Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48bf99f1-4c47-46f4-9434-1532b91ebd7b.roa
File:                     48bf99f1-4c47-46f4-9434-1532b91ebd7b.roa (raw, json)
Hash identifier:          eVSkbKJCHu7EE/13cxeLv3mbHu+GkTlTTgTszR7Flqo=
Subject key identifier:   2D:E4:AD:F7:1D:5C:03:C8:8D:C2:74:E5:72:84:54:9A:6C:05:14:C4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       177071AB994BA6CF61279FCC4FA530D678EE479D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48bf99f1-4c47-46f4-9434-1532b91ebd7b.roa
Signing time:             Mon 22 Sep 2025 23:30:05 +0000
ROA not before:           Mon 22 Sep 2025 23:30:05 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.136.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:70:71:ab:99:4b:a6:cf:61:27:9f:cc:4f:a5:30:d6:78:ee:47:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:30:05 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=f9f3789914816601600bac4e386bd7268bf9dcb75a1abd9401407fc03fcb4af7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:53:ce:d7:aa:ac:6b:b7:f8:e2:1f:6f:80:18:
                    27:8a:72:0b:f5:93:2b:c2:93:50:12:c6:cb:7a:da:
                    fa:38:6c:e8:14:46:bb:ad:10:d5:7b:9a:83:c5:5a:
                    3a:f2:d1:f6:5c:b3:4f:54:de:3d:b2:20:e6:78:af:
                    30:03:1e:01:c2:93:0a:22:13:34:24:a8:4a:26:dc:
                    6a:43:05:ec:d5:07:db:f0:b1:e9:5b:7f:a7:27:17:
                    31:ce:31:9e:3e:6e:51:0f:08:bc:d1:59:c1:5d:73:
                    d9:34:4e:31:bf:9c:d8:ba:24:d3:96:bc:f6:b0:45:
                    33:d1:ad:c7:ed:db:cf:24:f1:8a:72:73:c5:86:ab:
                    f1:2e:d5:89:f0:da:54:ab:c4:8f:83:22:e5:2f:b7:
                    f9:23:87:69:38:51:a3:f5:51:01:1d:a5:d1:62:9b:
                    b1:17:5b:10:92:2b:df:6c:f6:97:80:a4:7b:da:ab:
                    25:1e:fe:60:d5:a1:ca:90:b9:33:6c:b2:7d:d7:84:
                    72:ac:18:03:aa:12:27:95:d8:9d:21:42:df:67:fe:
                    ee:c7:86:94:1b:63:7f:ff:78:15:cc:f1:80:64:59:
                    36:09:04:85:54:22:82:99:7a:31:44:06:2b:b2:b4:
                    41:aa:0e:78:1e:fd:0d:13:1c:40:d5:39:9f:11:da:
                    59:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:E4:AD:F7:1D:5C:03:C8:8D:C2:74:E5:72:84:54:9A:6C:05:14:C4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/48bf99f1-4c47-46f4-9434-1532b91ebd7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5e:75:0f:07:10:a8:a5:6a:9e:e2:b7:ee:0b:32:29:77:30:cd:
         cb:f8:69:0e:59:bc:14:1c:89:d7:85:ef:12:8b:1a:4b:a5:ff:
         9b:e9:5b:fb:a9:42:47:1f:5d:33:1c:04:96:bf:1b:35:29:70:
         c9:98:20:22:ac:ee:9c:32:ad:c7:af:4f:76:34:27:f9:2d:9e:
         68:7e:62:f1:e5:1b:7f:09:6a:a1:7d:3b:8e:b4:d5:ee:20:40:
         e9:61:06:a4:b9:56:6e:b1:9b:70:7e:03:6e:99:6c:05:a2:1a:
         95:92:30:eb:5f:63:33:e0:9b:23:3e:c1:24:26:7d:1d:7b:33:
         ab:ba:1d:8b:4d:a6:46:3f:f8:af:e0:19:2d:5e:1a:59:49:0b:
         71:99:7d:60:ee:19:24:c8:9c:9b:c4:a9:2d:c2:2b:d6:b2:cc:
         30:a5:89:99:05:82:67:84:4a:00:ad:b4:93:0d:5b:20:8e:79:
         0c:12:c7:cb:4e:d8:40:5b:cf:d7:ee:4e:8c:e8:7c:4b:71:3c:
         60:13:72:1d:5c:05:d7:80:55:74:f1:35:51:9a:2a:ea:25:88:
         12:ea:15:16:8a:8d:6a:48:35:77:6f:58:18:49:28:2e:c7:6e:
         10:96:a8:55:93:38:9a:04:64:4e:94:87:6a:81:9b:69:19:9b:
         91:e8:27:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF3Bxq5lLps9hJ5/MT6Uw1njuR50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjMzMDA1WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOWYzNzg5OTE0ODE2NjAxNjAwYmFjNGUzODZiZDcyNjhi
ZjlkY2I3NWExYWJkOTQwMTQwN2ZjMDNmY2I0YWY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzU87Xqqxrt/jiH2+AGCeKcgv1kyvCk1ASxst62vo4bOgU
RrutENV7moPFWjry0fZcs09U3j2yIOZ4rzADHgHCkwoiEzQkqEom3GpDBezVB9vw
selbf6cnFzHOMZ4+blEPCLzRWcFdc9k0TjG/nNi6JNOWvPawRTPRrcft288k8Ypy
c8WGq/Eu1Ynw2lSrxI+DIuUvt/kjh2k4UaP1UQEdpdFim7EXWxCSK99s9peApHva
qyUe/mDVocqQuTNssn3XhHKsGAOqEieV2J0hQt9n/u7HhpQbY3//eBXM8YBkWTYJ
BIVUIoKZejFEBiuytEGqDnge/Q0THEDVOZ8R2lnHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULeSt9x1cA8iNwnTlcoRUmmwFFMQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ4YmY5OWYxLTRjNDctNDZmNC05NDM0LTE1MzJiOTFlYmQ3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMS9YgwDQYJKoZIhvcNAQELBQADggEBAF51DwcQqKVqnuK37gsyKXcwzcv4
aQ5ZvBQcideF7xKLGkul/5vpW/upQkcfXTMcBJa/GzUpcMmYICKs7pwyrcevT3Y0
J/ktnmh+YvHlG38JaqF9O4601e4gQOlhBqS5Vm6xm3B+A26ZbAWiGpWSMOtfYzPg
myM+wSQmfR17M6u6HYtNpkY/+K/gGS1eGllJC3GZfWDuGSTInJvEqS3CK9ayzDCl
iZkFgmeESgCttJMNWyCOeQwSx8tO2EBbz9fuTozofEtxPGATch1cBdeAVXTxNVGa
KuoliBLqFRaKjWpINXdvWBhJKC7HbhCWqFWTOJoEZE6Uh2qBm2kZm5HoJ/E=
-----END CERTIFICATE-----