Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4c3beeff-97b4-4505-8840-7bfe22e987b7.roa
File:                     4c3beeff-97b4-4505-8840-7bfe22e987b7.roa (raw, json)
Hash identifier:          TJmF5R1PkWXyrv03z/auDnZ3JQ9Z7GXt4J8vggaqA94=
Subject key identifier:   BF:E0:3F:E7:66:40:DC:66:F8:FA:33:10:8F:38:B6:76:A5:61:7F:6C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       24B1A1CA9F6CAC596C883115152E33A4FB6BFB8E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4c3beeff-97b4-4505-8840-7bfe22e987b7.roa
Signing time:             Wed 24 Sep 2025 22:49:11 +0000
ROA not before:           Wed 24 Sep 2025 22:49:11 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b1:a1:ca:9f:6c:ac:59:6c:88:31:15:15:2e:33:a4:fb:6b:fb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 22:49:11 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=d6f042415e5a5ccda5ba1159607c8bd3fbedaf06c935303b19f416d29ee9a577, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:66:08:8f:44:f5:7e:09:7f:5e:a3:09:50:26:
                    97:0e:20:9c:ef:de:72:b2:ce:86:24:45:e6:4b:00:
                    82:b2:85:0a:8f:87:fd:05:19:63:c2:74:70:63:8b:
                    56:b2:b0:7a:f4:3f:9b:e7:36:13:9b:bc:0b:b7:6d:
                    ce:bf:94:7f:29:d2:94:12:32:2f:8b:d2:6a:03:95:
                    8a:d5:f0:06:bb:da:50:1c:e1:72:6d:80:f6:30:af:
                    f1:28:c6:a8:44:fe:4e:22:59:88:de:c5:c1:92:9e:
                    a9:72:ec:9c:e7:8f:c9:96:a3:d3:ce:fe:a6:7b:ff:
                    41:ad:58:97:6a:f0:03:0d:33:d6:31:a8:bc:04:56:
                    96:80:42:75:47:2d:06:aa:cc:9d:d2:85:71:6b:a0:
                    3c:9a:60:96:86:38:41:12:60:3c:b1:a2:ca:94:46:
                    71:13:a6:11:b4:eb:ef:56:d4:64:fc:9b:65:06:db:
                    91:84:24:1f:ef:7b:79:26:85:f0:a1:3e:91:da:b9:
                    25:d5:e7:bb:75:9d:08:71:a2:8c:95:a1:6b:7a:f0:
                    52:6f:9f:a3:8f:1c:01:7c:a4:ad:65:79:33:99:e1:
                    62:b1:0a:a1:aa:72:8e:5b:65:7f:b7:b2:3a:68:0e:
                    b6:00:35:04:89:75:10:27:38:f1:fc:0b:5b:1c:86:
                    43:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:E0:3F:E7:66:40:DC:66:F8:FA:33:10:8F:38:B6:76:A5:61:7F:6C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4c3beeff-97b4-4505-8840-7bfe22e987b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:c8:b3:d4:de:d3:77:bd:26:fb:4f:19:5f:89:8b:d5:67:d9:
         83:19:d4:b8:d5:bf:3e:78:f8:23:f1:92:dc:30:00:8c:e5:70:
         3e:ac:e5:9a:49:bf:5b:b9:d7:d0:a0:a2:48:95:17:eb:86:c9:
         1d:21:36:e9:4a:36:a6:33:bc:14:fa:5e:de:c0:67:4c:76:3c:
         3a:06:77:dd:5e:a7:8c:c4:27:20:8b:6d:84:b1:f5:fe:9f:44:
         64:79:3a:8e:dc:f8:a2:d3:aa:be:32:37:22:b4:a6:c6:26:2e:
         78:78:88:ca:05:92:cf:b8:36:07:cd:01:e2:f0:e8:dd:db:c0:
         b9:a2:be:d3:3b:fe:7e:6a:e9:3a:a9:83:09:64:2c:8d:07:9a:
         ac:e9:2c:9a:13:8a:8a:b5:bc:7d:fe:45:9a:05:dc:ca:bb:4f:
         d5:0e:a4:fb:92:ff:7c:eb:7e:12:a0:71:f4:51:fe:b7:12:54:
         52:50:ef:89:9b:b0:11:11:2a:5e:45:ec:aa:83:69:50:21:b6:
         51:1d:13:c6:0b:54:a8:c1:8c:35:93:e2:c4:e1:ef:4c:e1:8f:
         b1:15:df:a5:72:57:ae:09:8d:0e:ed:ad:b3:6d:a4:b8:1a:73:
         7d:66:92:77:54:fa:7f:d2:9f:44:f0:7f:ef:84:39:02:01:f0:
         85:9c:37:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJLGhyp9srFlsiDEVFS4zpPtr+44wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjI0OTExWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNmYwNDI0MTVlNWE1Y2NkYTViYTExNTk2MDdjOGJkM2Zi
ZWRhZjA2YzkzNTMwM2IxOWY0MTZkMjllZTlhNTc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsZgiPRPV+CX9eowlQJpcOIJzv3nKyzoYkReZLAIKyhQqP
h/0FGWPCdHBji1aysHr0P5vnNhObvAu3bc6/lH8p0pQSMi+L0moDlYrV8Aa72lAc
4XJtgPYwr/EoxqhE/k4iWYjexcGSnqly7Jznj8mWo9PO/qZ7/0GtWJdq8AMNM9Yx
qLwEVpaAQnVHLQaqzJ3ShXFroDyaYJaGOEESYDyxosqURnETphG06+9W1GT8m2UG
25GEJB/ve3kmhfChPpHauSXV57t1nQhxooyVoWt68FJvn6OPHAF8pK1leTOZ4WKx
CqGqco5bZX+3sjpoDrYANQSJdRAnOPH8C1schkNxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv+A/52ZA3Gb4+jMQjzi2dqVhf2wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRjM2JlZWZmLTk3YjQtNDUwNS04ODQwLTdiZmUyMmU5ODdiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISQWgwDQYJKoZIhvcNAQELBQADggEBAGvIs9Te03e9JvtPGV+Ji9Vn2YMZ
1LjVvz54+CPxktwwAIzlcD6s5ZpJv1u519CgokiVF+uGyR0hNulKNqYzvBT6Xt7A
Z0x2PDoGd91ep4zEJyCLbYSx9f6fRGR5Oo7c+KLTqr4yNyK0psYmLnh4iMoFks+4
NgfNAeLw6N3bwLmivtM7/n5q6TqpgwlkLI0HmqzpLJoTioq1vH3+RZoF3Mq7T9UO
pPuS/3zrfhKgcfRR/rcSVFJQ74mbsBERKl5F7KqDaVAhtlEdE8YLVKjBjDWT4sTh
70zhj7EV36VyV64JjQ7trbNtpLgac31mkndU+n/Sn0Twf++EOQIB8IWcN+k=
-----END CERTIFICATE-----