Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/65549db5-a673-4279-ab49-63b27f53257d.roa
File:                     65549db5-a673-4279-ab49-63b27f53257d.roa (raw, json)
Hash identifier:          ZRNVDrUjihZWI8HTxn4QAxLz0Po2Q5g1wiK5+24AYlM=
Subject key identifier:   DD:76:A5:C3:0A:21:FC:76:CA:62:65:2C:E6:EE:19:9D:E1:25:A5:0F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       510979600BB85F16CC77E7548FF095E6E27CD6CC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/65549db5-a673-4279-ab49-63b27f53257d.roa
Signing time:             Fri 26 Sep 2025 16:23:39 +0000
ROA not before:           Fri 26 Sep 2025 16:23:39 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.231.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:09:79:60:0b:b8:5f:16:cc:77:e7:54:8f:f0:95:e6:e2:7c:d6:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:23:39 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=9708866b03198e2b3606c4bdcbdbe1aeb431ffd06560294f1f6302486ee46709, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:35:0c:23:69:d2:bd:12:71:77:c2:aa:82:11:
                    d0:b7:13:ac:2b:b9:d3:80:e5:fa:d4:56:eb:00:fb:
                    9d:a8:69:8c:70:58:bd:7e:99:fd:e7:b2:81:89:ad:
                    9e:d7:8f:ee:f1:60:0c:b5:ee:7a:aa:5a:0e:7f:be:
                    35:93:ec:1d:48:27:9e:2e:91:38:21:ab:47:20:75:
                    70:c3:89:ab:5a:28:4f:52:d8:af:45:c7:e9:d8:03:
                    f2:cd:63:36:a7:ff:51:8d:83:e2:3e:0f:2b:cd:da:
                    5b:20:28:3d:6b:73:94:26:71:88:50:2f:49:d4:f7:
                    5c:bc:3d:26:3d:1c:c2:68:14:52:43:7d:f1:29:8a:
                    ca:d5:e8:8c:a8:68:c2:43:ac:80:1d:74:c5:07:fa:
                    80:ec:3c:45:f9:cd:14:e4:ae:19:58:07:47:79:14:
                    b9:e2:78:80:e6:95:46:37:26:57:c1:25:59:c0:fb:
                    f7:23:49:e6:58:fb:50:6c:7e:70:bc:8f:8d:d8:a2:
                    0c:40:ee:79:4e:54:07:bb:0d:d5:25:93:95:af:f8:
                    4c:84:d7:d5:da:28:85:e4:b8:c9:c7:c8:d7:43:dd:
                    7f:27:22:d2:cc:4d:53:03:07:8b:05:59:a7:29:0a:
                    4c:97:45:e0:42:1b:d9:d2:43:fb:ba:da:b4:db:d4:
                    94:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:76:A5:C3:0A:21:FC:76:CA:62:65:2C:E6:EE:19:9D:E1:25:A5:0F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/65549db5-a673-4279-ab49-63b27f53257d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.231.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:74:79:80:0f:d9:50:ab:c4:5d:59:2d:9f:fa:0f:70:b0:96:
         41:34:88:e8:31:a8:e0:f5:74:52:f3:16:31:08:1f:c6:1d:3b:
         29:11:d8:14:41:4c:d2:02:27:5c:ad:53:41:ca:3a:f6:d0:9a:
         b6:dd:e7:3f:82:be:fb:b4:05:ce:c0:07:23:37:41:a2:a1:90:
         1b:c9:07:ea:4e:a2:54:7d:85:de:dc:ac:9b:05:61:89:8a:3c:
         05:cc:6a:0c:94:fc:f4:12:6c:ca:a8:9c:78:8e:c7:a5:fe:a0:
         b8:e1:d0:a3:02:3b:a0:c8:79:7a:9c:2d:cb:c2:0b:02:e6:93:
         b3:d9:79:80:71:21:5c:d2:67:16:d6:8f:e0:9f:b5:99:51:94:
         f6:aa:d1:3b:2a:2e:09:38:8b:ae:e9:7b:64:07:41:a9:ac:b7:
         01:df:7d:b5:11:74:42:60:8f:d1:84:a5:3c:38:e0:50:89:96:
         c9:20:d3:90:ff:0c:cc:a3:1d:c5:c3:69:1b:91:ea:40:f9:d5:
         eb:34:ef:16:c3:d0:18:2e:92:ea:c8:eb:bd:ce:5f:7f:5f:e8:
         7a:4f:d6:93:db:7a:54:b0:7e:93:99:c5:7c:37:22:e6:6b:83:
         b1:9e:69:7f:5a:3d:3d:20:5c:fb:91:15:71:39:b5:04:b9:2f:
         66:53:ba:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUQl5YAu4XxbMd+dUj/CV5uJ81swwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYyMzM5WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzA4ODY2YjAzMTk4ZTJiMzYwNmM0YmRjYmRiZTFhZWI0
MzFmZmQwNjU2MDI5NGYxZjYzMDI0ODZlZTQ2NzA5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6NQwjadK9EnF3wqqCEdC3E6wrudOA5frUVusA+52oaYxw
WL1+mf3nsoGJrZ7Xj+7xYAy17nqqWg5/vjWT7B1IJ54ukTghq0cgdXDDiataKE9S
2K9Fx+nYA/LNYzan/1GNg+I+DyvN2lsgKD1rc5QmcYhQL0nU91y8PSY9HMJoFFJD
ffEpisrV6IyoaMJDrIAddMUH+oDsPEX5zRTkrhlYB0d5FLnieIDmlUY3JlfBJVnA
+/cjSeZY+1BsfnC8j43YogxA7nlOVAe7DdUlk5Wv+EyE19XaKIXkuMnHyNdD3X8n
ItLMTVMDB4sFWacpCkyXReBCG9nSQ/u62rTb1JRdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3Xalwwoh/HbKYmUs5u4ZneElpQ8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY1NTQ5ZGI1LWE2NzMtNDI3OS1hYjQ5LTYzYjI3ZjUzMjU3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS5+AwDQYJKoZIhvcNAQELBQADggEBAJ90eYAP2VCrxF1ZLZ/6D3CwlkE0
iOgxqOD1dFLzFjEIH8YdOykR2BRBTNICJ1ytU0HKOvbQmrbd5z+Cvvu0Bc7AByM3
QaKhkBvJB+pOolR9hd7crJsFYYmKPAXMagyU/PQSbMqonHiOx6X+oLjh0KMCO6DI
eXqcLcvCCwLmk7PZeYBxIVzSZxbWj+CftZlRlPaq0TsqLgk4i67pe2QHQamstwHf
fbURdEJgj9GEpTw44FCJlskg05D/DMyjHcXDaRuR6kD51es07xbD0BgukurI673O
X39f6HpP1pPbelSwfpOZxXw3IuZrg7GeaX9aPT0gXPuRFXE5tQS5L2ZTul0=
-----END CERTIFICATE-----