Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e3b9cc9-4f4d-4b15-a94b-5e1954551cbc.roa
File:                     3e3b9cc9-4f4d-4b15-a94b-5e1954551cbc.roa (raw, json)
Hash identifier:          CyuldoDkkVO2+35dweGM5uclasjYe3ueAxsuekAPXxk=
Subject key identifier:   8E:AA:48:FE:02:D6:F6:9F:ED:BE:AD:D3:92:6F:02:BF:C0:C5:04:9B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       07036367B8DED667086792A583152171EC50D39D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e3b9cc9-4f4d-4b15-a94b-5e1954551cbc.roa
Signing time:             Mon 22 Sep 2025 18:16:05 +0000
ROA not before:           Mon 22 Sep 2025 18:16:05 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.160.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:03:63:67:b8:de:d6:67:08:67:92:a5:83:15:21:71:ec:50:d3:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 18:16:05 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=f25e6f35b3872ba00d244ed6c155fea819a6742980ad801dec9052a6cfff5f77, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:63:cd:d2:6b:61:53:84:02:44:31:c0:b7:96:
                    a7:27:ef:64:5b:d3:8c:3c:ab:ee:28:00:3e:d6:eb:
                    b8:18:32:ea:19:68:be:b3:9b:b9:14:63:97:5e:ad:
                    c3:ef:8a:5e:6c:a9:2b:cb:49:e6:49:ea:4c:a2:d0:
                    49:2a:ae:14:28:e5:f1:d7:3f:43:6a:0a:75:df:16:
                    b9:a6:8c:3c:e3:2e:42:25:9a:82:71:2c:9b:78:2c:
                    59:c9:9a:0b:19:84:27:60:1b:aa:32:3a:ba:46:8b:
                    a4:d6:4e:a7:dd:e4:72:69:94:0d:e5:df:a4:c9:07:
                    ef:87:f0:4e:18:3a:07:f6:74:ba:ff:7d:12:63:cf:
                    a3:2d:b1:38:97:5d:37:f3:c8:c8:26:f2:14:cd:2b:
                    c1:8e:75:b5:2c:99:98:3d:38:9a:75:a3:5b:dd:b1:
                    dc:4e:80:cc:a0:1d:dd:c5:71:fc:74:f6:c4:20:1d:
                    05:2e:3b:d3:0a:fa:ff:b4:42:c6:d8:3f:8c:2f:4e:
                    a7:4b:69:00:10:42:fd:16:b3:dd:bd:32:31:da:33:
                    1d:0e:78:79:00:33:3a:93:09:ce:34:80:a7:ac:45:
                    da:a7:d2:db:57:30:52:4f:e7:2d:63:49:a3:6c:30:
                    e1:2f:5b:32:d2:5a:78:d2:0f:f3:30:91:c5:c7:a7:
                    88:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AA:48:FE:02:D6:F6:9F:ED:BE:AD:D3:92:6F:02:BF:C0:C5:04:9B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e3b9cc9-4f4d-4b15-a94b-5e1954551cbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.160.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:cc:fa:f7:01:02:68:aa:2a:e7:51:13:a6:57:37:2e:e7:4a:
         2a:bb:d6:1d:9a:2c:8a:70:01:9a:2f:a6:e5:f1:34:f2:b9:a0:
         ef:ab:5a:fd:3f:07:f4:f5:cf:c6:06:06:a5:6d:5b:8a:b7:03:
         9d:56:21:81:4a:f9:0d:85:8c:3e:85:b6:b3:39:2a:9f:08:19:
         6b:88:70:2e:c5:33:45:3f:f7:1b:25:ee:5b:ae:40:bb:20:fe:
         6b:0c:07:fa:fb:9d:ed:b0:47:3e:03:03:c1:48:94:ca:d8:9f:
         93:5c:d3:11:2a:92:5d:95:48:62:95:bb:1c:5c:17:6c:98:31:
         3b:b2:03:1c:32:a6:bf:02:01:6f:e6:b8:c8:f8:17:42:ad:26:
         59:4d:b7:45:8f:6a:77:12:f9:51:41:cd:80:cb:98:6e:bc:49:
         4f:50:b0:7d:51:87:b5:15:19:1e:f1:fd:c6:5b:63:54:0d:0a:
         10:b0:ce:91:1d:d1:93:0f:4f:cd:26:f9:57:77:7d:49:a5:6b:
         63:44:9e:40:bb:bf:c4:1a:a5:ee:1f:cb:f6:6d:d3:63:80:bd:
         0d:55:b3:0c:9e:26:11:69:d0:5b:87:7d:ef:ec:77:e6:6c:89:
         dd:36:2e:fb:fc:16:bc:9c:cf:12:31:a6:4d:50:cf:05:2a:23:
         fc:ea:e9:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBwNjZ7je1mcIZ5KlgxUhcexQ050wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTgxNjA1WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjVlNmYzNWIzODcyYmEwMGQyNDRlZDZjMTU1ZmVhODE5
YTY3NDI5ODBhZDgwMWRlYzkwNTJhNmNmZmY1Zjc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZY83Sa2FThAJEMcC3lqcn72Rb04w8q+4oAD7W67gYMuoZ
aL6zm7kUY5dercPvil5sqSvLSeZJ6kyi0EkqrhQo5fHXP0NqCnXfFrmmjDzjLkIl
moJxLJt4LFnJmgsZhCdgG6oyOrpGi6TWTqfd5HJplA3l36TJB++H8E4YOgf2dLr/
fRJjz6MtsTiXXTfzyMgm8hTNK8GOdbUsmZg9OJp1o1vdsdxOgMygHd3Fcfx09sQg
HQUuO9MK+v+0QsbYP4wvTqdLaQAQQv0Ws929MjHaMx0OeHkAMzqTCc40gKesRdqn
0ttXMFJP5y1jSaNsMOEvWzLSWnjSD/MwkcXHp4j7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjqpI/gLW9p/tvq3Tkm8Cv8DFBJswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNlM2I5Y2M5LTRmNGQtNGIxNS1hOTRiLTVlMTk1NDU1MWNiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASoMowDQYJKoZIhvcNAQELBQADggEBAEPM+vcBAmiqKudRE6ZXNy7nSiq7
1h2aLIpwAZovpuXxNPK5oO+rWv0/B/T1z8YGBqVtW4q3A51WIYFK+Q2FjD6FtrM5
Kp8IGWuIcC7FM0U/9xsl7luuQLsg/msMB/r7ne2wRz4DA8FIlMrYn5Nc0xEqkl2V
SGKVuxxcF2yYMTuyAxwypr8CAW/muMj4F0KtJllNt0WPancS+VFBzYDLmG68SU9Q
sH1Rh7UVGR7x/cZbY1QNChCwzpEd0ZMPT80m+Vd3fUmla2NEnkC7v8Qape4fy/Zt
02OAvQ1VswyeJhFp0FuHfe/sd+Zsid02Lvv8FryczxIxpk1QzwUqI/zq6X0=
-----END CERTIFICATE-----