Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3111e384-68a5-4ff4-8456-a6d70867d5eb.roa
File:                     3111e384-68a5-4ff4-8456-a6d70867d5eb.roa (raw, json)
Hash identifier:          L/hbNKY/QHNj6X7C35VF2eufUuytrY1nBWsrzAGKQ6Y=
Subject key identifier:   C3:2A:CA:A6:98:A4:EB:79:08:C0:62:4E:29:83:B8:84:9B:C9:A2:7C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10D87D319751978DB93D03B1DF7CE2E896A28C76
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3111e384-68a5-4ff4-8456-a6d70867d5eb.roa
Signing time:             Wed 24 Sep 2025 21:42:41 +0000
ROA not before:           Wed 24 Sep 2025 21:42:41 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:d8:7d:31:97:51:97:8d:b9:3d:03:b1:df:7c:e2:e8:96:a2:8c:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:42:41 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=d2440ddbfeb6da4fb5f8e9330400f4c2264fd5351ccdf8cf85b9ea023c87b7be, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:22:ee:d8:63:b4:d0:79:18:48:55:8b:2c:ad:
                    da:1f:51:cf:4c:9e:31:17:30:1c:a3:d8:06:2f:77:
                    56:4b:ba:df:85:e5:67:45:79:b9:a1:cf:1e:3f:94:
                    57:b4:53:a5:a5:07:c8:2f:4b:3b:e4:ce:59:1a:d4:
                    cd:5c:32:18:c5:99:eb:c0:d9:74:c6:f6:f7:ed:67:
                    2e:fa:2a:03:82:40:6b:eb:ec:fa:35:a9:58:26:8f:
                    84:0e:dd:c0:88:77:c4:3f:94:35:55:0c:57:f8:c0:
                    7f:8b:1f:0b:7d:e6:d8:04:e0:73:c6:9f:16:56:70:
                    50:bc:d5:4d:ea:bd:04:e7:3b:35:e4:2d:17:6c:eb:
                    36:d2:0a:da:44:23:7c:2f:fe:0f:94:6a:86:bc:a1:
                    33:5e:28:18:2e:fe:d2:e0:64:44:41:52:f8:ea:09:
                    ec:2e:42:06:1d:a6:19:90:ad:d2:0a:67:42:27:bd:
                    75:fd:f1:16:fb:ac:67:b3:35:66:c8:c7:f1:2a:6d:
                    d3:0b:69:0c:3e:1a:c2:f3:a1:37:eb:4a:e9:e8:5d:
                    04:4f:9d:b0:94:5e:fb:e0:72:6a:f3:89:b6:3d:e4:
                    9c:f3:97:19:71:c6:d8:be:89:f0:6d:bd:50:a5:fe:
                    4a:05:8a:71:e2:45:9d:eb:6e:83:5e:61:71:47:de:
                    a7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:2A:CA:A6:98:A4:EB:79:08:C0:62:4E:29:83:B8:84:9B:C9:A2:7C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3111e384-68a5-4ff4-8456-a6d70867d5eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:9c:9a:d4:18:96:b4:79:1a:0c:b6:0e:12:87:b1:c8:6e:a8:
         63:79:9e:fd:59:9d:6a:21:bf:75:23:94:e2:e4:a8:bd:d6:ca:
         9b:ad:8e:3a:bc:92:eb:20:b0:ba:e6:e6:bb:68:45:34:4a:5d:
         04:d4:cf:99:4f:31:b4:46:8f:1e:a4:b9:60:f2:75:18:32:e9:
         fb:f4:b1:48:95:aa:a6:fe:36:78:e7:b0:de:ea:10:1e:11:22:
         f8:55:f6:12:bc:92:46:2e:2e:83:f4:90:4a:81:46:6a:c6:cf:
         d0:f7:c3:aa:e0:8e:2d:af:ec:dd:49:68:35:39:82:3f:44:f6:
         89:04:a4:c1:77:9b:89:15:8a:28:7a:91:92:a6:91:c7:fd:06:
         f7:bc:e6:a2:df:40:f6:35:64:e1:26:e0:ac:52:be:05:72:eb:
         c8:c1:e8:ac:d7:f5:b5:e0:e1:1b:b5:a2:c9:6b:b6:d4:f0:18:
         a9:68:79:b3:6c:21:8f:56:df:d3:04:e8:78:98:16:6f:6f:b7:
         6e:cc:c8:72:03:7d:e7:80:e3:70:33:ee:6e:e0:53:43:47:a3:
         ce:b8:0e:3c:bc:dd:11:7d:c8:0b:45:b6:fb:ce:be:79:e0:e3:
         93:ef:62:b5:ac:4e:3b:51:22:10:24:51:df:dc:c7:50:3c:92:
         c1:e1:56:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUENh9MZdRl425PQOx33zi6JaijHYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjE0MjQxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjQ0MGRkYmZlYjZkYTRmYjVmOGU5MzMwNDAwZjRjMjI2
NGZkNTM1MWNjZGY4Y2Y4NWI5ZWEwMjNjODdiN2JlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUIu7YY7TQeRhIVYssrdofUc9MnjEXMByj2AYvd1ZLut+F
5WdFebmhzx4/lFe0U6WlB8gvSzvkzlka1M1cMhjFmevA2XTG9vftZy76KgOCQGvr
7Po1qVgmj4QO3cCId8Q/lDVVDFf4wH+LHwt95tgE4HPGnxZWcFC81U3qvQTnOzXk
LRds6zbSCtpEI3wv/g+Uaoa8oTNeKBgu/tLgZERBUvjqCewuQgYdphmQrdIKZ0In
vXX98Rb7rGezNWbIx/EqbdMLaQw+GsLzoTfrSunoXQRPnbCUXvvgcmrzibY95Jzz
lxlxxti+ifBtvVCl/koFinHiRZ3rboNeYXFH3qcNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwyrKppik63kIwGJOKYO4hJvJonwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMxMTFlMzg0LTY4YTUtNGZmNC04NDU2LWE2ZDcwODY3ZDVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQoUwDQYJKoZIhvcNAQELBQADggEBAAacmtQYlrR5Ggy2DhKHschuqGN5
nv1ZnWohv3UjlOLkqL3Wyputjjq8kusgsLrm5rtoRTRKXQTUz5lPMbRGjx6kuWDy
dRgy6fv0sUiVqqb+NnjnsN7qEB4RIvhV9hK8kkYuLoP0kEqBRmrGz9D3w6rgji2v
7N1JaDU5gj9E9okEpMF3m4kViih6kZKmkcf9Bve85qLfQPY1ZOEm4KxSvgVy68jB
6KzX9bXg4Ru1oslrttTwGKloebNsIY9W39ME6HiYFm9vt27MyHIDfeeA43Az7m7g
U0NHo864Djy83RF9yAtFtvvOvnng45PvYrWsTjtRIhAkUd/cx1A8ksHhVkg=
-----END CERTIFICATE-----