Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41f295d2-4062-47e7-bf25-b9ebcfc1122f.roa
File:                     41f295d2-4062-47e7-bf25-b9ebcfc1122f.roa (raw, json)
Hash identifier:          IyYIaxcaSSIqPiBrUCrVfLjuytwAScyFHIMKntOsJb8=
Subject key identifier:   97:52:26:21:59:0B:DD:59:82:DB:BB:42:29:78:99:48:C8:58:6A:9C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       25F94176F3106481C02437AAE9E858AB5B5DBCA8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41f295d2-4062-47e7-bf25-b9ebcfc1122f.roa
Signing time:             Wed 24 Sep 2025 22:49:41 +0000
ROA not before:           Wed 24 Sep 2025 22:49:41 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f9:41:76:f3:10:64:81:c0:24:37:aa:e9:e8:58:ab:5b:5d:bc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 22:49:41 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=602246081a759de535106cd0d05b99bfbf1610a0fba63071944ead01ebd0d1dd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ee:de:1a:58:69:bf:44:d2:ae:04:d5:f7:b7:
                    8e:cc:fa:a1:10:b2:93:e5:cf:98:df:81:34:72:7f:
                    a2:ec:79:1f:73:62:85:33:16:14:97:bb:3b:dc:a2:
                    97:d6:59:12:bb:d2:fe:49:28:f8:d7:b2:7f:05:35:
                    42:ea:75:fe:9e:c7:c2:ed:c1:81:29:5a:32:2d:f1:
                    a5:a1:7b:81:7d:d6:0b:e2:09:86:98:6e:4b:98:e0:
                    96:cf:1b:00:83:55:95:e5:53:5e:b5:56:3c:cf:f8:
                    c3:5e:bf:50:31:2a:c4:10:1e:b2:3e:39:54:2e:e4:
                    a6:7c:d8:80:a5:9b:e4:f9:6d:c3:81:86:b0:40:8f:
                    e9:f1:d7:1c:91:c4:e4:05:ef:92:fe:c8:db:20:04:
                    c1:6c:29:9c:a0:71:1e:48:3b:dd:5f:38:88:ff:bf:
                    26:b7:50:21:05:7e:ff:50:2c:be:1f:db:73:9c:be:
                    0c:ce:49:e0:b0:d3:af:2f:38:8e:ac:cd:64:a0:07:
                    60:52:3e:61:97:a1:41:e0:f9:f1:7c:b0:67:25:e3:
                    5e:b1:42:71:68:5d:23:a8:2e:0d:18:4d:3e:4b:0f:
                    6c:d9:65:f3:bf:94:0d:d5:5b:fa:cd:92:36:e8:6f:
                    9d:23:90:25:22:8b:6b:69:c3:cf:f2:a2:b1:7c:1d:
                    0b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:52:26:21:59:0B:DD:59:82:DB:BB:42:29:78:99:48:C8:58:6A:9C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41f295d2-4062-47e7-bf25-b9ebcfc1122f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:b4:e9:af:48:c2:bc:ed:2a:7a:35:c0:bd:95:1f:c0:ff:ff:
         6d:cf:66:71:ed:89:d7:05:ac:12:4f:d9:d6:52:4a:38:ba:5d:
         8f:22:d1:a1:bb:d7:99:e7:af:e5:fc:a1:cc:7e:21:16:8a:37:
         09:15:c7:2a:bf:9f:13:c1:3d:c7:1b:df:48:13:7d:8b:04:43:
         b4:b3:4d:a5:12:78:2b:85:fb:c0:9a:32:d7:8a:42:3d:e0:43:
         89:1f:b0:52:bc:89:6b:04:36:57:1a:4a:e1:c7:96:48:ea:f3:
         32:77:e4:b8:54:b7:17:c1:be:e2:48:02:07:66:df:7f:43:72:
         d1:de:bc:a4:be:aa:1a:0e:36:8b:36:92:ae:e7:ef:f3:9c:56:
         d2:fb:b2:3d:60:ce:4d:69:77:a5:bb:4a:dc:f7:f7:b1:90:52:
         a5:1e:b3:0c:c2:97:85:d9:15:05:07:df:5c:82:95:f0:ab:3d:
         c2:8f:75:4a:0a:0f:51:24:5d:fb:bf:96:de:35:11:6c:0f:75:
         d2:f4:e2:50:48:5a:f3:78:f8:0e:d2:da:b7:10:33:ab:ad:ad:
         4c:38:6e:ca:59:9d:5b:6a:13:bb:40:d4:b3:52:cf:c3:03:61:
         89:51:88:94:4a:f5:1b:d0:a2:d1:06:89:42:9b:d9:58:91:b4:
         f9:9b:7b:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJflBdvMQZIHAJDeq6ehYq1tdvKgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjI0OTQxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDIyNDYwODFhNzU5ZGU1MzUxMDZjZDBkMDViOTliZmJm
MTYxMGEwZmJhNjMwNzE5NDRlYWQwMWViZDBkMWRkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDX7t4aWGm/RNKuBNX3t47M+qEQspPlz5jfgTRyf6LseR9z
YoUzFhSXuzvcopfWWRK70v5JKPjXsn8FNULqdf6ex8LtwYEpWjIt8aWhe4F91gvi
CYaYbkuY4JbPGwCDVZXlU161VjzP+MNev1AxKsQQHrI+OVQu5KZ82IClm+T5bcOB
hrBAj+nx1xyRxOQF75L+yNsgBMFsKZygcR5IO91fOIj/vya3UCEFfv9QLL4f23Oc
vgzOSeCw068vOI6szWSgB2BSPmGXoUHg+fF8sGcl416xQnFoXSOoLg0YTT5LD2zZ
ZfO/lA3VW/rNkjbob50jkCUii2tpw8/yorF8HQv1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl1ImIVkL3VmC27tCKXiZSMhYapwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxZjI5NWQyLTQwNjItNDdlNy1iZjI1LWI5ZWJjZmMxMTIyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISQcwwDQYJKoZIhvcNAQELBQADggEBAGO06a9IwrztKno1wL2VH8D//23P
ZnHtidcFrBJP2dZSSji6XY8i0aG715nnr+X8ocx+IRaKNwkVxyq/nxPBPccb30gT
fYsEQ7SzTaUSeCuF+8CaMteKQj3gQ4kfsFK8iWsENlcaSuHHlkjq8zJ35LhUtxfB
vuJIAgdm339DctHevKS+qhoONos2kq7n7/OcVtL7sj1gzk1pd6W7Stz397GQUqUe
swzCl4XZFQUH31yClfCrPcKPdUoKD1EkXfu/lt41EWwPddL04lBIWvN4+A7S2rcQ
M6utrUw4bspZnVtqE7tA1LNSz8MDYYlRiJRK9RvQotEGiUKb2ViRtPmbe5o=
-----END CERTIFICATE-----