Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6886b238-5980-463b-b119-e9a682f0a65f.roa
File:                     6886b238-5980-463b-b119-e9a682f0a65f.roa (raw, json)
Hash identifier:          31M5dsem3M1LnOgnh8rNvLjtMPbF0kkvHaJhcnBcoP4=
Subject key identifier:   AC:27:66:2A:3D:5E:5F:AD:4D:89:10:9E:23:F6:87:CA:93:7F:DD:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       693B21916489FF15BA2DF5D06823A454825A54DA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6886b238-5980-463b-b119-e9a682f0a65f.roa
Signing time:             Fri 10 Oct 2025 01:02:57 +0000
ROA not before:           Fri 10 Oct 2025 01:02:57 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.89.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:3b:21:91:64:89:ff:15:ba:2d:f5:d0:68:23:a4:54:82:5a:54:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 01:02:57 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=a9231243851eaa8085916bc011a3f2cba3d35f46bc66143127bb09131f1d1b72, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4a:98:fe:4f:06:8e:47:93:be:cb:d0:6b:b6:
                    e9:11:91:0c:db:17:6e:91:a5:90:8b:24:f0:ad:91:
                    06:4f:f3:0e:d5:15:f1:ac:51:02:6e:fb:1e:24:a6:
                    14:09:64:41:31:73:74:e2:75:3f:ad:2f:28:e2:ee:
                    08:6e:26:72:79:67:05:1f:4a:82:f8:0d:16:d2:83:
                    bf:ce:23:e5:5e:d0:52:19:95:11:05:c3:a2:e5:e2:
                    18:36:4c:f6:30:a9:69:ea:91:95:43:0e:25:cc:be:
                    7b:f8:c3:bf:8f:e1:ff:f1:f4:af:09:b1:6d:f5:d9:
                    d7:34:3a:7c:f0:3e:3e:81:cb:b2:9d:c9:d6:b4:99:
                    71:bb:50:0d:3e:54:1b:17:1d:33:56:40:80:53:4e:
                    9c:b2:c2:65:5a:35:5f:f9:e9:db:be:3e:d0:26:26:
                    04:d9:a3:e4:ae:be:8f:b7:99:5e:7a:57:c7:73:f2:
                    b5:81:9e:57:10:32:c3:46:8e:da:11:cb:9c:bf:a3:
                    2c:ea:d0:f3:4e:f2:e5:17:cc:05:25:15:ae:a6:a1:
                    52:cb:d2:da:63:8b:f3:85:c4:6e:79:65:8a:7c:dd:
                    d4:81:1c:84:a9:d2:66:19:56:e2:18:df:f5:11:da:
                    13:dc:46:bb:34:df:d8:bb:bc:ca:72:c1:8d:e4:69:
                    5f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:27:66:2A:3D:5E:5F:AD:4D:89:10:9E:23:F6:87:CA:93:7F:DD:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6886b238-5980-463b-b119-e9a682f0a65f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.89.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         1a:a2:ca:2f:0d:b3:63:eb:6f:ff:b9:d9:8c:f2:e9:e2:27:13:
         92:cb:6f:49:4a:a3:f4:6d:c2:44:d1:61:a0:87:bb:1d:0d:01:
         9e:01:7e:76:6c:d0:5a:c1:cb:72:cc:a6:8e:75:46:c0:47:ff:
         82:e7:7c:55:58:4e:d5:db:e5:d0:7a:20:5e:62:10:32:00:61:
         b7:f0:f2:80:9c:8b:37:81:33:34:a6:0b:97:93:71:8b:0e:15:
         93:8b:d6:d9:5c:4b:0e:23:53:9d:a7:cb:fc:eb:a1:fa:fd:78:
         38:15:22:83:99:9f:31:e0:78:3f:ab:52:c3:7f:cf:54:af:d4:
         2d:7f:f8:e8:30:2a:0f:20:7e:85:3d:bd:54:2b:4d:37:de:63:
         24:e0:94:ff:0a:d7:17:cd:64:e4:a5:e7:ab:fb:0d:1f:0d:77:
         69:af:97:6e:67:c8:9b:3d:fe:5f:3c:ef:8c:43:cf:54:7c:b9:
         ab:c8:53:17:83:c1:b7:9a:f5:de:95:c4:e3:a4:57:a3:bf:bc:
         b9:e2:e9:e3:88:31:84:db:ba:11:dc:a5:1f:d9:53:bf:fa:71:
         95:fa:91:d6:30:bc:0f:4e:2c:2e:5a:78:d3:5f:27:8c:20:82:
         ca:4f:c7:ac:f2:35:5a:80:ae:12:d3:e8:cf:d2:fb:01:00:3b:
         56:e0:fc:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaTshkWSJ/xW6LfXQaCOkVIJaVNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMDEwMjU3WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTIzMTI0Mzg1MWVhYTgwODU5MTZiYzAxMWEzZjJjYmEz
ZDM1ZjQ2YmM2NjE0MzEyN2JiMDkxMzFmMWQxYjcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQSpj+TwaOR5O+y9BrtukRkQzbF26RpZCLJPCtkQZP8w7V
FfGsUQJu+x4kphQJZEExc3TidT+tLyji7ghuJnJ5ZwUfSoL4DRbSg7/OI+Ve0FIZ
lREFw6Ll4hg2TPYwqWnqkZVDDiXMvnv4w7+P4f/x9K8JsW312dc0OnzwPj6By7Kd
yda0mXG7UA0+VBsXHTNWQIBTTpyywmVaNV/56du+PtAmJgTZo+Suvo+3mV56V8dz
8rWBnlcQMsNGjtoRy5y/oyzq0PNO8uUXzAUlFa6moVLL0tpji/OFxG55ZYp83dSB
HISp0mYZVuIY3/UR2hPcRrs039i7vMpywY3kaV9/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrCdmKj1eX61NiRCeI/aHypN/3XcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4ODZiMjM4LTU5ODAtNDYzYi1iMTE5LWU5YTY4MmYwYTY1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYSWYAwDQYJKoZIhvcNAQELBQADggEBABqiyi8Ns2Prb/+52Yzy6eInE5LL
b0lKo/RtwkTRYaCHux0NAZ4BfnZs0FrBy3LMpo51RsBH/4LnfFVYTtXb5dB6IF5i
EDIAYbfw8oCcizeBMzSmC5eTcYsOFZOL1tlcSw4jU52ny/zrofr9eDgVIoOZnzHg
eD+rUsN/z1Sv1C1/+OgwKg8gfoU9vVQrTTfeYyTglP8K1xfNZOSl56v7DR8Nd2mv
l25nyJs9/l8874xDz1R8uavIUxeDwbea9d6VxOOkV6O/vLni6eOIMYTbuhHcpR/Z
U7/6cZX6kdYwvA9OLC5aeNNfJ4wggspPx6zyNVqArhLT6M/S+wEAO1bg/KM=
-----END CERTIFICATE-----