Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/569149b8-c95a-4ed1-abde-be764c9de4da.roa
File:                     569149b8-c95a-4ed1-abde-be764c9de4da.roa (raw, json)
Hash identifier:          LQ9G6/yT/apTFza9noZelNR+DxWEQ+UhhladoYdbH/c=
Subject key identifier:   79:F3:6C:ED:3C:B5:A0:8C:9B:3C:B2:BE:02:49:22:F5:1E:50:D1:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2274D854E88D6F4C31D369FD8EA6EEC7292D33
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/569149b8-c95a-4ed1-abde-be764c9de4da.roa
Signing time:             Mon 22 Sep 2025 22:40:36 +0000
ROA not before:           Mon 22 Sep 2025 22:40:36 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:74:d8:54:e8:8d:6f:4c:31:d3:69:fd:8e:a6:ee:c7:29:2d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:40:36 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=0bf4e2da85cd3cef8d2278c4ce50d1847ee6eefafdcb7e8e939b7d1a070f2fa1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:23:10:2c:c7:c4:17:72:4a:9e:2d:48:e0:c4:
                    bb:03:ca:79:4f:ff:d8:c7:7f:e2:3f:80:17:59:7d:
                    19:76:bc:f0:74:1e:42:07:0c:c0:b6:ca:62:d1:bb:
                    d3:ca:25:41:66:19:ff:c4:94:0e:bc:90:d5:0e:ab:
                    28:81:5d:45:36:8f:cd:c4:b1:29:3f:00:8e:bd:18:
                    91:0a:ea:7f:2a:f7:c2:cc:7a:9d:cb:c8:bf:36:15:
                    e3:cc:04:ae:75:e6:46:df:f9:1d:df:f3:9f:f7:22:
                    4b:ba:b4:33:7b:6c:2b:be:45:dc:97:50:ac:54:ac:
                    19:a4:df:7e:2a:15:e0:27:ac:38:8b:dd:54:6e:c5:
                    77:d8:ca:f2:d8:24:1c:fd:d5:ba:8f:ab:1d:88:dd:
                    7b:05:c8:50:2e:e2:60:23:10:f0:d7:52:e0:b0:b9:
                    23:b0:ad:c4:ab:dd:66:b7:7f:67:95:cf:ec:32:f9:
                    0e:fd:72:b8:33:05:dc:fc:01:17:81:11:ec:d5:fd:
                    46:f6:98:5a:05:59:01:e0:95:0f:6b:da:56:9e:1c:
                    41:e3:ca:92:64:2b:53:99:35:92:a7:fa:db:64:35:
                    cb:71:52:ab:db:d5:75:ff:43:3a:35:38:2f:7f:f1:
                    03:69:ac:18:c7:8d:aa:fc:ef:6e:f7:84:ec:e6:6f:
                    71:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F3:6C:ED:3C:B5:A0:8C:9B:3C:B2:BE:02:49:22:F5:1E:50:D1:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/569149b8-c95a-4ed1-abde-be764c9de4da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:9a:a0:b0:32:66:b1:e0:03:2c:86:3f:01:ad:82:d8:92:05:
         80:eb:bf:96:d5:4b:6a:84:05:bb:79:ea:0f:5a:99:ea:bf:d3:
         27:5f:e3:30:9c:52:6b:b6:66:80:2d:4d:b4:50:ea:f3:d8:20:
         ad:8f:9a:d5:9b:43:8d:f9:4d:29:9b:9d:16:af:d2:43:44:5b:
         84:24:97:bb:28:11:84:71:30:c9:86:b7:32:fe:62:fe:b6:a1:
         78:71:2f:5a:3b:3c:81:0b:83:5b:9e:07:eb:16:34:8d:94:c5:
         cb:73:0b:4b:64:40:00:7b:1b:6b:4d:e2:94:1a:06:90:4d:c8:
         d2:db:c3:82:f1:bf:b7:05:bd:cf:d0:79:70:f6:66:a5:bd:e3:
         9b:ba:6f:dc:b1:35:9f:bf:2d:80:94:5d:9d:44:15:ac:33:95:
         6f:63:2e:fb:2d:a9:bc:d6:79:7c:78:0e:81:14:b8:fa:f0:1b:
         93:1a:66:24:30:4a:d3:c7:cd:eb:27:5d:6e:d7:e4:c6:9f:ee:
         d5:34:4d:3d:16:09:77:a6:ab:ac:48:11:76:e1:40:70:12:96:
         e7:05:85:38:24:7b:29:e1:1a:a9:ff:a9:70:fc:2f:bd:e7:c2:
         33:d6:ca:72:a7:37:2f:7b:8f:d9:ea:87:ac:81:4c:80:a6:1c:
         33:a7:e8:b9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITInTYVOiNb0wx02n9jqbuxyktMzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA5MjIyMjQwMzZaFw0yNTEwMjcyMzU5NTla
MHoxSTBHBgNVBAUTQDBiZjRlMmRhODVjZDNjZWY4ZDIyNzhjNGNlNTBkMTg0N2Vl
NmVlZmFmZGNiN2U4ZTkzOWI3ZDFhMDcwZjJmYTExLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPUjECzHxBdySp4tSODEuwPKeU//2Md/4j+AF1l9GXa88HQe
QgcMwLbKYtG708olQWYZ/8SUDryQ1Q6rKIFdRTaPzcSxKT8Ajr0YkQrqfyr3wsx6
ncvIvzYV48wErnXmRt/5Hd/zn/ciS7q0M3tsK75F3JdQrFSsGaTffioV4CesOIvd
VG7Fd9jK8tgkHP3Vuo+rHYjdewXIUC7iYCMQ8NdS4LC5I7CtxKvdZrd/Z5XP7DL5
Dv1yuDMF3PwBF4ER7NX9RvaYWgVZAeCVD2vaVp4cQePKkmQrU5k1kqf622Q1y3FS
q9vVdf9DOjU4L3/xA2msGMeNqvzvbveE7OZvcfMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBR582ztPLWgjJs8sr4CSSL1HlDRcTAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvNTY5MTQ5YjgtYzk1YS00ZWQxLWFiZGUtYmU3NjRjOWRlNGRhLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEABL01jANBgkqhkiG9w0BAQsFAAOCAQEAhZqgsDJmseADLIY/Aa2C2JIFgOu/
ltVLaoQFu3nqD1qZ6r/TJ1/jMJxSa7ZmgC1NtFDq89ggrY+a1ZtDjflNKZudFq/S
Q0RbhCSXuygRhHEwyYa3Mv5i/raheHEvWjs8gQuDW54H6xY0jZTFy3MLS2RAAHsb
a03ilBoGkE3I0tvDgvG/twW9z9B5cPZmpb3jm7pv3LE1n78tgJRdnUQVrDOVb2Mu
+y2pvNZ5fHgOgRS4+vAbkxpmJDBK08fN6yddbtfkxp/u1TRNPRYJd6arrEgRduFA
cBKW5wWFOCR7KeEaqf+pcPwvvefCM9bKcqc3L3uP2eqHrIFMgKYcM6fouQ==
-----END CERTIFICATE-----