Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3a87f928-7a74-460a-8849-d66ee81d25c8.roa
File:                     3a87f928-7a74-460a-8849-d66ee81d25c8.roa (raw, json)
Hash identifier:          FwQG8GtlEbKWwOutQq9U7mFeDz9B7LOktJPrks3lHYY=
Subject key identifier:   FC:29:01:87:8F:35:11:90:E9:30:77:B2:4A:65:8B:67:F0:38:AF:50
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       289B68B761B2B562A1024E824AB64924AEAB0E9E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3a87f928-7a74-460a-8849-d66ee81d25c8.roa
Signing time:             Mon 22 Sep 2025 21:31:19 +0000
ROA not before:           Mon 22 Sep 2025 21:31:19 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:9b:68:b7:61:b2:b5:62:a1:02:4e:82:4a:b6:49:24:ae:ab:0e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 21:31:19 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=3f7b36b4002e04bcd94f9ff6cca5a136be2b83acab858a2e1502bb78f6811fd1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:95:0c:e2:2d:59:20:c8:ae:73:68:51:5d:59:
                    2b:1f:33:a5:dd:3e:97:7a:79:08:2e:93:06:86:ce:
                    a8:e0:5d:f1:df:e4:15:5f:b7:23:5c:97:c5:87:cf:
                    7a:60:17:f3:78:7f:79:5b:dc:3b:4c:e4:97:f3:2b:
                    62:33:f4:18:a8:f3:c4:6c:63:7b:16:d9:17:96:70:
                    15:c1:14:f6:3f:ef:18:7c:f1:eb:52:6e:ae:ec:9a:
                    3e:41:95:f9:6c:9f:d5:96:cf:52:39:17:bd:eb:eb:
                    16:4d:cc:ae:9d:cf:dc:7f:cc:2f:6b:75:6a:3b:0c:
                    13:99:c2:5a:fc:92:bf:2a:5a:86:b1:55:48:67:d1:
                    27:5f:cd:3b:9c:90:0c:61:fa:2b:0a:75:a2:7f:bd:
                    14:57:9c:4e:e5:e7:e8:4f:00:42:81:c5:47:e5:7e:
                    6f:75:f9:35:5d:d7:fa:82:72:63:10:fe:83:7b:99:
                    e2:c5:f7:0b:b9:61:ec:5c:97:86:01:11:b3:48:09:
                    86:fb:32:43:b4:47:ed:b5:32:62:5a:be:1d:f3:cb:
                    08:77:32:d8:5e:ae:d3:5d:9b:68:6b:fb:f8:ab:55:
                    5b:a0:96:86:97:8b:5a:3a:2f:5a:67:7c:e2:75:db:
                    6b:0b:9d:4e:55:74:f5:12:21:91:52:12:37:18:db:
                    b8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:29:01:87:8F:35:11:90:E9:30:77:B2:4A:65:8B:67:F0:38:AF:50
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3a87f928-7a74-460a-8849-d66ee81d25c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:f8:7b:16:d5:0e:6f:47:7d:fd:6a:a3:d2:67:64:14:32:f4:
         20:9d:37:fa:ab:f6:e8:4e:d8:7f:f9:af:99:17:07:26:96:ab:
         59:b6:5e:92:05:f5:14:7f:84:5e:03:fc:08:ad:4b:fb:73:06:
         13:56:66:19:27:99:b4:27:b1:d6:3c:1b:3a:53:6c:23:96:17:
         6d:47:3c:d6:bc:76:b1:52:b2:2c:6d:90:d6:0b:33:5f:41:ec:
         5c:dd:da:14:49:1b:f5:a1:63:ee:9e:f2:30:57:b3:2e:e9:0b:
         5f:4e:9c:5f:c4:9c:28:58:9d:34:76:34:de:75:56:6c:62:11:
         15:d0:55:3a:0a:25:4a:19:bd:d9:bf:0b:7d:05:8f:e9:e0:80:
         6e:a3:cb:c5:37:36:56:52:b4:3c:1e:f5:c4:35:33:a2:dc:1c:
         f3:fd:6e:97:69:1a:d8:2b:ef:e4:a2:e2:cc:9b:a7:a6:5e:64:
         b0:ef:f4:ae:e3:d7:b8:3b:76:95:8f:d3:71:d5:df:db:09:ef:
         f9:32:3a:cc:72:d1:f7:8e:fe:e3:0b:c0:9c:e7:15:38:93:71:
         01:e1:75:7c:b6:f1:c8:4f:24:b6:da:ff:c2:19:99:2c:09:ca:
         65:02:1f:7a:50:bd:ad:88:47:24:77:b7:e4:d6:92:81:36:3f:
         ca:cd:70:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKJtot2GytWKhAk6CSrZJJK6rDp4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjEzMTE5WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjdiMzZiNDAwMmUwNGJjZDk0ZjlmZjZjY2E1YTEzNmJl
MmI4M2FjYWI4NThhMmUxNTAyYmI3OGY2ODExZmQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDelQziLVkgyK5zaFFdWSsfM6XdPpd6eQgukwaGzqjgXfHf
5BVftyNcl8WHz3pgF/N4f3lb3DtM5JfzK2Iz9Bio88RsY3sW2ReWcBXBFPY/7xh8
8etSbq7smj5Blflsn9WWz1I5F73r6xZNzK6dz9x/zC9rdWo7DBOZwlr8kr8qWoax
VUhn0SdfzTuckAxh+isKdaJ/vRRXnE7l5+hPAEKBxUflfm91+TVd1/qCcmMQ/oN7
meLF9wu5Yexcl4YBEbNICYb7MkO0R+21MmJavh3zywh3MthertNdm2hr+/irVVug
loaXi1o6L1pnfOJ122sLnU5VdPUSIZFSEjcY27gJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/CkBh481EZDpMHeySmWLZ/A4r1AwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhODdmOTI4LTdhNzQtNDYwYS04ODQ5LWQ2NmVlODFkMjVjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS7q4wDQYJKoZIhvcNAQELBQADggEBAK34exbVDm9Hff1qo9JnZBQy9CCd
N/qr9uhO2H/5r5kXByaWq1m2XpIF9RR/hF4D/AitS/tzBhNWZhknmbQnsdY8GzpT
bCOWF21HPNa8drFSsixtkNYLM19B7Fzd2hRJG/WhY+6e8jBXsy7pC19OnF/EnChY
nTR2NN51VmxiERXQVToKJUoZvdm/C30Fj+nggG6jy8U3NlZStDwe9cQ1M6LcHPP9
bpdpGtgr7+Si4sybp6ZeZLDv9K7j17g7dpWP03HV39sJ7/kyOsxy0feO/uMLwJzn
FTiTcQHhdXy28chPJLba/8IZmSwJymUCH3pQva2IRyR3t+TWkoE2P8rNcE8=
-----END CERTIFICATE-----