Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d379510-1cde-4eab-9143-defb092b83ef.roa
File:                     4d379510-1cde-4eab-9143-defb092b83ef.roa (raw, json)
Hash identifier:          QUg/FbGtzlmJR9Xl37U8DghtUWI/TR6p1rODlRS1ljo=
Subject key identifier:   9F:BF:A8:10:D7:E6:82:B0:96:6C:36:19:85:65:2F:E7:9C:A4:B1:C7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       59A85C874910C1B466568F5B396C95CD59684883
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d379510-1cde-4eab-9143-defb092b83ef.roa
Signing time:             Wed 24 Sep 2025 21:42:14 +0000
ROA not before:           Wed 24 Sep 2025 21:42:14 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:a8:5c:87:49:10:c1:b4:66:56:8f:5b:39:6c:95:cd:59:68:48:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:42:14 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=d1bf6a17481b5bc8f36831be93e0d7812cda679f6a412a6f886eb5032ef4c5bb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d5:99:a0:df:6f:3a:4a:c8:f6:3a:61:9e:da:
                    6e:d6:4a:ae:38:b8:54:4b:49:cc:ed:cd:a9:70:e2:
                    d9:87:6e:2d:9c:88:85:59:6f:35:aa:8d:10:69:e5:
                    3a:bc:32:f2:55:ed:d1:37:04:78:d9:f4:45:ab:39:
                    6a:fc:e2:af:bc:9c:a2:f8:d3:1b:2b:3c:d7:c6:8c:
                    a0:6a:4a:16:de:a8:dc:a1:34:eb:51:c4:a0:de:e2:
                    67:1e:6e:f8:51:9f:76:7c:e4:75:ec:4a:e3:dc:8b:
                    8e:95:a1:60:38:f2:4a:98:68:fe:ef:13:ab:f5:32:
                    4d:44:3c:ea:ca:94:84:32:7e:f3:14:d4:b3:43:35:
                    5c:da:0e:8f:a7:37:35:38:37:51:31:d8:00:f4:40:
                    a1:25:0c:50:7d:07:27:04:be:77:76:8f:a1:20:f5:
                    46:94:12:2f:7c:c7:0e:2d:42:d4:a0:37:bc:f9:43:
                    11:4d:3c:fc:d5:3b:12:1d:be:6d:5c:69:f7:13:1a:
                    0f:65:7e:b7:5b:33:0f:9a:64:30:7d:9a:61:a6:4f:
                    38:6c:2c:fc:7b:54:e5:8f:d9:a6:d1:73:c0:67:19:
                    01:a9:0c:b0:52:33:93:41:ee:72:80:94:d6:4e:b0:
                    46:56:48:a1:ad:73:62:8d:5a:72:82:79:89:ef:cd:
                    ab:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BF:A8:10:D7:E6:82:B0:96:6C:36:19:85:65:2F:E7:9C:A4:B1:C7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d379510-1cde-4eab-9143-defb092b83ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:60:bf:61:3e:3d:b5:db:05:98:f9:6c:22:f0:8a:32:ff:0b:
         ce:c8:b2:a2:b5:5b:45:f4:1f:df:a3:d7:dc:b2:a9:56:93:d6:
         0f:da:ff:84:7c:d5:e4:49:17:36:d5:4c:87:bd:f4:fb:d2:86:
         04:cb:6d:56:39:67:22:4c:70:f8:e2:3a:5e:8c:7d:32:41:9a:
         d5:78:4f:0a:df:30:ae:ff:db:15:ef:72:a1:7d:55:69:4e:89:
         2b:7e:d3:2f:6e:24:38:b0:f5:ac:3b:07:fc:23:e5:ef:17:7e:
         09:88:01:c8:a2:33:76:94:8b:1b:e7:f2:9a:79:aa:9b:46:67:
         5b:9b:a6:c8:c0:00:c3:e0:37:5d:31:d7:df:8d:2d:14:fb:1b:
         65:07:f3:72:81:85:e4:4e:23:71:a1:4b:d9:1c:c3:a4:67:07:
         8e:b0:40:6b:d7:2f:ec:6d:99:3b:32:5e:81:d2:dc:1a:a0:9f:
         18:fb:13:45:d4:d9:8d:22:25:e0:20:33:2a:ee:a5:40:17:29:
         91:aa:c5:69:8d:d5:41:e2:8f:bd:5e:e8:f7:c4:7b:9c:9a:be:
         af:4d:ae:a7:ed:1c:75:ec:97:7b:3a:d7:af:70:fd:89:78:d8:
         99:e6:9b:73:70:fb:cb:2d:4d:a9:d1:2e:17:48:e6:40:0b:41:
         fa:27:eb:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWahch0kQwbRmVo9bOWyVzVloSIMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjE0MjE0WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMWJmNmExNzQ4MWI1YmM4ZjM2ODMxYmU5M2UwZDc4MTJj
ZGE2NzlmNmE0MTJhNmY4ODZlYjUwMzJlZjRjNWJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc1Zmg3286Ssj2OmGe2m7WSq44uFRLScztzalw4tmHbi2c
iIVZbzWqjRBp5Tq8MvJV7dE3BHjZ9EWrOWr84q+8nKL40xsrPNfGjKBqShbeqNyh
NOtRxKDe4mcebvhRn3Z85HXsSuPci46VoWA48kqYaP7vE6v1Mk1EPOrKlIQyfvMU
1LNDNVzaDo+nNzU4N1Ex2AD0QKElDFB9BycEvnd2j6Eg9UaUEi98xw4tQtSgN7z5
QxFNPPzVOxIdvm1cafcTGg9lfrdbMw+aZDB9mmGmTzhsLPx7VOWP2abRc8BnGQGp
DLBSM5NB7nKAlNZOsEZWSKGtc2KNWnKCeYnvzav9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUn7+oENfmgrCWbDYZhWUv55yksccwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRkMzc5NTEwLTFjZGUtNGVhYi05MTQzLWRlZmIwOTJiODNlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQmswDQYJKoZIhvcNAQELBQADggEBAFZgv2E+PbXbBZj5bCLwijL/C87I
sqK1W0X0H9+j19yyqVaT1g/a/4R81eRJFzbVTIe99PvShgTLbVY5ZyJMcPjiOl6M
fTJBmtV4TwrfMK7/2xXvcqF9VWlOiSt+0y9uJDiw9aw7B/wj5e8XfgmIAciiM3aU
ixvn8pp5qptGZ1ubpsjAAMPgN10x19+NLRT7G2UH83KBheROI3GhS9kcw6RnB46w
QGvXL+xtmTsyXoHS3Bqgnxj7E0XU2Y0iJeAgMyrupUAXKZGqxWmN1UHij71e6PfE
e5yavq9NrqftHHXsl3s6169w/Yl42Jnmm3Nw+8stTanRLhdI5kALQfon6/4=
-----END CERTIFICATE-----