Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f85123-1842-4019-a911-205a8198cf0c.roa
File:                     09f85123-1842-4019-a911-205a8198cf0c.roa (raw, json)
Hash identifier:          BW5LVUyY/fHhTbssnR/jFWs7iCR6P6XzmxDokHSjBS4=
Subject key identifier:   1D:61:45:26:A9:4F:09:22:59:C7:8D:20:1C:C4:BE:0A:E7:F6:EC:52
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5C625EEEBB4F797F363EE284F75639D5293A3275
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f85123-1842-4019-a911-205a8198cf0c.roa
Signing time:             Wed 24 Sep 2025 21:52:11 +0000
ROA not before:           Wed 24 Sep 2025 21:52:11 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:62:5e:ee:bb:4f:79:7f:36:3e:e2:84:f7:56:39:d5:29:3a:32:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:52:11 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=d3a0f6fb69612e714ecdb4a89f50ccfac19532e7982ed5dd19501121d597f40a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1c:61:d1:68:f9:ac:ca:12:c6:e8:d9:9b:da:
                    c6:92:9c:ba:ef:12:78:6b:d3:df:57:6e:c4:52:2c:
                    e4:70:6e:d2:46:f9:3b:63:33:28:0f:a8:ef:81:c2:
                    60:9e:43:3b:ea:b5:a1:31:17:d4:5e:5a:52:a4:14:
                    59:da:50:49:bb:61:a4:8c:e5:53:81:dc:1f:7a:81:
                    ce:63:44:66:2d:20:f8:2a:3c:21:a8:90:88:64:db:
                    9b:00:99:e5:ba:79:90:55:53:2c:f8:6e:88:43:f3:
                    25:80:fb:dc:04:40:1a:c1:4a:6a:f2:ef:18:fd:9a:
                    ad:b5:e7:55:8b:df:1d:8d:ad:7f:b0:02:c3:05:d2:
                    f5:0c:82:46:52:ee:0d:b6:5d:b2:d4:9a:6c:fc:b1:
                    c9:3a:85:e6:7e:f4:dc:d7:ea:ba:82:f3:30:0a:6b:
                    89:71:da:2e:73:81:3a:c3:ae:a0:d5:51:6d:b1:6b:
                    ad:22:0c:b6:d1:81:c9:ea:d2:69:9b:42:73:01:d8:
                    59:d7:99:78:b6:18:61:4c:68:b8:0d:44:ce:41:73:
                    96:96:8c:73:a2:ad:79:e6:44:9d:ee:2e:5b:28:fe:
                    fd:2f:1e:a6:32:9b:7f:84:2f:70:d4:78:63:18:16:
                    d9:47:7a:b9:de:c8:e7:18:20:e9:3b:74:13:f6:7f:
                    60:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:61:45:26:A9:4F:09:22:59:C7:8D:20:1C:C4:BE:0A:E7:F6:EC:52
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f85123-1842-4019-a911-205a8198cf0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:52:c1:1c:cb:73:c3:2d:62:fb:a2:0f:28:83:2e:61:11:6d:
         a8:9a:3b:82:98:76:b1:40:52:e4:1e:f7:d0:be:b8:23:c1:43:
         e2:1f:d0:d1:f6:cb:73:8c:73:ae:86:4c:bc:be:fc:7c:cf:ae:
         73:15:34:b1:cb:35:c3:cd:47:d0:5a:76:36:e8:95:11:fa:2e:
         dd:59:b3:a7:1e:3d:c1:c9:0e:3f:19:63:0f:13:96:38:9d:b2:
         55:03:50:1e:c4:80:2c:19:63:01:1d:8a:9a:dc:c3:39:fa:2f:
         5c:cd:85:2c:11:df:06:d9:c6:80:09:67:a1:eb:fa:0a:a0:fe:
         7e:90:e3:13:dd:0e:86:1b:c5:98:27:28:01:69:63:e6:01:7f:
         1d:ae:b2:df:73:01:df:ef:79:91:ee:92:05:68:1d:30:97:1c:
         c9:cd:c6:8a:59:d6:5d:02:62:be:79:e2:0c:43:f3:ff:f1:fd:
         6c:63:a7:b9:40:b6:aa:e8:9e:e3:41:22:92:5e:df:47:6b:f7:
         56:00:20:85:90:4a:3d:60:a2:69:d1:c9:92:f5:b8:b8:5d:39:
         a5:ac:13:ba:68:ce:0b:5d:0b:83:56:b2:f8:6e:c5:82:a2:cd:
         26:cb:da:b8:2e:ac:cf:ac:c0:a8:ee:16:c3:8a:77:05:6d:ec:
         c7:52:24:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXGJe7rtPeX82PuKE91Y51Sk6MnUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjE1MjExWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkM2EwZjZmYjY5NjEyZTcxNGVjZGI0YTg5ZjUwY2NmYWMx
OTUzMmU3OTgyZWQ1ZGQxOTUwMTEyMWQ1OTdmNDBhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXHGHRaPmsyhLG6Nmb2saSnLrvEnhr099XbsRSLORwbtJG
+TtjMygPqO+BwmCeQzvqtaExF9ReWlKkFFnaUEm7YaSM5VOB3B96gc5jRGYtIPgq
PCGokIhk25sAmeW6eZBVUyz4bohD8yWA+9wEQBrBSmry7xj9mq2151WL3x2NrX+w
AsMF0vUMgkZS7g22XbLUmmz8sck6heZ+9NzX6rqC8zAKa4lx2i5zgTrDrqDVUW2x
a60iDLbRgcnq0mmbQnMB2FnXmXi2GGFMaLgNRM5Bc5aWjHOirXnmRJ3uLlso/v0v
HqYym3+EL3DUeGMYFtlHerneyOcYIOk7dBP2f2DNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHWFFJqlPCSJZx40gHMS+Cuf27FIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5Zjg1MTIzLTE4NDItNDAxOS1hOTExLTIwNWE4MTk4Y2YwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQi8wDQYJKoZIhvcNAQELBQADggEBAA5SwRzLc8MtYvuiDyiDLmERbaia
O4KYdrFAUuQe99C+uCPBQ+If0NH2y3OMc66GTLy+/HzPrnMVNLHLNcPNR9Badjbo
lRH6Lt1Zs6cePcHJDj8ZYw8TljidslUDUB7EgCwZYwEdiprcwzn6L1zNhSwR3wbZ
xoAJZ6Hr+gqg/n6Q4xPdDoYbxZgnKAFpY+YBfx2ust9zAd/veZHukgVoHTCXHMnN
xopZ1l0CYr554gxD8//x/Wxjp7lAtqronuNBIpJe30dr91YAIIWQSj1gomnRyZL1
uLhdOaWsE7pozgtdC4NWsvhuxYKizSbL2rgurM+swKjuFsOKdwVt7MdSJH0=
-----END CERTIFICATE-----