Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/67a50df7-10cb-4979-879a-936c666bc181.roa
File:                     67a50df7-10cb-4979-879a-936c666bc181.roa (raw, json)
Hash identifier:          3rc45kJ02Lp4CZOyhE7AVHAYQgwYkqq7+n4OmwfgoGg=
Subject key identifier:   93:9A:D6:65:96:EC:12:78:D3:40:02:60:C8:7F:77:C7:3C:76:A8:7B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       27055022E7A1CEE9B65EAB14A576CAA52A00C30E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/67a50df7-10cb-4979-879a-936c666bc181.roa
Signing time:             Mon 22 Sep 2025 19:16:59 +0000
ROA not before:           Mon 22 Sep 2025 19:16:59 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:05:50:22:e7:a1:ce:e9:b6:5e:ab:14:a5:76:ca:a5:2a:00:c3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 19:16:59 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=94250ae160517fe12b18ccc277a29c90f29c44d5659bdbc01a510f25283bfaeb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:c6:ea:ec:58:ac:9a:57:b0:c6:ba:e0:96:
                    41:cd:68:bd:7c:f3:32:0c:d5:e1:ee:3f:0a:ed:b0:
                    82:49:31:e4:9f:80:f0:e0:cf:e5:26:ad:26:c3:22:
                    8b:3c:01:b8:6e:2f:dd:46:25:f9:bf:4f:33:58:ad:
                    1a:96:ae:f8:71:0c:c2:54:9b:39:fd:65:b1:d1:02:
                    8e:a5:07:1f:6e:3b:df:b7:58:1c:d8:07:87:11:69:
                    89:f0:f3:4e:d3:cc:f1:df:db:ad:9a:8e:a9:d0:59:
                    a2:0d:22:6d:9a:2b:18:34:42:ee:a6:c0:89:2b:06:
                    c8:a8:78:d3:17:dc:60:4b:f0:7a:f6:3e:33:5a:90:
                    ec:9f:4e:1b:88:96:ba:28:a5:bf:9d:53:6c:79:2e:
                    32:e0:c5:b0:14:82:b3:b2:46:8a:65:8f:6d:d2:bb:
                    1f:0a:c2:7e:c9:29:06:5b:a6:cc:6c:92:99:7c:61:
                    0e:7d:81:42:06:e5:dc:90:60:c2:f1:f0:c3:d4:35:
                    95:84:1a:fb:ae:b1:90:59:85:f6:94:cb:68:8d:22:
                    48:6f:c8:b9:c9:ab:12:33:5c:c7:81:1e:73:2f:74:
                    77:2f:24:fa:3c:98:73:a3:61:e9:1b:1c:95:2a:e1:
                    bb:d9:1c:dc:48:34:03:0c:90:c4:be:24:cb:46:9d:
                    f4:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9A:D6:65:96:EC:12:78:D3:40:02:60:C8:7F:77:C7:3C:76:A8:7B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/67a50df7-10cb-4979-879a-936c666bc181.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:62:5a:70:1b:c1:ee:a8:93:a0:a6:46:7b:0f:dd:4e:f8:68:
         e4:85:ae:c7:cb:28:a6:fb:87:39:69:45:14:b0:ae:b3:67:34:
         9f:66:b9:44:2b:ae:9f:1e:67:04:9f:b8:03:cc:ea:4d:21:bf:
         34:9c:fa:24:48:4a:38:d2:c2:75:0d:3e:f7:56:97:b1:d5:fd:
         ea:f8:a6:bc:4b:ab:2d:a0:65:b5:2b:e2:23:cc:ff:85:11:1c:
         2d:7d:a2:5d:4e:e5:7c:98:3c:18:0c:79:ce:48:f4:4d:ea:e1:
         dc:18:53:05:cf:ac:cc:88:7e:db:34:10:52:80:3d:53:75:db:
         af:f0:43:fe:a4:cf:28:f5:c5:b3:62:20:fe:00:c0:db:c8:75:
         b2:49:23:ad:5c:61:45:c6:3e:64:cb:18:55:53:78:e0:3a:76:
         62:6c:c9:12:15:81:9d:32:61:e2:60:ec:7a:87:7f:f2:f7:f4:
         2c:81:ed:09:73:a5:c4:af:08:56:c5:f9:44:3c:24:4f:d2:5f:
         b9:f4:08:fb:5f:a7:86:b6:a7:81:59:19:da:2e:c9:fd:f6:33:
         0a:67:56:de:40:0b:33:0d:47:a1:bd:37:ba:2e:8a:bf:b5:4b:
         e9:29:dd:a4:94:57:27:5d:21:9a:e3:c0:ec:a0:b7:f5:a8:56:
         c5:ca:6d:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJwVQIuehzum2XqsUpXbKpSoAww4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTkxNjU5WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDI1MGFlMTYwNTE3ZmUxMmIxOGNjYzI3N2EyOWM5MGYy
OWM0NGQ1NjU5YmRiYzAxYTUxMGYyNTI4M2JmYWViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpusbq7FismlewxrrglkHNaL188zIM1eHuPwrtsIJJMeSf
gPDgz+UmrSbDIos8AbhuL91GJfm/TzNYrRqWrvhxDMJUmzn9ZbHRAo6lBx9uO9+3
WBzYB4cRaYnw807TzPHf262ajqnQWaINIm2aKxg0Qu6mwIkrBsioeNMX3GBL8Hr2
PjNakOyfThuIlroopb+dU2x5LjLgxbAUgrOyRoplj23Sux8Kwn7JKQZbpsxskpl8
YQ59gUIG5dyQYMLx8MPUNZWEGvuusZBZhfaUy2iNIkhvyLnJqxIzXMeBHnMvdHcv
JPo8mHOjYekbHJUq4bvZHNxINAMMkMS+JMtGnfSfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk5rWZZbsEnjTQAJgyH93xzx2qHswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY3YTUwZGY3LTEwY2ItNDk3OS04NzlhLTkzNmM2NjZiYzE4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpHgwDQYJKoZIhvcNAQELBQADggEBAKpiWnAbwe6ok6CmRnsP3U74aOSF
rsfLKKb7hzlpRRSwrrNnNJ9muUQrrp8eZwSfuAPM6k0hvzSc+iRISjjSwnUNPvdW
l7HV/er4prxLqy2gZbUr4iPM/4URHC19ol1O5XyYPBgMec5I9E3q4dwYUwXPrMyI
fts0EFKAPVN126/wQ/6kzyj1xbNiIP4AwNvIdbJJI61cYUXGPmTLGFVTeOA6dmJs
yRIVgZ0yYeJg7HqHf/L39CyB7QlzpcSvCFbF+UQ8JE/SX7n0CPtfp4a2p4FZGdou
yf32MwpnVt5ACzMNR6G9N7ouir+1S+kp3aSUVyddIZrjwOygt/WoVsXKbbE=
-----END CERTIFICATE-----