Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1919ea4e-14c4-4d39-8f6b-07cb860b40eb.roa
File:                     1919ea4e-14c4-4d39-8f6b-07cb860b40eb.roa (raw, json)
Hash identifier:          PDke1pUa7bf89JnDfGN/8BYOvZaoFMW9S9WhI2ZMYFY=
Subject key identifier:   A4:BF:D5:FB:41:19:F5:87:8F:78:D1:38:86:EE:BF:9A:38:D5:F7:4F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       115B144B0E495BC0C44CF5C56525D1DC501D4C38
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1919ea4e-14c4-4d39-8f6b-07cb860b40eb.roa
Signing time:             Mon 22 Sep 2025 19:36:48 +0000
ROA not before:           Mon 22 Sep 2025 19:36:48 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:5b:14:4b:0e:49:5b:c0:c4:4c:f5:c5:65:25:d1:dc:50:1d:4c:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 19:36:48 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=53efe176c7c509359c0f6431907cd4c84a755fa06b469a9621b69793e18ff9cd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4d:a6:15:45:ca:6a:fa:bd:7c:98:ef:93:b7:
                    20:e9:01:8e:44:d8:2a:52:37:21:34:10:a5:07:b5:
                    a7:b8:9a:2f:fd:dd:28:a1:96:d8:67:0d:7c:f6:af:
                    d2:87:98:7a:71:4a:1b:2c:96:c6:48:ce:e4:08:1b:
                    a4:41:8f:48:44:c5:d4:03:62:1f:cc:f6:33:67:4c:
                    98:15:50:e5:0a:91:80:37:a6:13:82:a6:a5:a7:91:
                    3d:d3:d0:52:9a:08:cc:11:8f:c9:b2:ed:02:4d:9f:
                    cc:37:da:0b:f8:07:71:b7:5a:4a:7c:ea:2c:c2:f9:
                    79:db:b0:f0:bc:fb:80:55:f7:36:49:a3:9f:08:b1:
                    d6:12:f0:65:70:ae:1e:19:30:48:d1:71:9a:90:29:
                    c1:d7:e3:77:d0:a9:58:7f:2e:de:17:c1:30:d5:bd:
                    3c:bf:71:96:f1:b1:02:85:de:1b:16:38:ba:b0:ca:
                    73:d7:7e:36:7e:58:d8:4a:85:2a:d0:e3:e3:d2:96:
                    f3:47:61:ad:89:63:85:1a:d2:e0:d5:2c:91:97:43:
                    bf:5d:b1:a1:6f:3b:53:46:eb:24:8b:15:49:d0:36:
                    c5:81:3d:1c:4c:94:a1:af:2e:7f:3d:02:cf:e2:db:
                    f3:cf:af:8a:65:d4:61:33:0f:dc:58:4d:c7:d9:18:
                    3d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:BF:D5:FB:41:19:F5:87:8F:78:D1:38:86:EE:BF:9A:38:D5:F7:4F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1919ea4e-14c4-4d39-8f6b-07cb860b40eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:1e:1f:85:7d:d7:7c:cb:b6:7f:4b:fb:d1:7c:bc:0a:35:bf:
         00:48:00:c9:55:41:2d:27:15:c6:57:b3:57:cc:38:04:b2:f2:
         15:10:bf:af:ea:b5:4b:c0:33:6c:7a:91:bd:7a:b3:f7:34:04:
         d6:4f:db:9f:58:91:9f:d5:7f:26:07:cf:04:b8:f6:5b:47:03:
         53:48:24:13:c1:0a:b8:73:7c:78:c1:51:d6:a0:9b:71:3d:62:
         52:cd:9d:a7:e9:32:5c:7f:65:6a:8e:c3:1e:96:47:f1:5f:23:
         9d:5d:e4:5a:78:b8:6c:8c:7d:0d:eb:0f:04:19:bb:bd:a8:10:
         26:7d:e6:84:c8:93:8e:be:14:fe:f3:7f:78:57:7f:e7:cb:ce:
         8f:0f:21:29:0c:5e:77:04:62:78:50:48:6e:d6:79:64:a7:a3:
         0b:be:9b:e3:f8:0e:88:ff:ba:88:e8:b0:c3:8b:64:49:6b:22:
         01:aa:5e:df:14:d6:80:9e:3f:ad:93:66:dd:6e:68:54:66:46:
         e6:f6:af:62:62:db:d9:06:1b:27:23:e5:0a:8e:d2:c0:e9:61:
         00:84:cf:ae:b3:a1:fe:3a:cb:bd:fb:1f:2a:ad:62:71:b3:af:
         44:df:18:60:c5:6d:09:c9:f1:98:a0:a6:01:cc:af:89:f6:95:
         ef:f1:71:b5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEVsUSw5JW8DETPXFZSXR3FAdTDgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTkzNjQ4WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2VmZTE3NmM3YzUwOTM1OWMwZjY0MzE5MDdjZDRjODRh
NzU1ZmEwNmI0NjlhOTYyMWI2OTc5M2UxOGZmOWNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpTaYVRcpq+r18mO+TtyDpAY5E2CpSNyE0EKUHtae4mi/9
3SihlthnDXz2r9KHmHpxShsslsZIzuQIG6RBj0hExdQDYh/M9jNnTJgVUOUKkYA3
phOCpqWnkT3T0FKaCMwRj8my7QJNn8w32gv4B3G3Wkp86izC+XnbsPC8+4BV9zZJ
o58IsdYS8GVwrh4ZMEjRcZqQKcHX43fQqVh/Lt4XwTDVvTy/cZbxsQKF3hsWOLqw
ynPXfjZ+WNhKhSrQ4+PSlvNHYa2JY4Ua0uDVLJGXQ79dsaFvO1NG6ySLFUnQNsWB
PRxMlKGvLn89As/i2/PPr4pl1GEzD9xYTcfZGD07AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpL/V+0EZ9YePeNE4hu6/mjjV908wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE5MTllYTRlLTE0YzQtNGQzOS04ZjZiLTA3Y2I4NjBiNDBlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpQ4wDQYJKoZIhvcNAQELBQADggEBABgeH4V913zLtn9L+9F8vAo1vwBI
AMlVQS0nFcZXs1fMOASy8hUQv6/qtUvAM2x6kb16s/c0BNZP259YkZ/VfyYHzwS4
9ltHA1NIJBPBCrhzfHjBUdagm3E9YlLNnafpMlx/ZWqOwx6WR/FfI51d5Fp4uGyM
fQ3rDwQZu72oECZ95oTIk46+FP7zf3hXf+fLzo8PISkMXncEYnhQSG7WeWSnowu+
m+P4Doj/uojosMOLZElrIgGqXt8U1oCeP62TZt1uaFRmRub2r2Ji29kGGycj5QqO
0sDpYQCEz66zof46y737HyqtYnGzr0TfGGDFbQnJ8ZigpgHMr4n2le/xcbU=
-----END CERTIFICATE-----