Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42ee6248-0a68-4c37-bc0c-b0dfb81c7410.roa
File:                     42ee6248-0a68-4c37-bc0c-b0dfb81c7410.roa (raw, json)
Hash identifier:          XHXv3XVQkesi/qoZe/1X89f7xUo9qllTKfGQPm46Trs=
Subject key identifier:   83:1B:85:85:E4:35:3A:CB:F4:AD:65:1E:5C:5A:FC:CF:18:9D:67:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4359259134543AFE1CF5182B26ECFB158BAC32
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42ee6248-0a68-4c37-bc0c-b0dfb81c7410.roa
Signing time:             Wed 24 Sep 2025 21:42:36 +0000
ROA not before:           Wed 24 Sep 2025 21:42:36 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:59:25:91:34:54:3a:fe:1c:f5:18:2b:26:ec:fb:15:8b:ac:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:42:36 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=286b9eb4d674dbf10b61f5f6d235a0c5cceece8aae17abce3464be69e21ce609, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ba:f8:2f:60:e3:8c:00:bd:99:0e:6a:da:23:
                    13:d6:bb:45:0f:a1:c0:d5:2a:e0:da:17:c2:e5:52:
                    11:ae:9e:f2:f7:28:32:a9:4e:f2:09:38:3c:17:49:
                    dc:f2:68:5f:75:c8:ad:38:50:52:31:db:60:c7:9c:
                    f4:01:9e:d9:02:27:86:20:72:f8:0c:a7:c9:16:1d:
                    18:11:0e:af:c2:a7:d7:ff:e5:bc:a9:a4:7e:32:1d:
                    9a:0c:9f:3c:c6:11:01:51:06:f9:f4:f3:18:1c:7b:
                    e4:48:4e:15:cd:78:65:35:47:a9:0d:b6:7f:b8:66:
                    da:fa:f5:09:e1:11:39:d3:32:a4:f6:45:f4:ea:eb:
                    f9:8f:26:23:5b:f7:91:0d:ee:fa:71:d0:0e:ff:75:
                    51:1a:02:dd:0b:0f:10:25:04:6b:cb:58:c7:de:7c:
                    b6:42:f3:17:ee:95:ec:23:68:d6:65:45:e5:ec:a1:
                    4f:49:29:c6:1e:1c:36:23:5f:3b:b0:45:34:e6:0d:
                    1c:cf:91:bd:e1:bd:f6:e8:46:ba:01:a6:ea:dd:5d:
                    33:95:f8:fa:8e:b5:20:ac:a5:92:84:35:1e:6b:bd:
                    18:3b:6f:3b:d1:a6:e2:6b:23:dd:16:a7:10:20:18:
                    13:69:98:a0:58:fd:c3:1e:95:9c:d9:6c:07:98:9f:
                    97:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:1B:85:85:E4:35:3A:CB:F4:AD:65:1E:5C:5A:FC:CF:18:9D:67:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42ee6248-0a68-4c37-bc0c-b0dfb81c7410.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:82:67:e3:db:c9:67:2b:ff:54:75:12:ea:9a:df:ed:88:3e:
         7b:cc:ce:ea:9b:1d:1e:37:da:2f:0c:dc:ed:9c:36:85:16:9c:
         95:31:57:ee:c8:00:b5:96:ae:be:d4:b9:47:68:fd:30:7a:32:
         01:22:27:8f:b5:26:a6:ff:81:8a:51:3b:34:3d:84:01:67:93:
         be:7b:09:85:04:00:a3:c8:62:91:8f:e2:0e:90:e7:d2:1a:07:
         d2:ba:82:39:33:6a:fb:8d:76:25:2e:40:bf:79:3b:51:ea:ba:
         d3:27:aa:da:1f:9d:57:f9:c1:88:49:72:60:e2:ef:3a:11:3c:
         5c:2b:44:1a:54:dd:e2:f9:60:ea:4c:ef:eb:04:0c:20:b3:0e:
         05:d8:b6:cf:bb:71:5b:2d:f9:f9:15:a4:56:8d:2b:83:7e:45:
         d6:cb:31:2e:64:6f:ab:72:3d:08:00:5d:b6:5c:ed:01:d3:da:
         be:ba:3f:85:2c:fd:74:03:8a:07:18:c8:2e:06:7b:c9:e6:13:
         a7:7d:ed:75:3b:9f:06:c9:d0:3a:1f:70:19:f5:74:c9:bc:80:
         5e:94:0d:d2:a3:96:18:66:85:d8:06:ef:20:a6:af:ce:fe:d0:
         79:39:bc:69:95:63:3b:73:10:f1:f4:3d:b2:77:11:5d:64:22:
         8b:22:97:85
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITQ1klkTRUOv4c9RgrJuz7FYusMjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA5MjQyMTQyMzZaFw0yNTEwMjkyMzU5NTla
MHoxSTBHBgNVBAUTQDI4NmI5ZWI0ZDY3NGRiZjEwYjYxZjVmNmQyMzVhMGM1Y2Nl
ZWNlOGFhZTE3YWJjZTM0NjRiZTY5ZTIxY2U2MDkxLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMq6+C9g44wAvZkOatojE9a7RQ+hwNUq4NoXwuVSEa6e8vco
MqlO8gk4PBdJ3PJoX3XIrThQUjHbYMec9AGe2QInhiBy+AynyRYdGBEOr8Kn1//l
vKmkfjIdmgyfPMYRAVEG+fTzGBx75EhOFc14ZTVHqQ22f7hm2vr1CeEROdMypPZF
9Orr+Y8mI1v3kQ3u+nHQDv91URoC3QsPECUEa8tYx958tkLzF+6V7CNo1mVF5eyh
T0kpxh4cNiNfO7BFNOYNHM+RveG99uhGugGm6t1dM5X4+o61IKylkoQ1Hmu9GDtv
O9Gm4msj3RanECAYE2mYoFj9wx6VnNlsB5ifl4cCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBSDG4WF5DU6y/StZR5cWvzPGJ1n3TAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvNDJlZTYyNDgtMGE2OC00YzM3LWJjMGMtYjBkZmI4MWM3NDEwLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEABJCgDANBgkqhkiG9w0BAQsFAAOCAQEAaYJn49vJZyv/VHUS6prf7Yg+e8zO
6psdHjfaLwzc7Zw2hRaclTFX7sgAtZauvtS5R2j9MHoyASInj7Umpv+BilE7ND2E
AWeTvnsJhQQAo8hikY/iDpDn0hoH0rqCOTNq+412JS5Av3k7Ueq60yeq2h+dV/nB
iElyYOLvOhE8XCtEGlTd4vlg6kzv6wQMILMOBdi2z7txWy35+RWkVo0rg35F1ssx
LmRvq3I9CABdtlztAdPavro/hSz9dAOKBxjILgZ7yeYTp33tdTufBsnQOh9wGfV0
ybyAXpQN0qOWGGaF2AbvIKavzv7QeTm8aZVjO3MQ8fQ9sncRXWQiiyKXhQ==
-----END CERTIFICATE-----