Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b2307f-0266-405c-9be5-1ab80782a5ce.roa
File:                     42b2307f-0266-405c-9be5-1ab80782a5ce.roa (raw, json)
Hash identifier:          QM+Ut55IE5p8x/14PYzZNO6oWI0jVo0saGMtM9NBH00=
Subject key identifier:   61:C3:42:33:B0:27:EA:4E:03:9D:E1:56:BC:EA:E6:30:CA:4F:A8:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0937698947D6CB70E76AF6EE6CBD532062BC8569
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b2307f-0266-405c-9be5-1ab80782a5ce.roa
Signing time:             Mon 22 Sep 2025 20:52:14 +0000
ROA not before:           Mon 22 Sep 2025 20:52:14 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.173.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:37:69:89:47:d6:cb:70:e7:6a:f6:ee:6c:bd:53:20:62:bc:85:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 20:52:14 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=241fc3854b85edf6acf8a81a351486adb203f153a65ea67f4ed22096640f6e3a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5e:9c:26:10:54:ab:8c:d2:38:47:2f:73:ec:
                    e6:08:a4:24:a9:4d:23:fd:04:2d:81:8e:7c:c8:70:
                    e5:67:7d:06:aa:0e:ab:41:3d:0d:9c:3a:5e:6a:5f:
                    7c:07:c2:12:3e:86:6b:93:a7:01:58:2b:b0:aa:2d:
                    a9:1f:9f:b0:92:fb:e1:4b:75:9f:83:95:16:cc:ba:
                    bc:b6:66:9b:61:ea:05:b1:4e:dc:9d:aa:e1:81:ae:
                    18:c4:62:8b:57:39:b0:ab:f3:81:50:23:18:5e:d8:
                    33:d7:20:d6:13:62:76:af:cc:8c:de:fe:bf:3d:2a:
                    79:e2:9b:5b:f6:c8:8b:fc:97:2f:cd:d4:e4:66:36:
                    81:a7:3b:58:07:6d:df:02:b4:73:e5:65:8e:15:de:
                    23:09:9f:42:0b:02:32:87:32:a0:90:ae:fb:6d:86:
                    06:ca:4c:0d:7b:f5:45:7b:04:d0:44:d2:2d:5c:a3:
                    7b:12:7a:45:73:98:b1:7c:40:af:fa:e1:43:59:e9:
                    85:27:5a:15:d5:8a:c3:23:0e:bf:c9:fb:48:cf:a8:
                    ac:ab:a1:62:1b:fd:e5:2f:50:c2:ed:89:7c:6f:01:
                    3c:3c:9c:98:cc:f1:b8:e9:5f:70:62:2b:c6:de:17:
                    35:34:fe:fd:73:66:74:8d:f7:72:b2:22:41:da:83:
                    b5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C3:42:33:B0:27:EA:4E:03:9D:E1:56:BC:EA:E6:30:CA:4F:A8:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b2307f-0266-405c-9be5-1ab80782a5ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.173.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a8:8f:79:47:9b:9f:16:e6:d8:1c:55:4f:6d:b2:51:1a:17:
         50:6f:56:a4:db:4f:08:25:e2:fe:29:09:d6:d8:2f:cb:bc:cd:
         63:b0:d7:5c:ff:fe:d9:47:60:3e:cf:1b:4f:4b:82:ef:0e:5b:
         26:02:27:f0:aa:fa:8f:16:fc:8b:ae:b7:cb:12:a4:d2:d2:fc:
         c2:c5:d1:40:b3:67:cc:39:13:f0:1e:81:bf:20:9b:40:f0:28:
         93:98:c3:f3:32:81:c4:b1:47:8b:9b:9d:93:fb:15:2c:32:f8:
         1f:17:09:98:ee:94:6a:42:14:4b:d5:db:54:2d:d4:70:c3:46:
         73:76:a1:bd:d9:fe:6b:ec:63:e1:74:26:7a:dc:af:f6:fa:e4:
         7a:45:4d:60:b4:e0:4a:cb:7d:e9:27:05:0c:ab:88:7c:45:ea:
         5a:d3:02:4a:10:f4:d1:f6:68:b9:ab:c4:48:75:0d:4d:f4:82:
         9c:da:20:7f:02:ae:ce:73:4c:eb:b7:34:1d:f3:66:af:96:10:
         76:24:86:e7:b7:ed:4a:45:dd:0e:0d:8e:2d:d1:b6:00:46:e6:
         19:ca:61:15:6a:1a:c3:14:c8:eb:26:df:92:b6:a1:33:4b:0f:
         d8:dc:f2:56:23:f8:2f:dd:20:e1:b4:6f:47:97:f1:6b:6a:b5:
         50:5b:5d:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCTdpiUfWy3DnavbubL1TIGK8hWkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjA1MjE0WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDFmYzM4NTRiODVlZGY2YWNmOGE4MWEzNTE0ODZhZGIy
MDNmMTUzYTY1ZWE2N2Y0ZWQyMjA5NjY0MGY2ZTNhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPXpwmEFSrjNI4Ry9z7OYIpCSpTSP9BC2BjnzIcOVnfQaq
DqtBPQ2cOl5qX3wHwhI+hmuTpwFYK7CqLakfn7CS++FLdZ+DlRbMury2Zpth6gWx
TtydquGBrhjEYotXObCr84FQIxhe2DPXINYTYnavzIze/r89Knnim1v2yIv8ly/N
1ORmNoGnO1gHbd8CtHPlZY4V3iMJn0ILAjKHMqCQrvtthgbKTA179UV7BNBE0i1c
o3sSekVzmLF8QK/64UNZ6YUnWhXVisMjDr/J+0jPqKyroWIb/eUvUMLtiXxvATw8
nJjM8bjpX3BiK8beFzU0/v1zZnSN93KyIkHag7WjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYcNCM7An6k4DneFWvOrmMMpPqLEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyYjIzMDdmLTAyNjYtNDA1Yy05YmU1LTFhYjgwNzgyYTVjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASrTgwDQYJKoZIhvcNAQELBQADggEBAEGoj3lHm58W5tgcVU9tslEaF1Bv
VqTbTwgl4v4pCdbYL8u8zWOw11z//tlHYD7PG09Lgu8OWyYCJ/Cq+o8W/Iuut8sS
pNLS/MLF0UCzZ8w5E/Aegb8gm0DwKJOYw/MygcSxR4ubnZP7FSwy+B8XCZjulGpC
FEvV21Qt1HDDRnN2ob3Z/mvsY+F0Jnrcr/b65HpFTWC04ErLfeknBQyriHxF6lrT
AkoQ9NH2aLmrxEh1DU30gpzaIH8Crs5zTOu3NB3zZq+WEHYkhue37UpF3Q4Nji3R
tgBG5hnKYRVqGsMUyOsm35K2oTNLD9jc8lYj+C/dIOG0b0eX8WtqtVBbXUU=
-----END CERTIFICATE-----