Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30486881-3b0a-41c6-8de6-0f779dbf9a76.roa
File:                     30486881-3b0a-41c6-8de6-0f779dbf9a76.roa (raw, json)
Hash identifier:          aU0wzjbR4Vni3mSH+eOAdTmcG2qpvZBdYIv0bSjGdj0=
Subject key identifier:   0D:EE:8C:A0:A8:36:7C:67:EA:5A:53:EB:88:D1:7B:9E:E3:D0:54:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3BE5A6B55CD2C8862F65E0E24136DD6DA728429E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30486881-3b0a-41c6-8de6-0f779dbf9a76.roa
Signing time:             Mon 22 Sep 2025 20:32:10 +0000
ROA not before:           Mon 22 Sep 2025 20:32:10 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.172.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:e5:a6:b5:5c:d2:c8:86:2f:65:e0:e2:41:36:dd:6d:a7:28:42:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 20:32:10 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=855ab918b660a26e6dc45b95def2ff5290b25707a5b00bde7e3c2326a4a30bdb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5f:07:af:2e:cb:b9:1e:db:e8:fa:71:cb:9a:
                    98:f9:ae:8d:78:be:ba:d6:a5:c6:c6:32:45:51:5a:
                    ea:35:cb:71:3a:94:19:2f:14:fa:7c:9d:d3:e8:fb:
                    a2:9f:cb:76:03:3d:3d:77:6d:c2:92:65:2a:e6:36:
                    cb:f5:9e:ae:17:fd:bc:9d:f5:37:2d:45:d1:f6:cb:
                    7f:70:23:ab:f1:91:9b:6d:2d:d6:fa:7b:d0:80:50:
                    b2:31:d1:9f:8c:4c:ce:56:f6:84:08:a4:00:d8:38:
                    50:e4:31:ca:af:61:65:be:18:1c:db:86:e9:36:fc:
                    36:3e:58:28:f6:db:de:a3:75:70:0d:b4:c7:dd:91:
                    bb:3f:d4:37:a1:e5:d0:68:63:a9:c9:31:cd:45:9a:
                    2a:95:af:bd:fd:de:80:6d:c1:b2:07:53:25:01:86:
                    b4:44:e5:b3:46:2e:3f:c4:71:ee:53:3b:7a:65:06:
                    d0:c5:80:d0:1a:57:b4:89:0e:bf:05:43:5c:d5:01:
                    52:a9:f8:36:24:50:8b:f1:f0:31:fb:ac:84:ad:a6:
                    6a:4b:10:85:d4:ec:75:c8:55:11:a6:80:9b:49:fc:
                    1f:49:3b:51:c5:b3:03:4e:b3:5c:69:57:0f:8a:14:
                    06:bd:bb:b6:b8:81:69:e1:fc:81:10:8d:33:f8:4d:
                    59:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EE:8C:A0:A8:36:7C:67:EA:5A:53:EB:88:D1:7B:9E:E3:D0:54:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30486881-3b0a-41c6-8de6-0f779dbf9a76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.172.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:f1:b3:13:9d:c4:9d:c6:f6:53:c7:d3:69:e0:1f:c3:1e:88:
         7d:39:70:24:b1:d1:8d:2b:5f:bc:9c:e7:22:cf:b1:9d:61:39:
         a3:62:d3:44:1c:4f:ff:67:2c:48:dd:3c:72:4a:4b:b3:98:4b:
         20:6e:fd:e0:6d:28:38:03:65:ac:0e:81:0f:aa:7f:fc:6b:32:
         24:69:dd:81:1d:8e:b0:3f:ab:70:d6:c2:21:f9:f5:eb:95:b7:
         73:ae:68:c3:ae:44:45:15:b5:b2:22:6e:7d:fb:cc:79:6d:02:
         c2:b8:ae:02:a3:ea:94:3e:48:f6:08:a9:a3:24:ab:ab:0e:cc:
         66:ff:4b:19:44:dd:74:6d:f5:ed:4b:bc:f3:58:bb:c2:67:92:
         93:a3:61:8e:6c:f0:df:4d:35:d4:f9:77:92:97:6d:26:96:69:
         0e:5e:ff:dc:15:28:96:65:42:3c:48:e4:d6:85:69:d8:08:54:
         97:16:27:34:cb:d3:a1:d3:bf:09:31:70:30:77:f0:1b:6b:bc:
         4e:5d:e5:cf:84:b4:ea:40:b3:f6:f1:b6:25:c7:bc:3f:09:f4:
         e3:4a:51:8a:c8:56:50:ca:40:59:b3:59:16:21:e8:1d:4e:fa:
         02:a6:fb:65:e8:f3:b5:6c:bb:0e:8d:a7:23:57:28:04:5c:2b:
         05:a4:d6:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO+WmtVzSyIYvZeDiQTbdbacoQp4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjAzMjEwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTVhYjkxOGI2NjBhMjZlNmRjNDViOTVkZWYyZmY1Mjkw
YjI1NzA3YTViMDBiZGU3ZTNjMjMyNmE0YTMwYmRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9XwevLsu5Htvo+nHLmpj5ro14vrrWpcbGMkVRWuo1y3E6
lBkvFPp8ndPo+6Kfy3YDPT13bcKSZSrmNsv1nq4X/byd9TctRdH2y39wI6vxkZtt
Ldb6e9CAULIx0Z+MTM5W9oQIpADYOFDkMcqvYWW+GBzbhuk2/DY+WCj2296jdXAN
tMfdkbs/1Deh5dBoY6nJMc1FmiqVr7393oBtwbIHUyUBhrRE5bNGLj/Ece5TO3pl
BtDFgNAaV7SJDr8FQ1zVAVKp+DYkUIvx8DH7rIStpmpLEIXU7HXIVRGmgJtJ/B9J
O1HFswNOs1xpVw+KFAa9u7a4gWnh/IEQjTP4TVnrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDe6MoKg2fGfqWlPriNF7nuPQVKIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMwNDg2ODgxLTNiMGEtNDFjNi04ZGU2LTBmNzc5ZGJmOWE3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASrCEwDQYJKoZIhvcNAQELBQADggEBAA7xsxOdxJ3G9lPH02ngH8MeiH05
cCSx0Y0rX7yc5yLPsZ1hOaNi00QcT/9nLEjdPHJKS7OYSyBu/eBtKDgDZawOgQ+q
f/xrMiRp3YEdjrA/q3DWwiH59euVt3OuaMOuREUVtbIibn37zHltAsK4rgKj6pQ+
SPYIqaMkq6sOzGb/SxlE3XRt9e1LvPNYu8JnkpOjYY5s8N9NNdT5d5KXbSaWaQ5e
/9wVKJZlQjxI5NaFadgIVJcWJzTL06HTvwkxcDB38BtrvE5d5c+EtOpAs/bxtiXH
vD8J9ONKUYrIVlDKQFmzWRYh6B1O+gKm+2Xo87Vsuw6NpyNXKARcKwWk1t8=
-----END CERTIFICATE-----