Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5523f130-b1a8-45ad-b165-bbb50ee9035a.roa
File:                     5523f130-b1a8-45ad-b165-bbb50ee9035a.roa (raw, json)
Hash identifier:          iZ0HsZggAz/XOZ3YwnW7hKNS5nDfvAhXaCYuiK24E2I=
Subject key identifier:   3E:3B:20:28:F0:C3:2B:5E:9C:23:60:1F:39:3F:C2:A8:A5:CF:29:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2A7C7179FC908AA6606D9737E33C33F0CDFCF263
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5523f130-b1a8-45ad-b165-bbb50ee9035a.roa
Signing time:             Mon 22 Sep 2025 21:43:29 +0000
ROA not before:           Mon 22 Sep 2025 21:43:29 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:7c:71:79:fc:90:8a:a6:60:6d:97:37:e3:3c:33:f0:cd:fc:f2:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 21:43:29 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=79a160f28ca8dca69c3428cf0190b65a3a91a2e00620982d19a1c120aeed21e9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:07:59:a3:ce:76:cf:f3:14:56:76:7a:ad:2f:
                    48:3c:13:69:59:53:63:a2:f9:9a:fc:cc:03:96:ad:
                    80:b6:1e:03:36:84:b5:ff:20:f1:e2:7f:22:03:5c:
                    2f:71:78:ba:b5:22:a9:22:6b:a2:6d:74:9b:5e:2c:
                    57:46:41:cb:fc:4a:d0:a6:18:23:8e:63:e3:41:ef:
                    2b:5d:c3:69:8d:de:24:8e:ed:19:f3:13:a4:d8:cd:
                    7d:76:1c:bb:84:4f:72:61:88:fa:a3:6d:94:11:c1:
                    38:8e:8c:34:6d:a6:1c:ba:46:5f:4b:aa:21:9e:1b:
                    5c:50:a4:3a:1b:e7:ee:31:b4:2a:d4:1f:5a:47:b0:
                    7a:73:24:8a:a0:22:02:22:55:aa:cd:d7:ca:ba:53:
                    40:92:83:82:49:bd:e1:25:d7:18:20:5e:56:3a:de:
                    83:aa:2a:78:86:b0:83:36:a5:60:32:c5:d0:50:a3:
                    25:39:9f:94:ff:cc:b9:19:7e:0e:90:05:8a:6c:bc:
                    22:1e:c9:4a:45:84:d3:4c:ce:4b:ba:5a:20:c9:fc:
                    62:82:c5:b8:8d:ba:53:d6:d6:b1:c6:92:92:85:6e:
                    75:10:e3:25:14:32:c9:38:6f:9a:dc:03:8f:76:b4:
                    ca:77:12:5d:38:8c:6d:3f:19:49:2c:dc:1e:11:00:
                    9e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:3B:20:28:F0:C3:2B:5E:9C:23:60:1F:39:3F:C2:A8:A5:CF:29:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5523f130-b1a8-45ad-b165-bbb50ee9035a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:48:09:de:2d:d9:4e:19:9d:4e:70:df:16:be:92:b9:b8:47:
         83:fc:1e:59:31:fa:0e:87:11:c5:92:b1:e0:7e:e5:65:7c:43:
         ba:58:6c:37:83:f5:e3:b4:ee:20:16:51:59:89:63:f7:19:0c:
         28:2c:af:f7:40:81:f1:ed:3b:59:52:e6:a2:d1:ef:d9:15:e5:
         43:71:00:08:d5:9e:e8:10:66:df:08:48:44:3b:42:95:70:61:
         d5:f5:a1:5c:5f:f1:cc:d9:21:ea:ca:a4:41:e0:fe:15:a2:69:
         63:c9:ba:d6:98:28:59:a4:0e:d7:0b:4f:2c:62:1c:5f:3f:28:
         f5:c5:09:14:4f:df:b0:68:27:f6:6a:15:97:72:7a:56:b7:d5:
         27:7b:b9:89:c9:b1:43:6d:3d:49:6e:37:be:0b:f8:8d:b8:4f:
         c2:89:6e:69:29:d9:6d:4a:9d:7f:5e:49:9d:20:b8:19:54:53:
         ee:30:b1:4e:56:37:28:20:be:2e:3c:ae:f3:f1:73:9b:e3:a2:
         e0:64:f1:36:62:4d:a9:27:0c:d5:27:84:3d:83:77:7a:d4:d8:
         01:d3:e9:5e:1d:9d:95:43:a8:c6:e2:96:94:ae:54:8c:45:b7:
         81:52:02:19:69:99:b1:10:1a:8f:a4:b6:e7:2d:48:5a:21:e1:
         71:58:5c:a9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKnxxefyQiqZgbZc34zwz8M388mMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjE0MzI5WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OWExNjBmMjhjYThkY2E2OWMzNDI4Y2YwMTkwYjY1YTNh
OTFhMmUwMDYyMDk4MmQxOWExYzEyMGFlZWQyMWU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiB1mjznbP8xRWdnqtL0g8E2lZU2Oi+Zr8zAOWrYC2HgM2
hLX/IPHifyIDXC9xeLq1Iqkia6JtdJteLFdGQcv8StCmGCOOY+NB7ytdw2mN3iSO
7RnzE6TYzX12HLuET3JhiPqjbZQRwTiOjDRtphy6Rl9LqiGeG1xQpDob5+4xtCrU
H1pHsHpzJIqgIgIiVarN18q6U0CSg4JJveEl1xggXlY63oOqKniGsIM2pWAyxdBQ
oyU5n5T/zLkZfg6QBYpsvCIeyUpFhNNMzku6WiDJ/GKCxbiNulPW1rHGkpKFbnUQ
4yUUMsk4b5rcA492tMp3El04jG0/GUks3B4RAJ5xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPjsgKPDDK16cI2AfOT/CqKXPKcowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1MjNmMTMwLWIxYTgtNDVhZC1iMTY1LWJiYjUwZWU5MDM1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS73MwDQYJKoZIhvcNAQELBQADggEBAC1ICd4t2U4ZnU5w3xa+krm4R4P8
Hlkx+g6HEcWSseB+5WV8Q7pYbDeD9eO07iAWUVmJY/cZDCgsr/dAgfHtO1lS5qLR
79kV5UNxAAjVnugQZt8ISEQ7QpVwYdX1oVxf8czZIerKpEHg/hWiaWPJutaYKFmk
DtcLTyxiHF8/KPXFCRRP37BoJ/ZqFZdyela31Sd7uYnJsUNtPUluN74L+I24T8KJ
bmkp2W1KnX9eSZ0guBlUU+4wsU5WNyggvi48rvPxc5vjouBk8TZiTaknDNUnhD2D
d3rU2AHT6V4dnZVDqMbilpSuVIxFt4FSAhlpmbEQGo+ktuctSFoh4XFYXKk=
-----END CERTIFICATE-----