Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21f1341b-fddc-43c1-8a84-b98823accbc2.roa
File:                     21f1341b-fddc-43c1-8a84-b98823accbc2.roa (raw, json)
Hash identifier:          Jmb9dWY+J1RMWQXujwt980sqdjz67FATLtaTf71/8XE=
Subject key identifier:   8F:57:3E:E5:27:0C:88:5C:69:9A:AE:E3:10:C9:3C:92:35:01:49:96
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       19EE414C5232515924CA07A59BF5E3EE85328982
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21f1341b-fddc-43c1-8a84-b98823accbc2.roa
Signing time:             Mon 22 Sep 2025 23:28:20 +0000
ROA not before:           Mon 22 Sep 2025 23:28:20 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:ee:41:4c:52:32:51:59:24:ca:07:a5:9b:f5:e3:ee:85:32:89:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:28:20 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=72635f719ad5a11edb94d6b275bf7a88a3405b18f30b249d634a263012c4d3bc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8f:e2:b5:40:90:27:cd:af:c4:a6:4f:5b:ac:
                    6b:e6:6f:21:bc:94:d4:b3:aa:17:b4:43:4b:22:9f:
                    1b:65:8e:3e:71:62:f3:f6:2a:7c:58:04:84:de:28:
                    6d:d2:37:84:58:10:6d:ee:36:ba:fe:a1:93:cc:c0:
                    8e:7c:96:f2:5c:84:e6:7a:9d:69:7b:7f:7c:5e:3d:
                    b9:2e:65:59:a4:1d:cc:88:1e:a9:ff:a6:91:9f:cf:
                    b2:1e:a9:10:ff:4f:f3:df:d9:85:0a:3c:b1:af:cb:
                    d4:10:6d:9e:83:b0:39:bd:92:f8:a8:9b:6e:95:2c:
                    b4:b9:07:fe:60:8c:cb:9d:37:30:48:ef:ea:b6:0e:
                    70:88:44:8c:46:d2:3c:a0:8c:a2:f6:e5:de:e4:d4:
                    d1:3e:d8:67:a5:60:9c:d8:09:b0:d2:99:cd:2a:2c:
                    6e:e5:13:fd:50:60:d3:22:ba:c4:9f:eb:89:4a:b2:
                    6d:86:fc:03:2e:01:23:02:0e:a0:86:34:23:e1:0d:
                    f6:eb:94:e3:3c:ce:f0:a8:9b:74:b9:ce:be:c6:3e:
                    68:6f:bb:42:b3:04:2a:8b:fc:37:51:8e:f1:11:5e:
                    fe:23:89:de:2f:d3:6a:ff:32:24:e5:29:51:1a:62:
                    a9:68:96:2d:3f:ae:25:96:4c:06:b6:5e:6e:74:25:
                    f0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:57:3E:E5:27:0C:88:5C:69:9A:AE:E3:10:C9:3C:92:35:01:49:96
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21f1341b-fddc-43c1-8a84-b98823accbc2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:f9:ec:a3:f1:a9:1b:9b:ca:c0:a7:5f:99:2e:6c:74:3a:97:
         fd:0b:aa:21:5c:e4:66:a9:9d:f7:de:97:b4:ec:ce:85:e2:23:
         ba:f9:ff:06:70:1c:f1:f6:09:88:de:e9:d2:95:5c:ea:8e:18:
         b0:de:dc:63:85:ee:a7:96:b3:a2:c2:1c:87:5c:01:26:be:a5:
         d3:88:ca:5c:76:8f:79:26:62:95:d3:50:eb:12:e5:11:2f:e4:
         05:4f:3b:a3:5a:0b:8b:ba:de:04:57:4c:15:ec:c7:f6:f3:cf:
         59:69:2c:10:b6:0c:d9:2c:d6:50:d7:df:e1:80:e9:fa:d4:3f:
         b0:2d:42:1b:62:4a:a4:62:78:e0:ee:67:a5:16:44:f5:af:51:
         f3:5f:70:7c:74:78:a8:fc:25:ab:95:fe:1a:ea:fc:39:89:18:
         a0:7b:c9:5e:c5:0b:eb:57:e5:94:5f:e0:c4:e5:0b:e2:e5:dd:
         54:3d:bf:51:35:3a:4b:19:2d:63:dd:ab:76:24:b6:de:2f:6c:
         8f:37:10:7e:1a:00:7c:ae:6d:25:e8:36:5b:e0:35:45:6b:9e:
         7c:91:91:a3:aa:a7:40:0c:eb:e1:d6:58:1e:0c:c2:8c:00:ef:
         c0:e5:c7:ff:d8:df:70:7f:ee:2c:66:46:db:54:cf:ff:ee:46:
         08:1d:28:a8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGe5BTFIyUVkkygelm/Xj7oUyiYIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjMyODIwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjYzNWY3MTlhZDVhMTFlZGI5NGQ2YjI3NWJmN2E4OGEz
NDA1YjE4ZjMwYjI0OWQ2MzRhMjYzMDEyYzRkM2JjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyj+K1QJAnza/Epk9brGvmbyG8lNSzqhe0Q0sinxtljj5x
YvP2KnxYBITeKG3SN4RYEG3uNrr+oZPMwI58lvJchOZ6nWl7f3xePbkuZVmkHcyI
Hqn/ppGfz7IeqRD/T/Pf2YUKPLGvy9QQbZ6DsDm9kviom26VLLS5B/5gjMudNzBI
7+q2DnCIRIxG0jygjKL25d7k1NE+2GelYJzYCbDSmc0qLG7lE/1QYNMiusSf64lK
sm2G/AMuASMCDqCGNCPhDfbrlOM8zvCom3S5zr7GPmhvu0KzBCqL/DdRjvERXv4j
id4v02r/MiTlKVEaYqloli0/riWWTAa2Xm50JfARAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUj1c+5ScMiFxpmq7jEMk8kjUBSZYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIxZjEzNDFiLWZkZGMtNDNjMS04YTg0LWI5ODgyM2FjY2JjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMS9OAwDQYJKoZIhvcNAQELBQADggEBAEf57KPxqRubysCnX5kubHQ6l/0L
qiFc5Gapnffel7TszoXiI7r5/wZwHPH2CYje6dKVXOqOGLDe3GOF7qeWs6LCHIdc
ASa+pdOIylx2j3kmYpXTUOsS5REv5AVPO6NaC4u63gRXTBXsx/bzz1lpLBC2DNks
1lDX3+GA6frUP7AtQhtiSqRieODuZ6UWRPWvUfNfcHx0eKj8JauV/hrq/DmJGKB7
yV7FC+tX5ZRf4MTlC+Ll3VQ9v1E1OksZLWPdq3Yktt4vbI83EH4aAHyubSXoNlvg
NUVrnnyRkaOqp0AM6+HWWB4MwowA78Dlx//Y33B/7ixmRttUz//uRggdKKg=
-----END CERTIFICATE-----