Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/50e01d93-e64b-4d89-ab2f-cc542346d6cc.roa
File:                     50e01d93-e64b-4d89-ab2f-cc542346d6cc.roa (raw, json)
Hash identifier:          NTTXjn6FWQM9ZpJFETLVNTwgxITmvQb/Zsw0Wb4LUiQ=
Subject key identifier:   3E:EE:F1:41:92:DE:12:1C:B3:2C:AB:9D:6A:41:D3:99:B1:71:17:42
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       385CE73E6597E97761AC7F28713CA81EC2F67EA6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/50e01d93-e64b-4d89-ab2f-cc542346d6cc.roa
Signing time:             Fri 26 Sep 2025 16:15:06 +0000
ROA not before:           Fri 26 Sep 2025 16:15:06 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.140.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:5c:e7:3e:65:97:e9:77:61:ac:7f:28:71:3c:a8:1e:c2:f6:7e:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:15:06 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e29b07646c2b3a4ea56cef30ff6b3f3c7db5238f8a07fb34a597cca86b20f89a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7b:31:1a:2a:6f:2d:a9:73:20:0d:38:a7:fe:
                    c4:22:2b:cf:5c:da:c4:f9:2a:64:8d:df:ae:97:90:
                    5f:50:08:0b:ad:00:4e:58:77:fc:b4:d3:6a:98:25:
                    8a:6f:07:9f:2d:df:f2:57:71:1f:89:c2:95:98:da:
                    b2:55:03:0e:64:6d:24:d7:5d:c9:3c:b3:1d:55:67:
                    12:0a:7d:2b:24:e3:83:c7:ca:15:39:aa:1b:5b:f5:
                    e8:08:81:f2:7d:b5:9e:a9:02:12:05:c2:a0:aa:bd:
                    be:b1:ab:82:52:be:c0:0a:65:8a:8b:5d:e4:16:1f:
                    e1:cf:47:bf:08:8a:9d:e4:d5:01:1b:4d:38:53:30:
                    a8:6b:f0:c8:c0:bc:16:6c:a2:11:c8:b9:c1:90:3e:
                    cb:29:44:d1:9a:fa:86:97:4d:f5:c4:28:78:16:20:
                    17:66:06:4f:09:71:07:0c:00:66:fd:3d:63:13:0b:
                    be:ef:7d:42:86:8a:c2:59:63:87:5b:43:e7:e6:ea:
                    4e:08:94:33:16:2e:7a:3f:b5:fb:d4:b4:05:0b:5b:
                    5a:54:82:1f:b1:d1:b6:d1:8b:66:88:64:56:99:2c:
                    bc:9c:6a:52:c2:9e:70:d8:81:69:9f:49:e8:36:d5:
                    96:08:b0:82:4a:6f:b7:8a:e2:42:5f:58:34:d2:6e:
                    ad:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:EE:F1:41:92:DE:12:1C:B3:2C:AB:9D:6A:41:D3:99:B1:71:17:42
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/50e01d93-e64b-4d89-ab2f-cc542346d6cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.140.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4d:09:f2:6e:83:63:67:7a:0d:b4:50:6c:0e:9d:86:af:e0:48:
         b1:bc:50:13:b4:f2:aa:5d:2a:26:70:d3:3f:f7:9a:d1:2a:2f:
         1f:20:7e:6a:49:c5:80:5e:cb:8e:cf:d7:85:67:36:ed:a9:0b:
         d9:76:ce:87:0d:ce:0f:09:65:5d:f2:47:8a:4d:b2:88:bf:c1:
         bb:24:00:01:50:e2:c4:cd:93:d7:bb:6c:65:6a:cf:59:9a:0f:
         73:31:9e:9a:a1:b7:ac:39:02:fc:59:b5:67:3e:c1:ec:53:3a:
         0a:9f:3f:73:89:b6:21:3a:58:21:c7:91:95:22:00:eb:56:5b:
         6a:31:d0:ad:b4:e2:e4:60:fb:00:06:ab:08:17:aa:cb:b8:e3:
         ec:d9:86:01:bd:5e:22:63:90:b4:24:99:76:50:b6:e0:14:3d:
         2c:0b:ed:7c:cd:31:08:84:a7:ee:83:5d:db:a0:5b:90:11:22:
         5b:7f:51:cc:4d:aa:a8:6f:8b:a8:7c:e0:fa:70:e1:e6:80:57:
         b2:81:2a:87:4e:28:5e:38:28:9e:f2:fb:f9:0d:bf:14:b2:3f:
         4f:6a:56:df:73:55:9e:85:53:ba:50:b1:1b:0b:76:7e:04:a6:
         ee:a2:15:2e:dd:7d:83:19:83:61:f6:b2:be:69:66:f5:82:73:
         2b:8e:36:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOFznPmWX6XdhrH8ocTyoHsL2fqYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYxNTA2WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjliMDc2NDZjMmIzYTRlYTU2Y2VmMzBmZjZiM2YzYzdk
YjUyMzhmOGEwN2ZiMzRhNTk3Y2NhODZiMjBmODlhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnezEaKm8tqXMgDTin/sQiK89c2sT5KmSN366XkF9QCAut
AE5Yd/y002qYJYpvB58t3/JXcR+JwpWY2rJVAw5kbSTXXck8sx1VZxIKfSsk44PH
yhU5qhtb9egIgfJ9tZ6pAhIFwqCqvb6xq4JSvsAKZYqLXeQWH+HPR78Iip3k1QEb
TThTMKhr8MjAvBZsohHIucGQPsspRNGa+oaXTfXEKHgWIBdmBk8JcQcMAGb9PWMT
C77vfUKGisJZY4dbQ+fm6k4IlDMWLno/tfvUtAULW1pUgh+x0bbRi2aIZFaZLLyc
alLCnnDYgWmfSeg21ZYIsIJKb7eK4kJfWDTSbq0nAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPu7xQZLeEhyzLKudakHTmbFxF0IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUwZTAxZDkzLWU2NGItNGQ4OS1hYjJmLWNjNTQyMzQ2ZDZjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASjDANBgkqhkiG9w0BAQsFAAOCAQEATQnyboNjZ3oNtFBsDp2Gr+BIsbxQ
E7Tyql0qJnDTP/ea0SovHyB+aknFgF7Ljs/XhWc27akL2XbOhw3ODwllXfJHik2y
iL/BuyQAAVDixM2T17tsZWrPWZoPczGemqG3rDkC/Fm1Zz7B7FM6Cp8/c4m2ITpY
IceRlSIA61ZbajHQrbTi5GD7AAarCBeqy7jj7NmGAb1eImOQtCSZdlC24BQ9LAvt
fM0xCISn7oNd26BbkBEiW39RzE2qqG+LqHzg+nDh5oBXsoEqh04oXjgonvL7+Q2/
FLI/T2pW33NVnoVTulCxGwt2fgSm7qIVLt19gxmDYfayvmlm9YJzK442QQ==
-----END CERTIFICATE-----