Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40875a81-4692-44a9-bbf2-d553eb260401.roa
File:                     40875a81-4692-44a9-bbf2-d553eb260401.roa (raw, json)
Hash identifier:          /h70tdpq9ym5SXN6hc+5Ues0hAQPD1rQLVc9vIz+36s=
Subject key identifier:   9F:22:F2:3D:4C:40:F6:50:7B:80:0D:8F:F6:16:BE:2A:67:A7:0F:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6158E73722505D08036790EE080E43720A2AF6C1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40875a81-4692-44a9-bbf2-d553eb260401.roa
Signing time:             Mon 22 Sep 2025 22:32:08 +0000
ROA not before:           Mon 22 Sep 2025 22:32:08 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:58:e7:37:22:50:5d:08:03:67:90:ee:08:0e:43:72:0a:2a:f6:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:32:08 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=5b5c673064cddb8c40cfa7c38b50b0396bb642b3e7accbaabe152f007b583e89, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:96:76:e8:95:38:c6:78:e7:f4:13:85:5e:82:
                    93:ec:59:fa:c2:82:4c:1a:61:27:e4:24:83:1e:dd:
                    21:24:cd:8d:77:99:ac:ef:88:de:6e:71:4b:c7:04:
                    76:8c:da:f1:c1:0c:34:ec:83:a6:7e:a3:b4:c3:61:
                    d9:99:65:83:12:5c:a7:ca:8d:61:91:91:fd:43:d7:
                    97:79:8a:19:09:91:31:54:87:ff:c1:51:f9:fb:a3:
                    4a:50:21:f4:da:5c:56:b1:1c:9e:58:d8:70:0c:ba:
                    6e:4d:d0:bf:1c:35:2a:04:da:f1:77:63:03:fc:9b:
                    28:49:9a:8d:e8:42:dd:75:45:d5:7b:cc:f1:da:22:
                    4f:41:14:20:ca:bb:97:73:86:d7:73:42:82:fc:7c:
                    89:38:02:06:fc:25:42:1e:ea:6a:cc:52:e7:6d:a0:
                    e6:33:44:4b:4d:df:dc:df:2c:b1:c9:26:87:2f:31:
                    43:d8:0e:3d:31:d4:3d:bd:73:a8:cd:78:d5:11:fe:
                    c1:90:16:12:ee:41:d8:f5:ee:4f:8e:6b:29:ca:01:
                    ec:5b:0a:ed:80:09:f2:58:67:15:ed:83:07:1a:8f:
                    56:28:b6:c7:2b:c1:71:7f:e7:3f:25:17:8f:c3:a2:
                    1d:ce:23:24:ba:f9:1f:91:c7:6f:bf:60:38:1d:00:
                    20:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:22:F2:3D:4C:40:F6:50:7B:80:0D:8F:F6:16:BE:2A:67:A7:0F:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40875a81-4692-44a9-bbf2-d553eb260401.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:47:f2:77:06:56:63:42:50:b7:db:e7:94:c4:85:8f:62:97:
         69:a0:10:c1:98:85:da:5a:84:2a:6d:d9:44:50:c8:31:14:b4:
         f9:63:8f:af:41:49:a0:47:ff:c2:14:aa:d7:98:c3:20:23:44:
         80:09:31:4c:26:80:06:c4:1f:e4:61:d8:cb:c3:df:ad:15:52:
         49:a9:a4:90:f4:ea:04:e3:b1:58:3f:5b:db:fa:fc:3c:e8:6e:
         a9:2d:0b:e7:f1:ed:d6:f1:88:3b:08:d9:93:35:69:cc:35:d5:
         95:2a:d7:a0:71:d7:50:46:ba:e3:4d:66:03:b2:d9:58:c0:98:
         be:d2:a8:4f:dc:e9:d7:a0:ab:33:44:dd:9f:b7:c3:d8:36:c3:
         ed:84:64:b4:01:b7:d3:6a:f2:0a:1b:47:0b:0a:d8:34:bc:e4:
         9d:63:79:f1:ab:b8:ba:bf:7a:af:9a:0a:f6:c4:b6:fb:b8:33:
         e5:08:8d:0e:4d:6b:01:40:03:d2:a7:98:61:ee:48:5b:6c:d0:
         4b:05:10:b9:17:bd:dd:f8:2e:43:dc:73:fe:79:31:b6:c1:d6:
         5c:bd:a8:c1:a0:92:96:55:b8:1f:a6:8d:d0:70:16:09:11:cb:
         38:78:c3:a1:31:03:35:5c:0d:f0:37:53:e9:3a:48:46:1b:ce:
         92:c7:2f:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYVjnNyJQXQgDZ5DuCA5Dcgoq9sEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjIzMjA4WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjVjNjczMDY0Y2RkYjhjNDBjZmE3YzM4YjUwYjAzOTZi
YjY0MmIzZTdhY2NiYWFiZTE1MmYwMDdiNTgzZTg5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXlnbolTjGeOf0E4VegpPsWfrCgkwaYSfkJIMe3SEkzY13
mazviN5ucUvHBHaM2vHBDDTsg6Z+o7TDYdmZZYMSXKfKjWGRkf1D15d5ihkJkTFU
h//BUfn7o0pQIfTaXFaxHJ5Y2HAMum5N0L8cNSoE2vF3YwP8myhJmo3oQt11RdV7
zPHaIk9BFCDKu5dzhtdzQoL8fIk4Agb8JUIe6mrMUudtoOYzREtN39zfLLHJJocv
MUPYDj0x1D29c6jNeNUR/sGQFhLuQdj17k+OaynKAexbCu2ACfJYZxXtgwcaj1Yo
tscrwXF/5z8lF4/Doh3OIyS6+R+Rx2+/YDgdACCtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnyLyPUxA9lB7gA2P9ha+KmenD48wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQwODc1YTgxLTQ2OTItNDRhOS1iYmYyLWQ1NTNlYjI2MDQwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9A0wDQYJKoZIhvcNAQELBQADggEBAKpH8ncGVmNCULfb55TEhY9il2mg
EMGYhdpahCpt2URQyDEUtPljj69BSaBH/8IUqteYwyAjRIAJMUwmgAbEH+Rh2MvD
360VUkmppJD06gTjsVg/W9v6/DzobqktC+fx7dbxiDsI2ZM1acw11ZUq16Bx11BG
uuNNZgOy2VjAmL7SqE/c6degqzNE3Z+3w9g2w+2EZLQBt9Nq8gobRwsK2DS85J1j
efGruLq/eq+aCvbEtvu4M+UIjQ5NawFAA9KnmGHuSFts0EsFELkXvd34LkPcc/55
MbbB1ly9qMGgkpZVuB+mjdBwFgkRyzh4w6ExAzVcDfA3U+k6SEYbzpLHL0U=
-----END CERTIFICATE-----