Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25074273-fedf-4b6a-849b-11c48d3f317e.roa
File:                     25074273-fedf-4b6a-849b-11c48d3f317e.roa (raw, json)
Hash identifier:          fUN61Qr5rutMSwxRWypeCnfV7R7Iq190lGTugKqieJs=
Subject key identifier:   BB:76:F5:7F:82:49:4F:DE:F9:71:29:70:A2:BC:04:42:23:EF:2C:BC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02B27354C29AD790AB9A9B11058D5671D74A87F4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25074273-fedf-4b6a-849b-11c48d3f317e.roa
Signing time:             Mon 22 Sep 2025 22:59:35 +0000
ROA not before:           Mon 22 Sep 2025 22:59:35 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:b2:73:54:c2:9a:d7:90:ab:9a:9b:11:05:8d:56:71:d7:4a:87:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:59:35 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=92090e4201e7658d989a5a594381f1060167b2fe0ab2ff7ffda7aad712435ac7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5f:16:7b:bc:dd:06:50:12:21:00:9c:a8:f1:
                    04:3f:7b:e0:3b:aa:6c:1a:89:f3:94:dc:23:1b:52:
                    9c:22:53:4a:24:77:57:94:d8:c3:d5:a4:ce:67:85:
                    54:78:1b:b2:2e:a8:e2:0c:f0:60:7b:a0:6f:00:02:
                    c5:9f:cd:e5:ce:5a:af:c4:86:10:d8:d7:69:98:64:
                    19:ff:32:5f:ad:7d:70:d2:f9:bc:44:ee:39:34:0f:
                    9d:a9:05:36:21:fd:7c:93:63:8d:83:21:c0:4f:bc:
                    9e:3a:20:a6:d6:46:ce:6b:19:cc:41:11:b6:8f:a6:
                    77:30:c7:ea:c9:79:6f:ea:19:6d:41:ec:3f:e3:21:
                    22:37:12:2c:18:99:16:f1:45:f3:53:39:31:b6:4b:
                    5e:f3:f5:87:b5:41:52:5e:2a:81:50:3a:3d:d4:44:
                    bd:38:e5:fc:ce:be:0b:d8:ed:ed:1c:0b:ea:8d:88:
                    2f:b4:4d:f7:d8:39:f1:0f:85:68:1f:de:26:00:6e:
                    22:5b:5f:13:f9:5e:88:32:2c:7c:9b:86:68:85:ae:
                    b6:39:04:88:9a:9d:11:61:05:74:05:b9:32:ae:8a:
                    d4:f4:f8:fb:f8:1c:97:3c:21:5e:86:42:77:82:53:
                    99:f0:db:6f:f7:a6:d8:03:e8:0d:61:38:96:48:3d:
                    28:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:76:F5:7F:82:49:4F:DE:F9:71:29:70:A2:BC:04:42:23:EF:2C:BC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25074273-fedf-4b6a-849b-11c48d3f317e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d3:30:1e:bd:d2:3d:bc:d0:df:b7:5f:96:b6:18:13:5d:81:
         15:48:f2:1c:e4:3a:9f:e6:9a:5b:35:5c:30:33:b4:63:72:0f:
         af:7f:3e:18:18:72:37:48:be:9f:c0:58:3d:19:fa:90:b1:8d:
         e8:b3:45:94:8d:87:6f:a4:0c:04:dc:f0:ab:d9:c9:1c:ef:e8:
         3f:fb:0c:13:e4:b8:82:e1:8f:68:69:5b:27:28:ca:3d:95:39:
         23:01:d9:ea:ad:c9:84:54:84:bb:4e:e3:54:83:f9:21:c5:53:
         6d:43:cd:4a:d4:82:5c:c3:a4:06:b5:38:f4:c2:27:04:4a:a8:
         b3:eb:92:82:65:4d:04:83:e8:db:40:b5:e5:92:7b:bf:89:25:
         7c:7c:82:d9:08:10:04:59:e3:a7:48:41:bf:66:50:1f:a5:5d:
         a5:04:7f:62:f9:b8:c9:86:41:b5:52:fe:7c:0e:d5:6d:97:f5:
         12:48:21:bb:a8:92:1f:1c:6b:93:1c:e8:42:87:b0:ab:7e:fa:
         8a:23:b8:49:96:c8:3c:e5:ec:68:58:8a:c9:cd:f0:30:a6:ed:
         f1:b6:87:55:7b:e9:0e:2c:8c:6e:57:f9:16:5b:a6:bd:f4:54:
         42:e1:f4:62:41:f8:09:82:67:5a:2d:18:91:61:e2:ff:37:30:
         93:15:cd:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUArJzVMKa15CrmpsRBY1WcddKh/QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjI1OTM1WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjA5MGU0MjAxZTc2NThkOTg5YTVhNTk0MzgxZjEwNjAx
NjdiMmZlMGFiMmZmN2ZmZGE3YWFkNzEyNDM1YWM3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeXxZ7vN0GUBIhAJyo8QQ/e+A7qmwaifOU3CMbUpwiU0ok
d1eU2MPVpM5nhVR4G7IuqOIM8GB7oG8AAsWfzeXOWq/EhhDY12mYZBn/Ml+tfXDS
+bxE7jk0D52pBTYh/XyTY42DIcBPvJ46IKbWRs5rGcxBEbaPpncwx+rJeW/qGW1B
7D/jISI3EiwYmRbxRfNTOTG2S17z9Ye1QVJeKoFQOj3URL045fzOvgvY7e0cC+qN
iC+0TffYOfEPhWgf3iYAbiJbXxP5XogyLHybhmiFrrY5BIianRFhBXQFuTKuitT0
+Pv4HJc8IV6GQneCU5nw22/3ptgD6A1hOJZIPSidAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu3b1f4JJT975cSlworwEQiPvLLwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI1MDc0MjczLWZlZGYtNGI2YS04NDliLTExYzQ4ZDNmMzE3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9S8wDQYJKoZIhvcNAQELBQADggEBAB3TMB690j280N+3X5a2GBNdgRVI
8hzkOp/mmls1XDAztGNyD69/PhgYcjdIvp/AWD0Z+pCxjeizRZSNh2+kDATc8KvZ
yRzv6D/7DBPkuILhj2hpWycoyj2VOSMB2eqtyYRUhLtO41SD+SHFU21DzUrUglzD
pAa1OPTCJwRKqLPrkoJlTQSD6NtAteWSe7+JJXx8gtkIEARZ46dIQb9mUB+lXaUE
f2L5uMmGQbVS/nwO1W2X9RJIIbuokh8ca5Mc6EKHsKt++oojuEmWyDzl7GhYisnN
8DCm7fG2h1V76Q4sjG5X+RZbpr30VELh9GJB+AmCZ1otGJFh4v83MJMVzUA=
-----END CERTIFICATE-----