa
File:                     056c132e-4148-44cc-b263-a445ceafabdd.roa (raw, json)
Hash identifier:          9V/295Tfc+tFaWgmF2FfDe41hGl1ss+O/JubO9L4V3U=
Subject key identifier:   E5:63:B5:EB:84:2B:3B:B8:08:3D:7B:B1:04:0F:73:37:5F:BE:34:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       453A7FD20BFB62F19016E2E7B94BBEFD65BE9BD7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/056c132e-4148-44cc-b263-a445ceafabdd.roa
Signing time:             Tue 21 Oct 2025 04:42:21 +0000
ROA not before:           Tue 21 Oct 2025 04:42:21 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        18.253.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 31 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:3a:7f:d2:0b:fb:62:f1:90:16:e2:e7:b9:4b:be:fd:65:be:9b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 04:42:21 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=8b413d0dda9f37c2b64866f533c63c517fd842ba6dea672a8b9fda6cea357146, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:87:8d:8f:f4:4b:b4:2b:e1:73:18:63:52:d9:
                    cf:bb:02:41:36:8e:57:f8:39:9c:42:16:28:bf:f0:
                    c2:7d:dd:de:2c:10:1f:93:dd:b0:89:b2:33:0f:6f:
                    2a:7a:48:53:c5:fb:c7:5d:62:18:c4:7f:96:9d:5c:
                    c6:a3:55:9e:a5:86:6e:a2:ce:63:52:aa:3f:42:74:
                    79:3a:a8:a0:a9:a4:e0:14:53:e4:3d:a9:ec:d2:de:
                    1d:5e:ca:a0:c6:5d:cb:e4:ad:62:11:47:27:b0:ad:
                    73:80:88:58:5d:d1:22:2a:c1:c5:75:1f:35:6d:75:
                    d7:19:b9:31:53:93:c9:be:7c:3a:f7:2b:02:01:e5:
                    9b:3a:b9:6e:2b:d8:6f:82:4e:71:2d:49:fc:f0:4f:
                    66:ba:e3:1d:6d:68:5b:36:a0:48:d8:a3:38:61:5e:
                    87:d1:39:f2:83:ee:97:fd:cc:0d:31:2e:f0:b7:2c:
                    5f:12:d7:48:d8:05:21:3b:a0:f6:64:b9:2a:a9:81:
                    7d:3a:97:a0:f1:13:5a:42:84:4f:93:2e:c1:b2:19:
                    ea:ef:9c:42:db:f6:c5:a5:0c:53:71:87:ce:02:7c:
                    bf:fe:40:1a:eb:15:95:10:4d:98:99:89:1e:fd:9f:
                    40:5f:92:6d:59:0f:8c:96:c1:72:4e:6c:bb:96:5a:
                    76:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:63:B5:EB:84:2B:3B:B8:08:3D:7B:B1:04:0F:73:37:5F:BE:34:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/056c132e-4148-44cc-b263-a445ceafabdd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.253.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a8:f4:c2:77:7f:a9:3c:18:a8:70:56:52:dc:61:b2:18:1c:24:
         c7:82:fd:f7:f1:d1:f4:15:3b:b5:63:93:8c:f9:fe:74:c9:ed:
         49:a5:f2:38:72:92:0d:26:55:c8:3b:d7:1b:bd:f2:22:62:c7:
         7d:88:65:28:af:aa:22:7f:ac:4c:a7:03:76:d1:d4:58:e2:d7:
         e5:5a:34:88:73:75:d0:4f:9c:2f:83:cf:05:56:d0:66:3c:70:
         7d:94:a9:9d:63:42:23:5b:56:cc:8f:56:de:7f:3c:a0:bc:7c:
         70:f5:4d:b3:aa:8a:c4:09:74:20:4f:6e:ab:12:4c:7e:ea:ba:
         99:a9:2c:78:72:96:ae:26:ec:54:23:a5:1e:cf:85:77:4d:6d:
         94:d6:51:f6:4f:66:f6:73:ed:c2:c4:9c:07:b9:62:00:1e:ff:
         8a:04:c7:73:e1:b0:44:a3:80:07:0a:22:9e:53:4c:5c:1d:58:
         a5:84:fe:e9:79:d3:a3:6d:cd:3a:08:e7:21:b4:29:a0:f8:1a:
         cd:4b:91:b9:11:94:3a:f4:c5:c0:77:e0:46:e2:8a:7f:80:2f:
         74:af:fb:55:00:49:7d:61:36:a3:0f:06:49:a9:85:94:11:29:
         62:84:7a:57:76:29:ec:d9:dd:0e:97:82:8f:98:50:60:79:0c:
         fa:75:63:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURTp/0gv7YvGQFuLnuUu+/WW+m9cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDQ0MjIxWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjQxM2QwZGRhOWYzN2MyYjY0ODY2ZjUzM2M2M2M1MTdm
ZDg0MmJhNmRlYTY3MmE4YjlmZGE2Y2VhMzU3MTQ2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSh42P9Eu0K+FzGGNS2c+7AkE2jlf4OZxCFii/8MJ93d4s
EB+T3bCJsjMPbyp6SFPF+8ddYhjEf5adXMajVZ6lhm6izmNSqj9CdHk6qKCppOAU
U+Q9qezS3h1eyqDGXcvkrWIRRyewrXOAiFhd0SIqwcV1HzVtddcZuTFTk8m+fDr3
KwIB5Zs6uW4r2G+CTnEtSfzwT2a64x1taFs2oEjYozhhXofROfKD7pf9zA0xLvC3
LF8S10jYBSE7oPZkuSqpgX06l6DxE1pChE+TLsGyGervnELb9sWlDFNxh84CfL/+
QBrrFZUQTZiZiR79n0Bfkm1ZD4yWwXJObLuWWnbrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5WO164QrO7gIPXuxBA9zN1++NMUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA1NmMxMzJlLTQxNDgtNDRjYy1iMjYzLWE0NDVjZWFmYWJkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYS/UAwDQYJKoZIhvcNAQELBQADggEBAKj0wnd/qTwYqHBWUtxhshgcJMeC
/ffx0fQVO7Vjk4z5/nTJ7Uml8jhykg0mVcg71xu98iJix32IZSivqiJ/rEynA3bR
1Fji1+VaNIhzddBPnC+DzwVW0GY8cH2UqZ1jQiNbVsyPVt5/PKC8fHD1TbOqisQJ
dCBPbqsSTH7qupmpLHhylq4m7FQjpR7PhXdNbZTWUfZPZvZz7cLEnAe5YgAe/4oE
x3PhsESjgAcKIp5TTFwdWKWE/ul506NtzToI5yG0KaD4Gs1LkbkRlDr0xcB34Ebi
in+AL3Sv+1UASX1hNqMPBkmphZQRKWKEeld2KezZ3Q6Xgo+YUGB5DPp1Y3o=
-----END CERTIFICATE-----