Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5487de2a-46e2-4572-9295-2aa90f09e271.roa
File:                     5487de2a-46e2-4572-9295-2aa90f09e271.roa (raw, json)
Hash identifier:          7IWcX8aC9I8PC7IGGDfGKH6ARKXzOtRYFGPAajsGAHw=
Subject key identifier:   85:B7:73:E3:8B:9F:5B:A1:BC:D1:8F:9D:31:5C:1A:58:7E:C0:48:EE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       456D34A2A8D90943B696CAABB7F6233ADDA74E61
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5487de2a-46e2-4572-9295-2aa90f09e271.roa
Signing time:             Mon 22 Sep 2025 20:17:26 +0000
ROA not before:           Mon 22 Sep 2025 20:17:26 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:6d:34:a2:a8:d9:09:43:b6:96:ca:ab:b7:f6:23:3a:dd:a7:4e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 20:17:26 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=73e0f90a826fc9d7496e3208021f639a9bdcd14e5fb7c52becf2ee7c3c17f652, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2e:83:23:16:fc:e8:f2:4f:0c:a4:c5:0b:56:
                    5f:94:3b:9d:fd:15:a9:26:46:e5:8a:ac:72:21:99:
                    68:00:83:9d:b6:05:c3:22:80:dd:8a:bf:a2:d7:87:
                    11:c8:32:7d:a5:97:ea:86:35:b7:37:1e:b3:4a:d5:
                    d2:b2:a2:9d:b5:5c:c8:f3:6d:e7:67:3a:52:4e:41:
                    fb:17:6f:47:c4:af:93:a7:75:e4:ca:a7:be:cc:2e:
                    30:2f:c7:f3:dd:87:4d:68:c2:ee:7b:1c:d5:7a:0a:
                    12:a0:b0:64:45:2e:9c:82:bf:d2:84:5b:e0:04:a0:
                    e3:af:32:bc:b3:13:cc:96:e3:3b:c6:7a:d0:e1:79:
                    7d:20:7b:7f:b7:05:c7:e7:b9:b9:12:d4:bc:7a:3f:
                    93:65:23:af:78:44:45:e8:87:b7:0b:cb:3c:8a:8a:
                    b2:e4:07:f6:31:4a:fc:c7:59:07:80:40:ee:d4:17:
                    e2:cd:ed:49:20:78:54:3b:7f:62:01:f7:b5:fb:90:
                    0a:a5:c8:3e:68:48:d0:0f:5c:54:bc:55:e8:c2:03:
                    f8:8c:d8:28:9c:46:94:b8:03:3a:d2:9e:c2:2b:57:
                    d4:42:aa:b7:2a:32:4f:f4:e8:ec:61:5a:9b:3c:fa:
                    6b:8a:92:85:ab:a4:c9:6c:2a:a1:24:8c:a1:53:cc:
                    70:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B7:73:E3:8B:9F:5B:A1:BC:D1:8F:9D:31:5C:1A:58:7E:C0:48:EE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5487de2a-46e2-4572-9295-2aa90f09e271.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         97:78:51:11:ea:30:c1:4f:c9:7e:68:07:ed:86:fe:73:e3:db:
         7c:d6:09:67:b5:35:6e:f8:14:46:e0:61:d1:3a:b2:ce:01:6c:
         24:66:b7:d2:45:ad:03:89:c8:e1:49:b0:ed:5b:92:b1:e3:df:
         06:ed:9f:46:d7:9c:34:db:b6:da:62:6c:5a:b2:ad:3b:48:58:
         94:2f:5c:de:64:75:de:7b:00:88:3f:ba:22:43:03:fe:49:cc:
         46:b1:bd:d5:d1:b5:3c:c3:d6:82:5a:e7:79:9f:d9:3e:88:28:
         de:a7:a2:62:5a:fa:7b:f5:fc:78:52:ff:3d:33:cb:75:b4:1d:
         2d:73:3b:5f:1c:d5:62:95:81:a8:4c:f8:e1:6a:58:70:14:2a:
         4f:fc:44:2a:98:5e:45:44:18:36:20:28:89:cc:e3:eb:4e:eb:
         77:1f:5a:a9:8d:76:c7:b6:01:7a:16:15:7b:22:cb:55:48:82:
         3e:89:fe:92:67:9e:e4:f6:09:75:f8:52:fa:af:af:44:bb:96:
         94:6b:c3:b3:db:6a:c4:56:af:0e:b3:c3:fd:8b:19:0c:bd:41:
         2a:dc:a3:ff:33:02:a9:9d:f8:03:e2:89:8a:9f:d5:a8:de:c8:
         f5:23:71:6c:85:ac:97:cd:67:ac:07:c9:39:62:ea:d2:3d:6a:
         15:d9:c9:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURW00oqjZCUO2lsqrt/YjOt2nTmEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjAxNzI2WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2UwZjkwYTgyNmZjOWQ3NDk2ZTMyMDgwMjFmNjM5YTli
ZGNkMTRlNWZiN2M1MmJlY2YyZWU3YzNjMTdmNjUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsLoMjFvzo8k8MpMULVl+UO539FakmRuWKrHIhmWgAg522
BcMigN2Kv6LXhxHIMn2ll+qGNbc3HrNK1dKyop21XMjzbednOlJOQfsXb0fEr5On
deTKp77MLjAvx/Pdh01owu57HNV6ChKgsGRFLpyCv9KEW+AEoOOvMryzE8yW4zvG
etDheX0ge3+3BcfnubkS1Lx6P5NlI694REXoh7cLyzyKirLkB/YxSvzHWQeAQO7U
F+LN7UkgeFQ7f2IB97X7kAqlyD5oSNAPXFS8VejCA/iM2CicRpS4AzrSnsIrV9RC
qrcqMk/06OxhWps8+muKkoWrpMlsKqEkjKFTzHAXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhbdz44ufW6G80Y+dMVwaWH7ASO4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU0ODdkZTJhLTQ2ZTItNDU3Mi05Mjk1LTJhYTkwZjA5ZTI3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQSpTAwDQYJKoZIhvcNAQELBQADggEBAJd4URHqMMFPyX5oB+2G/nPj23zW
CWe1NW74FEbgYdE6ss4BbCRmt9JFrQOJyOFJsO1bkrHj3wbtn0bXnDTbttpibFqy
rTtIWJQvXN5kdd57AIg/uiJDA/5JzEaxvdXRtTzD1oJa53mf2T6IKN6nomJa+nv1
/HhS/z0zy3W0HS1zO18c1WKVgahM+OFqWHAUKk/8RCqYXkVEGDYgKInM4+tO63cf
WqmNdse2AXoWFXsiy1VIgj6J/pJnnuT2CXX4Uvqvr0S7lpRrw7PbasRWrw6zw/2L
GQy9QSrco/8zAqmd+APiiYqf1ajeyPUjcWyFrJfNZ6wHyTli6tI9ahXZydM=
-----END CERTIFICATE-----