Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/295ec46e-e008-4de5-b36f-5db300734b48.roa
File:                     295ec46e-e008-4de5-b36f-5db300734b48.roa (raw, json)
Hash identifier:          XfRnq50rMPziOfB5U/Fxens3/SLYdFXFpoBiet9IDsw=
Subject key identifier:   4A:3F:97:CF:03:E8:70:A6:04:7B:00:4F:78:2C:AF:23:05:F5:FF:52
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5351B47DBC7893365C17E034DCD67B1C7F64DFC9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/295ec46e-e008-4de5-b36f-5db300734b48.roa
Signing time:             Mon 22 Sep 2025 17:27:41 +0000
ROA not before:           Mon 22 Sep 2025 17:27:41 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.155.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:51:b4:7d:bc:78:93:36:5c:17:e0:34:dc:d6:7b:1c:7f:64:df:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:27:41 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=6e16e6961798ef3701c856553d302f15034f56ec15a472afe6009bb889eed15e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:71:45:48:ba:7d:0b:d9:9e:36:6a:1e:ce:36:
                    59:40:d7:c4:29:1b:54:22:ae:91:95:15:ca:7a:d6:
                    45:a6:f2:10:1a:4b:c5:e7:70:dc:8f:dd:50:9a:8c:
                    c8:fe:b8:fe:df:d8:8c:53:cd:8c:f5:6f:71:26:5d:
                    b2:f8:c3:f5:7d:ba:64:08:c6:84:1a:92:94:3c:9b:
                    d9:3a:ba:0a:62:1e:76:be:19:61:12:4b:4f:d3:f4:
                    9f:d1:ec:79:0c:7f:5b:dd:b4:44:11:fa:9b:ec:35:
                    6f:85:04:68:80:56:96:ec:c5:3b:9f:24:e9:bd:e4:
                    25:25:69:38:15:3c:aa:c7:5d:10:62:37:eb:52:bf:
                    fe:c9:0c:16:85:6c:b3:af:50:5a:9b:7e:23:9b:4b:
                    60:44:31:64:17:be:10:8e:2c:4b:2f:08:20:5a:ad:
                    1e:68:61:ea:19:e9:01:a4:fd:18:eb:76:32:66:18:
                    28:fb:64:c7:74:cf:ed:4a:d5:41:b8:e7:7f:8c:b0:
                    ac:d4:5c:f2:9b:6f:d0:7c:bc:dd:47:c4:b7:e7:bf:
                    f0:ce:f0:fe:00:d7:f2:fb:2e:d7:07:30:ab:58:8e:
                    11:43:9c:e4:20:a8:01:6e:ad:8e:fd:88:b3:cb:8d:
                    53:0f:47:b3:82:85:97:dc:8d:eb:8b:32:88:4d:95:
                    cc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3F:97:CF:03:E8:70:A6:04:7B:00:4F:78:2C:AF:23:05:F5:FF:52
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/295ec46e-e008-4de5-b36f-5db300734b48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.155.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:e0:f3:7f:60:09:11:a8:69:dd:97:c6:81:d2:40:46:36:c9:
         45:68:b7:ab:24:a3:57:26:c4:81:6e:57:52:13:30:13:3d:b9:
         5b:08:25:ee:38:1b:6b:a2:80:c7:09:2a:7c:14:e8:1f:32:4e:
         19:78:7d:36:29:a5:10:9d:e8:c7:53:02:1f:2a:ea:f7:2c:48:
         12:9b:36:df:d6:b5:22:b5:a3:8d:c3:ca:d8:bd:40:da:2a:26:
         b8:a9:e2:46:0b:b8:03:95:cc:2f:3e:24:2d:62:09:24:bc:93:
         3f:c7:d6:bf:6c:7f:33:14:a0:f9:11:88:cc:2e:8d:63:81:fb:
         63:70:ce:d4:16:56:c6:fe:1e:94:75:5a:d6:75:87:68:5f:f4:
         26:df:d1:15:43:fd:d0:5f:69:74:6a:f6:12:7e:56:7a:be:8a:
         49:7f:91:be:a5:5e:dc:0e:1f:87:74:35:ee:e8:49:0a:00:75:
         0b:cd:5b:3d:e9:14:bf:b1:ac:fc:83:99:50:54:a3:67:2d:cb:
         4e:fe:d8:7f:c2:b0:1b:ad:e8:ce:64:35:02:86:a0:f0:1a:a6:
         23:ce:a8:6f:93:ce:d7:6a:88:64:e7:8b:ea:ff:32:01:1c:62:
         3d:6c:9a:31:9f:4c:6a:08:30:43:7e:38:ae:11:83:76:a4:d1:
         30:f9:35:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU1G0fbx4kzZcF+A03NZ7HH9k38kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTcyNzQxWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTE2ZTY5NjE3OThlZjM3MDFjODU2NTUzZDMwMmYxNTAz
NGY1NmVjMTVhNDcyYWZlNjAwOWJiODg5ZWVkMTVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVcUVIun0L2Z42ah7ONllA18QpG1QirpGVFcp61kWm8hAa
S8XncNyP3VCajMj+uP7f2IxTzYz1b3EmXbL4w/V9umQIxoQakpQ8m9k6ugpiHna+
GWESS0/T9J/R7HkMf1vdtEQR+pvsNW+FBGiAVpbsxTufJOm95CUlaTgVPKrHXRBi
N+tSv/7JDBaFbLOvUFqbfiObS2BEMWQXvhCOLEsvCCBarR5oYeoZ6QGk/RjrdjJm
GCj7ZMd0z+1K1UG453+MsKzUXPKbb9B8vN1HxLfnv/DO8P4A1/L7LtcHMKtYjhFD
nOQgqAFurY79iLPLjVMPR7OChZfcjeuLMohNlcxZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSj+XzwPocKYEewBPeCyvIwX1/1IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5NWVjNDZlLWUwMDgtNGRlNS1iMzZmLTVkYjMwMDczNGI0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASm6MwDQYJKoZIhvcNAQELBQADggEBALTg839gCRGoad2XxoHSQEY2yUVo
t6sko1cmxIFuV1ITMBM9uVsIJe44G2uigMcJKnwU6B8yThl4fTYppRCd6MdTAh8q
6vcsSBKbNt/WtSK1o43Dyti9QNoqJrip4kYLuAOVzC8+JC1iCSS8kz/H1r9sfzMU
oPkRiMwujWOB+2NwztQWVsb+HpR1WtZ1h2hf9Cbf0RVD/dBfaXRq9hJ+Vnq+ikl/
kb6lXtwOH4d0Ne7oSQoAdQvNWz3pFL+xrPyDmVBUo2cty07+2H/CsBut6M5kNQKG
oPAapiPOqG+TztdqiGTni+r/MgEcYj1smjGfTGoIMEN+OK4Rg3ak0TD5NYo=
-----END CERTIFICATE-----