Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d3ffadc-63c9-41c0-8967-2e9efb39b8aa.roa
File:                     4d3ffadc-63c9-41c0-8967-2e9efb39b8aa.roa (raw, json)
Hash identifier:          n3f4ofQEfK4UFrgJ4sBrcTQYaU+uPxvIimYxvbANG0A=
Subject key identifier:   F1:6C:2A:3F:DD:F1:04:24:78:6B:B0:9C:18:AC:82:A4:F9:32:36:43
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2D2B7619879789A79CF06DD0B321E7F7296A4CCD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d3ffadc-63c9-41c0-8967-2e9efb39b8aa.roa
Signing time:             Wed 24 Sep 2025 21:51:53 +0000
ROA not before:           Wed 24 Sep 2025 21:51:53 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:2b:76:19:87:97:89:a7:9c:f0:6d:d0:b3:21:e7:f7:29:6a:4c:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:51:53 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=755be5715cf5b5a4e20960e69d224833c1bc1bd7710590d7d51bf56acb297177, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d6:70:8d:79:c8:20:b6:6f:6f:96:8a:b1:7b:
                    01:2b:af:b6:36:01:8d:a3:93:01:14:14:cd:8d:6f:
                    5b:a5:ac:93:8b:d1:55:ca:37:fb:e8:5a:6e:9f:35:
                    03:b7:10:38:5b:f0:86:35:2e:37:18:d7:4f:16:c8:
                    ba:c8:12:21:cc:39:75:2e:fd:30:5e:0d:8c:95:94:
                    84:5a:19:11:52:e0:01:11:7d:bc:1e:df:8e:6f:80:
                    57:4c:66:eb:ea:2b:a2:2a:29:31:ae:2f:ea:68:30:
                    33:2a:7f:a0:96:66:0e:d8:db:be:d0:a4:69:26:f0:
                    c9:ca:c5:ad:f8:d2:96:f0:be:11:fb:49:f7:b5:22:
                    1d:b2:ef:b4:5c:7d:ed:77:2e:50:37:a0:78:b3:d6:
                    2f:23:64:a0:1f:50:84:1b:98:81:18:c6:25:fd:f5:
                    90:38:b6:94:ee:31:dd:d5:df:58:d3:c2:60:fb:63:
                    4f:b1:89:8a:b8:f6:7e:2c:2e:a4:2c:14:60:a4:19:
                    d9:d8:6b:b2:33:66:c4:f4:80:06:8d:9f:76:d7:c7:
                    08:28:e6:a3:e2:98:47:44:8b:dc:eb:97:0e:b6:68:
                    d7:b7:d7:1e:32:ce:d9:49:29:d0:49:d2:87:30:7e:
                    ac:2b:b6:c4:20:f6:8f:e0:37:3d:d7:f5:ba:b0:e5:
                    78:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:6C:2A:3F:DD:F1:04:24:78:6B:B0:9C:18:AC:82:A4:F9:32:36:43
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4d3ffadc-63c9-41c0-8967-2e9efb39b8aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:60:ee:aa:69:68:a2:41:41:d8:e9:d8:7b:35:a8:51:59:1a:
         1d:9d:2c:65:b3:4a:9b:96:38:53:c9:3d:74:36:6b:9f:56:00:
         5b:1e:d3:89:df:11:1d:84:df:b3:5e:79:3d:01:34:0a:c1:e5:
         56:b6:dd:fa:b2:9c:42:ed:ec:6d:ce:6f:68:30:92:21:20:c8:
         be:97:f1:68:e9:9b:76:9c:1c:ec:cc:98:ce:39:e8:8e:ee:1f:
         2d:07:7c:4d:e5:ed:22:f0:ee:dc:31:3c:45:c1:21:f3:79:84:
         8a:f6:fd:07:02:2a:ec:a1:44:5f:85:87:29:25:01:fa:b3:fa:
         d6:76:04:ff:d2:b5:07:10:be:a5:cf:b9:a0:a7:69:9d:33:aa:
         76:bf:2e:26:a3:dc:c1:e3:fb:73:31:02:ac:ec:c7:6a:0b:0a:
         6d:85:4b:d4:82:f8:d0:5e:ca:9e:0f:d5:fd:ff:ba:fe:09:b5:
         22:dd:b7:b6:0f:b3:3d:2e:58:9b:f5:2f:83:67:47:05:17:8a:
         07:7f:41:4a:e2:0c:27:4c:9b:9c:26:67:27:46:8f:57:65:34:
         b3:8b:4e:64:9f:43:1c:0d:aa:b2:b7:43:ed:69:0c:7d:9c:db:
         ce:43:50:e1:e9:cc:05:52:e8:87:c1:d6:fd:c5:0c:d6:4c:d1:
         fb:2f:4a:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULSt2GYeXiaec8G3QsyHn9ylqTM0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjE1MTUzWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTViZTU3MTVjZjViNWE0ZTIwOTYwZTY5ZDIyNDgzM2Mx
YmMxYmQ3NzEwNTkwZDdkNTFiZjU2YWNiMjk3MTc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC31nCNecggtm9vloqxewErr7Y2AY2jkwEUFM2Nb1ulrJOL
0VXKN/voWm6fNQO3EDhb8IY1LjcY108WyLrIEiHMOXUu/TBeDYyVlIRaGRFS4AER
fbwe345vgFdMZuvqK6IqKTGuL+poMDMqf6CWZg7Y277QpGkm8MnKxa340pbwvhH7
Sfe1Ih2y77Rcfe13LlA3oHiz1i8jZKAfUIQbmIEYxiX99ZA4tpTuMd3V31jTwmD7
Y0+xiYq49n4sLqQsFGCkGdnYa7IzZsT0gAaNn3bXxwgo5qPimEdEi9zrlw62aNe3
1x4yztlJKdBJ0ocwfqwrtsQg9o/gNz3X9bqw5XhzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8WwqP93xBCR4a7CcGKyCpPkyNkMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRkM2ZmYWRjLTYzYzktNDFjMC04OTY3LTJlOWVmYjM5YjhhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQh4wDQYJKoZIhvcNAQELBQADggEBAD1g7qppaKJBQdjp2Hs1qFFZGh2d
LGWzSpuWOFPJPXQ2a59WAFse04nfER2E37NeeT0BNArB5Va23fqynELt7G3Ob2gw
kiEgyL6X8Wjpm3acHOzMmM456I7uHy0HfE3l7SLw7twxPEXBIfN5hIr2/QcCKuyh
RF+FhyklAfqz+tZ2BP/StQcQvqXPuaCnaZ0zqna/Liaj3MHj+3MxAqzsx2oLCm2F
S9SC+NBeyp4P1f3/uv4JtSLdt7YPsz0uWJv1L4NnRwUXigd/QUriDCdMm5wmZydG
j1dlNLOLTmSfQxwNqrK3Q+1pDH2c285DUOHpzAVS6IfB1v3FDNZM0fsvSsY=
-----END CERTIFICATE-----