Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40ac64ca-4def-4056-bd11-c29b6ddcfc66.roa
File:                     40ac64ca-4def-4056-bd11-c29b6ddcfc66.roa (raw, json)
Hash identifier:          sbGv7li5zSSev9VjuWEb6OivW/HKHQgtBuFXAUhCnF0=
Subject key identifier:   45:50:B6:90:A1:F2:BC:AD:D5:BE:A7:02:52:B4:8E:96:E2:AE:BD:58
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1B4F2F0E4FAEC6AE09448E2B9EE5D802A98A61F5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40ac64ca-4def-4056-bd11-c29b6ddcfc66.roa
Signing time:             Mon 22 Sep 2025 17:08:28 +0000
ROA not before:           Mon 22 Sep 2025 17:08:28 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:4f:2f:0e:4f:ae:c6:ae:09:44:8e:2b:9e:e5:d8:02:a9:8a:61:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:08:28 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=1ff5e090d49920140460dda876e5c80d455518ca94bf54f75960e5a44cae837e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6e:59:2c:c4:61:93:d5:eb:19:b3:d1:27:23:
                    84:98:89:66:b3:eb:69:cb:e8:e1:9e:d4:fe:e8:f6:
                    1b:7a:79:1e:91:e2:8a:6a:ff:c4:ad:8d:dd:d5:8e:
                    5d:7b:aa:9f:ff:4d:ac:6f:07:64:0d:4c:3f:3e:19:
                    34:03:d3:86:fe:7f:a7:3f:d1:10:fa:40:17:c7:eb:
                    41:27:76:1f:72:4c:94:ae:9f:98:4e:63:20:2b:76:
                    9a:f6:d2:d2:98:ea:28:fc:90:46:56:38:f2:b3:98:
                    30:4d:c9:ed:df:b2:ae:86:9d:33:46:d5:66:c3:c7:
                    1f:1b:de:93:2e:e4:11:18:e4:a3:34:29:b3:d8:98:
                    7b:72:15:d1:0b:b5:86:77:3d:a4:38:4d:21:06:27:
                    1a:a7:8d:82:97:60:e4:6e:59:94:ec:c7:e6:2c:79:
                    35:71:c7:1f:75:ad:7c:b9:b4:da:ab:44:ba:9c:79:
                    3a:97:9f:1e:ad:38:0a:f8:38:4f:ee:e7:3c:96:70:
                    21:53:f2:11:b0:e1:a4:9f:3b:67:2a:34:1c:a6:ba:
                    00:70:65:27:48:3c:a4:e7:a0:3a:71:a1:e1:54:f6:
                    54:84:68:bf:fa:b3:ce:08:5e:ab:5a:6b:8a:1e:09:
                    c6:87:12:1d:a6:fd:67:e6:64:9c:c5:8a:0e:7d:86:
                    cc:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:50:B6:90:A1:F2:BC:AD:D5:BE:A7:02:52:B4:8E:96:E2:AE:BD:58
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40ac64ca-4def-4056-bd11-c29b6ddcfc66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:e2:61:cb:00:21:4e:4b:13:a7:ee:6e:6e:a2:2d:df:c0:4e:
         e0:6c:a8:b9:55:63:51:ae:96:3c:a4:99:43:01:c9:8b:8f:89:
         ad:2a:b2:fd:e0:51:e0:bf:61:a8:38:96:c1:2c:26:c5:2e:3a:
         a4:93:f6:69:1b:06:67:98:ca:34:94:aa:35:fc:c5:e1:e4:70:
         bc:c6:47:a5:e0:b6:78:dd:dd:87:27:28:22:e9:00:ba:11:cb:
         70:63:ac:9b:54:d5:19:94:69:e9:62:47:b2:0a:bb:12:9a:31:
         7c:87:c6:d7:38:7b:8a:93:23:f6:a6:55:7a:98:3a:12:12:88:
         3b:f8:5d:a4:0c:94:95:03:d2:46:3d:b7:9e:f8:66:87:d1:ef:
         f0:c0:80:39:9c:66:d0:05:5a:25:bb:73:67:a7:51:82:80:82:
         cf:3d:5d:81:bc:be:ca:ab:e1:c5:a5:d1:26:d6:08:63:dd:d3:
         25:66:13:7d:f7:3a:e6:c0:6e:9e:dc:31:01:d0:32:c3:ef:67:
         63:36:81:76:ea:7e:ef:ac:69:02:eb:36:f0:71:89:db:a2:e9:
         ae:d5:4e:cd:48:c4:f5:77:3f:f0:ed:0b:f4:e8:6c:68:0f:20:
         e8:77:d2:50:72:93:e3:9c:57:42:72:0e:7b:63:df:04:70:77:
         b8:7f:bd:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG08vDk+uxq4JRI4rnuXYAqmKYfUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTcwODI4WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZmY1ZTA5MGQ0OTkyMDE0MDQ2MGRkYTg3NmU1YzgwZDQ1
NTUxOGNhOTRiZjU0Zjc1OTYwZTVhNDRjYWU4MzdlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZblksxGGT1esZs9EnI4SYiWaz62nL6OGe1P7o9ht6eR6R
4opq/8Stjd3Vjl17qp//TaxvB2QNTD8+GTQD04b+f6c/0RD6QBfH60Endh9yTJSu
n5hOYyArdpr20tKY6ij8kEZWOPKzmDBNye3fsq6GnTNG1WbDxx8b3pMu5BEY5KM0
KbPYmHtyFdELtYZ3PaQ4TSEGJxqnjYKXYORuWZTsx+YseTVxxx91rXy5tNqrRLqc
eTqXnx6tOAr4OE/u5zyWcCFT8hGw4aSfO2cqNBymugBwZSdIPKTnoDpxoeFU9lSE
aL/6s84IXqtaa4oeCcaHEh2m/WfmZJzFig59hswzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURVC2kKHyvK3VvqcCUrSOluKuvVgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQwYWM2NGNhLTRkZWYtNDA1Ni1iZDExLWMyOWI2ZGRjZmM2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmmQwDQYJKoZIhvcNAQELBQADggEBAB/iYcsAIU5LE6fubm6iLd/ATuBs
qLlVY1GuljykmUMByYuPia0qsv3gUeC/Yag4lsEsJsUuOqST9mkbBmeYyjSUqjX8
xeHkcLzGR6Xgtnjd3YcnKCLpALoRy3BjrJtU1RmUaeliR7IKuxKaMXyHxtc4e4qT
I/amVXqYOhISiDv4XaQMlJUD0kY9t574ZofR7/DAgDmcZtAFWiW7c2enUYKAgs89
XYG8vsqr4cWl0SbWCGPd0yVmE333OubAbp7cMQHQMsPvZ2M2gXbqfu+saQLrNvBx
idui6a7VTs1IxPV3P/DtC/TobGgPIOh30lByk+OcV0JyDntj3wRwd7h/vRg=
-----END CERTIFICATE-----