Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/51bd50c0-a367-4f5e-a3ad-f8628966647d.roa
File:                     51bd50c0-a367-4f5e-a3ad-f8628966647d.roa (raw, json)
Hash identifier:          fLB117AsxRfUVUGf7WluCwMw7DBwuRhB1KerjzBOZWU=
Subject key identifier:   5E:B8:4D:B9:3A:35:8B:35:D3:DE:A2:A5:1E:7B:54:8B:14:3B:D3:05
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       01244984EF833A7B2677840F4483DF25B124F9D6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/51bd50c0-a367-4f5e-a3ad-f8628966647d.roa
Signing time:             Mon 22 Sep 2025 20:06:54 +0000
ROA not before:           Mon 22 Sep 2025 20:06:54 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:24:49:84:ef:83:3a:7b:26:77:84:0f:44:83:df:25:b1:24:f9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 20:06:54 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=ae1ba3650ae8cd86b9390b16a3f20405294e0a13cd34b630c0eaa510184d7d22, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a8:98:ca:72:c6:fc:98:c9:37:fb:e2:ac:59:
                    8e:f8:1f:8d:e1:fa:28:be:40:d5:a7:6a:10:5d:50:
                    bf:91:9d:16:57:09:78:74:60:55:0b:11:dd:e3:d7:
                    da:a8:8b:cb:f6:96:99:46:de:35:dc:79:9b:bb:2b:
                    d2:d2:67:2a:d7:c5:ad:78:4a:2d:a7:f4:ea:80:24:
                    1c:76:9f:ec:ab:59:8a:56:96:a3:94:d1:c1:fa:3a:
                    ea:2c:d1:f4:99:67:52:dd:04:ff:05:ff:c4:73:56:
                    ab:fc:90:21:c5:d4:87:53:6b:31:7d:da:fa:27:aa:
                    35:19:22:66:99:67:52:51:3a:c1:5e:67:e0:ce:c8:
                    d3:05:2b:6f:86:81:30:e5:38:8b:08:66:fd:d8:26:
                    92:26:32:90:02:ee:55:3a:9b:ba:c6:ee:aa:d8:ba:
                    e2:67:85:4a:3a:1f:e6:83:fe:74:e5:56:91:25:a1:
                    48:54:01:ad:83:f4:d1:e3:8b:01:86:27:cd:9a:13:
                    e9:72:ed:d5:54:c3:45:74:76:13:56:b3:eb:7e:e4:
                    b4:73:92:91:75:9d:91:17:b0:0a:01:28:e3:de:f8:
                    f3:c5:d3:69:30:59:a2:ed:5b:16:a7:2a:7a:af:7e:
                    42:b8:38:7e:65:4e:df:83:4f:e0:51:6c:0b:9e:27:
                    dc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B8:4D:B9:3A:35:8B:35:D3:DE:A2:A5:1E:7B:54:8B:14:3B:D3:05
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/51bd50c0-a367-4f5e-a3ad-f8628966647d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:4b:da:ad:74:af:2b:e8:69:94:f1:41:44:f2:63:f2:c4:fa:
         ce:c0:a0:2b:71:30:0c:61:e9:c9:9d:23:3a:b0:b7:27:d0:0b:
         ae:f3:3c:80:cc:f6:62:7e:fa:81:b0:82:73:3a:22:92:e4:7c:
         c0:da:22:8f:90:e5:62:73:a8:8d:87:6e:87:76:dc:36:d5:94:
         ff:89:c8:40:09:c6:f6:3b:9e:85:30:20:c7:86:94:61:1c:ef:
         eb:01:f0:21:6b:ce:dc:f2:18:f4:d3:ca:d3:cb:2d:16:a7:36:
         5d:09:33:d0:25:5c:12:35:6a:94:ec:77:70:1c:f1:30:44:1b:
         10:eb:8e:01:68:a2:0f:a0:71:57:59:61:b8:da:95:97:ee:1a:
         a8:1a:68:82:ec:7d:6b:5a:cc:1d:2b:f3:dd:18:8a:6a:c6:fa:
         e5:d6:ab:6f:21:72:38:f4:35:e1:fb:aa:b9:0d:a9:06:03:30:
         b4:0d:96:34:aa:55:c5:ab:c0:f3:fe:0a:4d:55:8c:c3:2b:e2:
         ae:96:03:89:30:7a:1f:ad:25:15:98:dc:30:6e:2c:bb:0f:e3:
         13:96:f7:5b:30:b3:ae:35:c7:04:4d:d3:b9:73:e7:6c:c1:a2:
         6e:c5:d3:fe:8e:b3:76:b3:94:2e:3f:2b:a7:f6:12:6c:4d:62:
         2d:78:d3:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUASRJhO+DOnsmd4QPRIPfJbEk+dYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjAwNjU0WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTFiYTM2NTBhZThjZDg2YjkzOTBiMTZhM2YyMDQwNTI5
NGUwYTEzY2QzNGI2MzBjMGVhYTUxMDE4NGQ3ZDIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbqJjKcsb8mMk3++KsWY74H43h+ii+QNWnahBdUL+RnRZX
CXh0YFULEd3j19qoi8v2lplG3jXceZu7K9LSZyrXxa14Si2n9OqAJBx2n+yrWYpW
lqOU0cH6Ouos0fSZZ1LdBP8F/8RzVqv8kCHF1IdTazF92vonqjUZImaZZ1JROsFe
Z+DOyNMFK2+GgTDlOIsIZv3YJpImMpAC7lU6m7rG7qrYuuJnhUo6H+aD/nTlVpEl
oUhUAa2D9NHjiwGGJ82aE+ly7dVUw0V0dhNWs+t+5LRzkpF1nZEXsAoBKOPe+PPF
02kwWaLtWxanKnqvfkK4OH5lTt+DT+BRbAueJ9x7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXrhNuTo1izXT3qKlHntUixQ70wUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUxYmQ1MGMwLWEzNjctNGY1ZS1hM2FkLWY4NjI4OTY2NjQ3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISpBAwDQYJKoZIhvcNAQELBQADggEBAFVL2q10ryvoaZTxQUTyY/LE+s7A
oCtxMAxh6cmdIzqwtyfQC67zPIDM9mJ++oGwgnM6IpLkfMDaIo+Q5WJzqI2Hbod2
3DbVlP+JyEAJxvY7noUwIMeGlGEc7+sB8CFrztzyGPTTytPLLRanNl0JM9AlXBI1
apTsd3Ac8TBEGxDrjgFoog+gcVdZYbjalZfuGqgaaILsfWtazB0r890YimrG+uXW
q28hcjj0NeH7qrkNqQYDMLQNljSqVcWrwPP+Ck1VjMMr4q6WA4kweh+tJRWY3DBu
LLsP4xOW91sws641xwRN07lz52zBom7F0/6Os3azlC4/K6f2EmxNYi140yQ=
-----END CERTIFICATE-----