Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0eab2810-5027-4c7b-bb25-a6f30b1d584f.roa
File:                     0eab2810-5027-4c7b-bb25-a6f30b1d584f.roa (raw, json)
Hash identifier:          qn8sSuXoayuR9cKIcAOeVv5ALPoUzHXIItirrfqELnc=
Subject key identifier:   A0:D3:F9:4F:8A:9F:BD:06:09:AD:4C:7D:6F:D2:2A:33:4C:D5:6B:29
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       09C80032C47FFF6F5CF452A9E0E58E0F4B9F7C53
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0eab2810-5027-4c7b-bb25-a6f30b1d584f.roa
Signing time:             Mon 22 Sep 2025 19:17:10 +0000
ROA not before:           Mon 22 Sep 2025 19:17:10 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c8:00:32:c4:7f:ff:6f:5c:f4:52:a9:e0:e5:8e:0f:4b:9f:7c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 19:17:10 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=6111466e4177c0ac2f052ee74cd329d2b86dd7143adad93d9679125d62ba2bcd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b6:d9:0f:23:79:19:2e:07:10:58:36:e9:eb:
                    99:49:c2:88:75:6d:86:ae:c3:46:3e:12:8b:b4:2d:
                    f6:1e:55:80:40:6f:c0:47:41:b6:f1:7a:c6:cf:94:
                    78:21:0b:8d:c5:85:99:16:9e:36:bf:b4:be:b1:6b:
                    84:de:d2:69:78:38:31:95:49:98:f2:10:22:2a:7e:
                    8a:e5:b1:85:ab:0c:4e:5a:a7:ea:a9:e9:f5:aa:0e:
                    2f:77:65:2f:b3:1b:30:10:1e:9c:d3:43:da:32:25:
                    52:91:df:c3:2e:d8:10:fb:ec:a3:e0:04:37:a3:1d:
                    55:e7:60:1d:90:77:4f:68:15:4c:83:69:a0:29:99:
                    b1:8e:ed:94:17:7e:f5:e9:ca:75:6a:2a:95:af:9d:
                    4a:0b:b6:8e:63:52:ae:de:f7:c6:56:11:89:cd:ee:
                    fe:aa:35:87:9f:62:37:91:e6:24:54:68:2b:5e:4f:
                    7d:af:20:52:bf:19:40:ac:f4:81:52:98:ef:30:af:
                    b4:21:69:b9:36:7f:66:f9:21:b1:c3:73:d9:c3:6f:
                    9c:5d:fe:fb:3d:a5:25:36:2e:cf:7d:31:e1:a4:24:
                    1b:52:a9:44:db:24:48:5b:4f:9e:d7:eb:62:b8:7d:
                    8b:c2:60:40:0e:64:56:0c:cb:4c:56:f0:9c:62:a9:
                    25:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:D3:F9:4F:8A:9F:BD:06:09:AD:4C:7D:6F:D2:2A:33:4C:D5:6B:29
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0eab2810-5027-4c7b-bb25-a6f30b1d584f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:56:95:50:84:9b:fa:fa:a3:8f:ea:ad:b5:25:46:83:3e:a7:
         d4:92:c5:5f:e7:64:05:60:5e:39:ec:30:d3:ca:f8:50:f2:20:
         81:e7:19:04:53:d0:a7:1d:93:04:3b:05:07:1b:41:3c:fd:67:
         00:f0:b8:58:bc:35:e0:08:4f:14:08:cc:bb:69:5c:84:74:83:
         51:a9:12:3b:05:e5:86:1d:78:86:e3:36:72:ba:00:60:5e:5b:
         57:41:b4:38:83:bd:59:0c:0b:9b:6d:df:6e:e2:eb:c9:47:2c:
         c9:2e:d5:80:d3:3d:c2:b9:1a:d7:e9:0a:82:53:79:9f:cb:7c:
         a4:14:3a:f0:17:05:f0:71:8f:5d:0f:77:94:bf:78:75:e5:e2:
         54:87:b0:d8:6d:fa:2e:cf:6e:f7:b4:b7:5a:ca:f1:05:fe:f5:
         c3:97:6e:b7:8d:8c:29:c4:93:41:60:49:0a:63:11:bb:e4:a7:
         01:c0:47:fb:47:7b:bf:36:ec:4a:d8:b6:2c:36:85:17:e3:45:
         82:33:9d:b4:24:36:b4:d7:c1:41:55:e2:8a:db:0e:5f:42:0e:
         f2:0f:06:b8:01:c5:b7:11:13:db:ed:0b:12:58:a9:73:69:29:
         0a:b5:b0:24:01:22:f9:44:5a:83:b9:c9:c7:d5:93:fb:40:07:
         a7:d1:fc:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCcgAMsR//29c9FKp4OWOD0uffFMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTkxNzEwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTExNDY2ZTQxNzdjMGFjMmYwNTJlZTc0Y2QzMjlkMmI4
NmRkNzE0M2FkYWQ5M2Q5Njc5MTI1ZDYyYmEyYmNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfttkPI3kZLgcQWDbp65lJwoh1bYauw0Y+Eou0LfYeVYBA
b8BHQbbxesbPlHghC43FhZkWnja/tL6xa4Te0ml4ODGVSZjyECIqforlsYWrDE5a
p+qp6fWqDi93ZS+zGzAQHpzTQ9oyJVKR38Mu2BD77KPgBDejHVXnYB2Qd09oFUyD
aaApmbGO7ZQXfvXpynVqKpWvnUoLto5jUq7e98ZWEYnN7v6qNYefYjeR5iRUaCte
T32vIFK/GUCs9IFSmO8wr7Qhabk2f2b5IbHDc9nDb5xd/vs9pSU2Ls99MeGkJBtS
qUTbJEhbT57X62K4fYvCYEAOZFYMy0xW8JxiqSUZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoNP5T4qfvQYJrUx9b9IqM0zVaykwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlYWIyODEwLTUwMjctNGM3Yi1iYjI1LWE2ZjMwYjFkNTg0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpIQwDQYJKoZIhvcNAQELBQADggEBALJWlVCEm/r6o4/qrbUlRoM+p9SS
xV/nZAVgXjnsMNPK+FDyIIHnGQRT0KcdkwQ7BQcbQTz9ZwDwuFi8NeAITxQIzLtp
XIR0g1GpEjsF5YYdeIbjNnK6AGBeW1dBtDiDvVkMC5tt327i68lHLMku1YDTPcK5
GtfpCoJTeZ/LfKQUOvAXBfBxj10Pd5S/eHXl4lSHsNht+i7Pbve0t1rK8QX+9cOX
breNjCnEk0FgSQpjEbvkpwHAR/tHe7827ErYtiw2hRfjRYIznbQkNrTXwUFV4orb
Dl9CDvIPBrgBxbcRE9vtCxJYqXNpKQq1sCQBIvlEWoO5ycfVk/tAB6fR/BQ=
-----END CERTIFICATE-----