Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422fb51f-d5e0-4b9f-b16c-657ec732e11e.roa
File:                     422fb51f-d5e0-4b9f-b16c-657ec732e11e.roa (raw, json)
Hash identifier:          Ezee6T14rt08rhzglwGUV74ExGfX327Qw6suUIvuRLg=
Subject key identifier:   FC:F5:7D:B6:66:EB:A1:6E:5E:95:C4:D5:25:2E:46:7A:F9:30:9E:A0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       224F859F2367ADE0A3FC2CF8A05D2551058F8A4C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422fb51f-d5e0-4b9f-b16c-657ec732e11e.roa
Signing time:             Mon 22 Sep 2025 19:40:37 +0000
ROA not before:           Mon 22 Sep 2025 19:40:37 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:4f:85:9f:23:67:ad:e0:a3:fc:2c:f8:a0:5d:25:51:05:8f:8a:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 19:40:37 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=570a0f928deed1c46ee5fa6111bf8e576ce1d0d34bb4c3c15162f25dd5737078, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:c6:6a:b9:a7:d9:7a:0d:fe:a6:eb:43:d7:b4:
                    ee:83:8c:bc:5f:f9:5c:17:b4:54:8d:ef:e9:82:2f:
                    d3:af:ed:c5:ec:61:e1:3a:31:dc:05:c0:83:91:42:
                    d5:ca:2b:b1:57:e2:a5:73:5c:29:5e:f9:74:85:d7:
                    dd:34:2e:f6:df:96:aa:fa:64:dd:99:3f:f3:00:1f:
                    b2:5d:63:24:f9:4c:9b:05:23:de:99:f9:67:34:e7:
                    61:84:72:26:0f:a4:8b:61:7f:a5:11:73:ad:ca:8b:
                    e5:65:e2:d5:00:1b:f7:f4:78:75:58:f0:cb:db:0b:
                    33:ef:95:fe:8a:56:9f:99:ab:12:28:6a:2b:55:87:
                    3f:f2:d3:35:d2:15:a3:c5:80:5e:61:c9:fc:ca:65:
                    42:c6:b2:ce:28:ea:a6:0f:01:c1:37:b8:ce:5c:ce:
                    fb:0f:c6:b1:ca:33:90:e1:34:e3:87:75:a5:23:64:
                    09:8b:bf:fd:7d:e4:1d:b0:88:20:e1:9b:12:7a:21:
                    11:c7:63:66:86:5e:37:eb:af:b7:10:dc:e5:5a:95:
                    a4:23:28:dc:e7:78:ea:d6:41:cc:c9:55:d4:59:7a:
                    5a:02:6f:98:db:74:26:94:b1:ea:b3:40:a6:1d:23:
                    9e:3d:6d:85:8a:a3:59:7c:a8:a6:66:6e:d1:a0:de:
                    bd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F5:7D:B6:66:EB:A1:6E:5E:95:C4:D5:25:2E:46:7A:F9:30:9E:A0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422fb51f-d5e0-4b9f-b16c-657ec732e11e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:86:53:90:56:25:ea:ae:fb:d1:61:c0:ec:76:7c:e5:dd:09:
         57:09:2c:5d:e3:0e:af:a7:73:a4:fd:f3:0f:db:11:da:3e:a3:
         6a:9f:58:d6:e2:fa:fd:45:09:a9:cc:f1:29:47:44:c7:32:f0:
         79:65:e9:d7:0c:bf:c7:31:ef:79:ac:f2:45:8e:41:e9:2f:a1:
         8e:b8:df:49:66:b2:18:c0:66:5b:6f:9e:e5:5f:29:62:52:d1:
         5e:ab:b3:ea:b0:5c:8f:10:98:7b:a9:6c:d5:d5:fa:86:87:91:
         ba:23:fe:db:f6:54:02:07:2e:ae:52:d2:f8:2f:a0:e8:35:39:
         00:47:0d:1e:9a:ba:99:c6:ed:16:a4:36:4a:4e:27:2d:67:50:
         8f:50:be:2c:0c:bb:59:cf:ec:c9:73:b4:2f:0d:c3:7f:48:cc:
         a7:5c:af:a7:b1:4a:22:6a:eb:aa:e3:fe:ef:aa:67:f2:75:3f:
         15:e4:8d:85:d0:72:a9:ee:97:f8:13:21:08:34:47:d1:b3:dd:
         f6:39:92:52:80:a6:23:c4:dd:8f:01:52:93:8c:c2:4b:8f:cc:
         7b:b5:f0:a4:c9:db:1f:29:59:90:90:1c:a5:19:7a:50:a9:0a:
         24:83:78:08:93:28:c4:1b:08:4f:e5:d3:a0:71:4d:41:83:a0:
         9e:92:40:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIk+FnyNnreCj/Cz4oF0lUQWPikwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTk0MDM3WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzBhMGY5MjhkZWVkMWM0NmVlNWZhNjExMWJmOGU1NzZj
ZTFkMGQzNGJiNGMzYzE1MTYyZjI1ZGQ1NzM3MDc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4xmq5p9l6Df6m60PXtO6DjLxf+VwXtFSN7+mCL9Ov7cXs
YeE6MdwFwIORQtXKK7FX4qVzXCle+XSF1900Lvbflqr6ZN2ZP/MAH7JdYyT5TJsF
I96Z+Wc052GEciYPpIthf6URc63Ki+Vl4tUAG/f0eHVY8MvbCzPvlf6KVp+ZqxIo
aitVhz/y0zXSFaPFgF5hyfzKZULGss4o6qYPAcE3uM5czvsPxrHKM5DhNOOHdaUj
ZAmLv/195B2wiCDhmxJ6IRHHY2aGXjfrr7cQ3OValaQjKNzneOrWQczJVdRZeloC
b5jbdCaUseqzQKYdI549bYWKo1l8qKZmbtGg3r13AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/PV9tmbroW5elcTVJS5GevkwnqAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyMmZiNTFmLWQ1ZTAtNGI5Zi1iMTZjLTY1N2VjNzMyZTExZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpcMwDQYJKoZIhvcNAQELBQADggEBABmGU5BWJequ+9FhwOx2fOXdCVcJ
LF3jDq+nc6T98w/bEdo+o2qfWNbi+v1FCanM8SlHRMcy8Hll6dcMv8cx73ms8kWO
QekvoY6430lmshjAZltvnuVfKWJS0V6rs+qwXI8QmHupbNXV+oaHkboj/tv2VAIH
Lq5S0vgvoOg1OQBHDR6aupnG7RakNkpOJy1nUI9QviwMu1nP7MlztC8Nw39IzKdc
r6exSiJq66rj/u+qZ/J1PxXkjYXQcqnul/gTIQg0R9Gz3fY5klKApiPE3Y8BUpOM
wkuPzHu18KTJ2x8pWZCQHKUZelCpCiSDeAiTKMQbCE/l06BxTUGDoJ6SQCU=
-----END CERTIFICATE-----