Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/14e7eb95-6dbf-462f-92d0-bbd6f3e556f3.roa
File:                     14e7eb95-6dbf-462f-92d0-bbd6f3e556f3.roa (raw, json)
Hash identifier:          rc2qu4ZKpio9Xa3ngXqQjD0vewatBVgEIC7aNLH3gRo=
Subject key identifier:   F1:BA:9D:61:F6:42:50:C3:01:86:8D:E3:F7:76:F8:2E:AD:0A:A6:BF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2070E8F2D7B9E1F137BFA570748EDC1017CC8BAC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/14e7eb95-6dbf-462f-92d0-bbd6f3e556f3.roa
Signing time:             Mon 22 Sep 2025 18:51:33 +0000
ROA not before:           Mon 22 Sep 2025 18:51:33 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.160.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:70:e8:f2:d7:b9:e1:f1:37:bf:a5:70:74:8e:dc:10:17:cc:8b:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 18:51:33 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=2c029df20fb9671307dac869ffa7a1cf88eb5c63d8375186efca85d89d736f1c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f8:93:c0:85:dd:b1:ad:69:c3:86:82:f2:a0:
                    56:65:a3:9a:04:a0:5e:af:ce:b7:f0:5e:f0:18:7f:
                    a1:ac:fe:3c:5f:d6:cc:7c:5f:38:00:ae:1b:4c:58:
                    5d:e2:a6:39:d1:bc:bd:08:52:0e:02:5c:c0:79:57:
                    3d:ff:4b:77:d0:0d:6e:98:54:6b:13:fc:81:e0:8d:
                    23:db:c4:16:88:0e:92:de:2b:e2:6b:79:0a:c8:7d:
                    9f:6a:56:cd:8b:cb:25:c1:27:af:b9:9f:3c:39:3f:
                    ba:6c:9b:1a:d0:9a:e4:ef:69:a6:c7:9f:79:0c:ef:
                    b2:3b:c1:ce:a1:ba:e5:d7:23:b9:88:fb:b1:e9:5a:
                    f4:97:d7:47:e3:45:8e:77:f5:2a:10:db:82:83:dd:
                    2d:83:f7:71:52:32:68:31:fa:28:74:e0:8a:0e:86:
                    86:84:c5:f4:f0:36:6c:e5:1b:3a:1f:14:99:56:e6:
                    de:df:66:f9:91:d4:a1:05:51:cf:eb:f8:2c:2d:e5:
                    21:6d:28:16:85:84:26:24:4a:e1:b4:53:8a:99:aa:
                    ee:6a:08:09:78:a4:83:f0:98:73:33:a0:c7:75:5e:
                    28:d9:ee:aa:14:74:70:e3:d2:b0:be:83:04:12:d3:
                    f3:3d:38:d9:77:88:5e:aa:d6:76:18:04:5e:d5:0c:
                    f0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:BA:9D:61:F6:42:50:C3:01:86:8D:E3:F7:76:F8:2E:AD:0A:A6:BF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/14e7eb95-6dbf-462f-92d0-bbd6f3e556f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.160.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:91:77:48:d0:30:59:7e:da:8f:b6:a6:f9:63:71:65:81:14:
         57:d9:51:9d:1b:6a:83:16:bd:ed:df:6a:db:83:18:15:b9:50:
         1b:7a:9e:3d:0f:ff:e7:11:f9:af:14:3c:7e:96:ba:97:61:2c:
         f9:54:2f:ed:59:a4:b8:02:db:4d:20:83:7d:b3:05:8f:67:de:
         95:59:aa:7e:a5:fc:0a:97:03:ef:65:9e:11:5d:e9:f6:93:35:
         75:79:ae:af:48:5f:3d:22:5e:25:58:d8:98:cd:19:2a:81:9e:
         ff:c0:9b:8e:22:dd:33:bd:9c:d1:2c:8f:55:d6:98:bc:e6:89:
         91:aa:f4:35:64:70:1e:1e:82:15:c4:1d:55:e8:40:4c:cf:2e:
         f1:d9:0f:ac:69:b6:50:52:22:3d:2b:9e:78:9e:c5:6c:a0:fd:
         f9:e4:db:11:98:40:77:37:25:21:ab:e8:85:33:b1:0a:46:60:
         52:8a:21:bc:a9:51:7f:aa:80:2b:f6:aa:87:77:85:1c:ae:dc:
         36:6c:99:e1:77:f8:64:7c:55:8f:1b:01:7f:82:63:0c:e2:2a:
         c7:3b:7c:22:0e:5c:91:c4:c1:3c:f3:d7:f3:ca:ae:9f:05:9e:
         fb:f2:af:aa:88:8f:46:f8:cd:e2:76:d3:99:2e:53:a0:61:79:
         1b:dd:9f:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIHDo8te54fE3v6VwdI7cEBfMi6wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTg1MTMzWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzAyOWRmMjBmYjk2NzEzMDdkYWM4NjlmZmE3YTFjZjg4
ZWI1YzYzZDgzNzUxODZlZmNhODVkODlkNzM2ZjFjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw+JPAhd2xrWnDhoLyoFZlo5oEoF6vzrfwXvAYf6Gs/jxf
1sx8XzgArhtMWF3ipjnRvL0IUg4CXMB5Vz3/S3fQDW6YVGsT/IHgjSPbxBaIDpLe
K+JreQrIfZ9qVs2LyyXBJ6+5nzw5P7psmxrQmuTvaabHn3kM77I7wc6huuXXI7mI
+7HpWvSX10fjRY539SoQ24KD3S2D93FSMmgx+ih04IoOhoaExfTwNmzlGzofFJlW
5t7fZvmR1KEFUc/r+Cwt5SFtKBaFhCYkSuG0U4qZqu5qCAl4pIPwmHMzoMd1XijZ
7qoUdHDj0rC+gwQS0/M9ONl3iF6q1nYYBF7VDPDrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8bqdYfZCUMMBho3j93b4Lq0Kpr8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE0ZTdlYjk1LTZkYmYtNDYyZi05MmQwLWJiZDZmM2U1NTZmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoCIwDQYJKoZIhvcNAQELBQADggEBAC2Rd0jQMFl+2o+2pvljcWWBFFfZ
UZ0baoMWve3fatuDGBW5UBt6nj0P/+cR+a8UPH6WupdhLPlUL+1ZpLgC200gg32z
BY9n3pVZqn6l/AqXA+9lnhFd6faTNXV5rq9IXz0iXiVY2JjNGSqBnv/Am44i3TO9
nNEsj1XWmLzmiZGq9DVkcB4eghXEHVXoQEzPLvHZD6xptlBSIj0rnniexWyg/fnk
2xGYQHc3JSGr6IUzsQpGYFKKIbypUX+qgCv2qod3hRyu3DZsmeF3+GR8VY8bAX+C
YwziKsc7fCIOXJHEwTzz1/PKrp8Fnvvyr6qIj0b4zeJ205kuU6BheRvdn6M=
-----END CERTIFICATE-----