Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/33ccdb72-7708-4328-89b4-22204c72c2b3.roa
File:                     33ccdb72-7708-4328-89b4-22204c72c2b3.roa (raw, json)
Hash identifier:          vbkiPBCKOxtglZHVCGAyYuBhAhK2XaXo28FWoLM9wxY=
Subject key identifier:   41:1D:71:D8:2D:EA:B8:D7:55:06:00:DE:7E:49:F0:AB:25:62:8D:C6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3EEE7CDD0C1524337C7DFD0CC8FC49624017056C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/33ccdb72-7708-4328-89b4-22204c72c2b3.roa
Signing time:             Mon 22 Sep 2025 18:45:20 +0000
ROA not before:           Mon 22 Sep 2025 18:45:20 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.160.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:ee:7c:dd:0c:15:24:33:7c:7d:fd:0c:c8:fc:49:62:40:17:05:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 18:45:20 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=692041ca6dac56b4e7ccfc6bd95229ed7ac7cf3fc0bea6e7b3ee2430885d45cf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:52:75:0c:cf:3c:61:9d:c1:43:0f:88:fa:d6:
                    4a:95:17:45:26:e8:10:40:6e:f4:26:ec:fa:be:a9:
                    ef:2d:4a:98:63:a3:67:c3:c9:79:87:92:84:9d:28:
                    b7:d7:bf:95:31:14:ae:9b:ec:7f:0e:f6:ef:03:e6:
                    ed:8e:98:46:ff:17:b2:fd:4e:c3:1f:a4:ce:9f:97:
                    9f:ec:23:4f:3c:4f:91:78:f4:76:37:34:1d:c8:cb:
                    03:3b:97:13:c7:1a:99:9e:6d:bd:50:20:df:d7:b2:
                    22:ba:28:8e:50:85:50:21:b7:4b:e8:bf:29:08:79:
                    00:a3:b0:0c:eb:cf:15:04:6e:f1:8c:80:b1:c6:72:
                    f6:59:d1:cb:18:19:d9:12:ae:a5:3b:be:d3:90:b8:
                    9c:c5:46:99:c2:96:c5:10:00:cf:84:89:b6:8a:a2:
                    61:c0:72:cb:48:89:7d:e0:39:51:31:f6:db:5b:6f:
                    25:78:98:24:9e:da:ad:8f:bb:aa:a9:3b:84:64:e5:
                    a8:da:da:be:f4:da:c2:9d:11:11:9b:7e:ff:c8:bd:
                    30:f6:35:d7:fd:25:06:12:30:2c:e7:66:a9:db:8c:
                    f9:29:42:ac:1d:3b:db:3d:54:0c:0e:79:94:b6:75:
                    99:eb:e3:8b:a1:11:47:e6:c8:c3:47:47:8e:15:ef:
                    d6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:1D:71:D8:2D:EA:B8:D7:55:06:00:DE:7E:49:F0:AB:25:62:8D:C6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/33ccdb72-7708-4328-89b4-22204c72c2b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.160.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:be:ac:44:11:68:47:58:57:85:c2:75:fb:98:08:25:d7:c4:
         34:08:16:f9:bb:d2:67:c6:64:a4:c8:53:99:2c:be:90:72:fd:
         1a:cc:56:06:71:0b:9a:eb:7b:8b:c3:3c:80:49:ee:a0:49:50:
         28:8a:06:68:94:1b:08:59:c2:26:a6:18:4a:44:ca:50:47:b8:
         39:b0:94:25:09:4d:8e:f6:c7:35:cb:6c:8a:81:db:07:8c:a9:
         93:03:bc:d1:69:84:ba:92:95:1f:a0:1b:1a:20:e4:1f:fb:d7:
         c5:1c:70:b3:24:cf:04:6e:6d:41:d7:84:3b:39:20:ba:2a:27:
         d5:42:bf:b7:43:6e:3b:8a:02:24:5e:7a:1b:7d:18:ef:a8:c7:
         df:cf:1c:8a:87:c4:f1:93:b5:a2:2e:16:33:c9:22:3a:5a:1b:
         da:aa:eb:52:0e:ac:eb:92:fa:e5:6b:d1:01:78:db:6a:82:50:
         c4:ca:31:a8:c6:df:00:d8:5d:4a:7b:4e:ab:20:5f:df:7f:d9:
         4e:27:fa:8d:ea:48:47:aa:a6:fe:e1:65:83:5a:2f:ff:e3:89:
         26:e3:31:b3:3b:dd:96:8f:b8:fb:a9:8e:ca:8d:7a:59:ed:eb:
         5e:72:27:fb:b6:8c:19:41:86:ee:f9:75:f4:50:e3:95:86:77:
         45:47:9f:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPu583QwVJDN8ff0MyPxJYkAXBWwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTg0NTIwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTIwNDFjYTZkYWM1NmI0ZTdjY2ZjNmJkOTUyMjllZDdh
YzdjZjNmYzBiZWE2ZTdiM2VlMjQzMDg4NWQ0NWNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaUnUMzzxhncFDD4j61kqVF0Um6BBAbvQm7Pq+qe8tSphj
o2fDyXmHkoSdKLfXv5UxFK6b7H8O9u8D5u2OmEb/F7L9TsMfpM6fl5/sI088T5F4
9HY3NB3IywM7lxPHGpmebb1QIN/XsiK6KI5QhVAht0vovykIeQCjsAzrzxUEbvGM
gLHGcvZZ0csYGdkSrqU7vtOQuJzFRpnClsUQAM+EibaKomHAcstIiX3gOVEx9ttb
byV4mCSe2q2Pu6qpO4Rk5aja2r702sKdERGbfv/IvTD2Ndf9JQYSMCznZqnbjPkp
QqwdO9s9VAwOeZS2dZnr44uhEUfmyMNHR44V79ZhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQR1x2C3quNdVBgDefknwqyVijcYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMzY2NkYjcyLTc3MDgtNDMyOC04OWI0LTIyMjA0YzcyYzJiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoJ4wDQYJKoZIhvcNAQELBQADggEBACK+rEQRaEdYV4XCdfuYCCXXxDQI
Fvm70mfGZKTIU5ksvpBy/RrMVgZxC5rre4vDPIBJ7qBJUCiKBmiUGwhZwiamGEpE
ylBHuDmwlCUJTY72xzXLbIqB2weMqZMDvNFphLqSlR+gGxog5B/718UccLMkzwRu
bUHXhDs5ILoqJ9VCv7dDbjuKAiReeht9GO+ox9/PHIqHxPGTtaIuFjPJIjpaG9qq
61IOrOuS+uVr0QF422qCUMTKMajG3wDYXUp7TqsgX99/2U4n+o3qSEeqpv7hZYNa
L//jiSbjMbM73ZaPuPupjsqNelnt615yJ/u2jBlBhu75dfRQ45WGd0VHn7c=
-----END CERTIFICATE-----