Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6bbb02de-d551-49bd-9750-3a7ad11d0927.roa
File:                     6bbb02de-d551-49bd-9750-3a7ad11d0927.roa (raw, json)
Hash identifier:          gtyKk5k97Qp+dLm7aNH6g9zDU0U6frFL6W+i6OMOUZY=
Subject key identifier:   7D:C4:89:1C:B8:D8:60:71:19:FB:73:84:39:26:4C:ED:11:B4:B9:B6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       01F845D68E6600D99049D807AAF8AADC83F6A5B7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6bbb02de-d551-49bd-9750-3a7ad11d0927.roa
Signing time:             Wed 24 Sep 2025 22:21:48 +0000
ROA not before:           Wed 24 Sep 2025 22:21:48 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.116.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:f8:45:d6:8e:66:00:d9:90:49:d8:07:aa:f8:aa:dc:83:f6:a5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 22:21:48 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=a50ec739eb79630c6a7415ee0e4ae0497e403f17da1c2f3252d4c196dfc30d8b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1a:00:cc:d8:68:48:f6:b4:04:14:c8:1d:13:
                    7c:d1:92:01:a5:90:91:2a:59:e0:65:34:68:fb:e8:
                    4a:43:0c:15:cd:79:54:f7:71:51:b2:5e:f7:4f:e8:
                    b5:c7:50:b7:b8:49:99:a3:97:04:24:6f:07:d5:a5:
                    c9:f7:ca:80:ac:cc:e8:1e:ea:fc:ff:e0:de:05:03:
                    f8:dd:3f:a3:55:45:66:22:11:0d:36:7c:1f:72:e5:
                    11:94:0b:29:83:50:8c:ef:c4:eb:a7:dd:61:68:97:
                    5d:02:17:be:68:30:fd:90:53:f2:a0:d9:c4:ed:aa:
                    74:91:40:25:13:ef:ff:e5:67:e2:b7:ef:94:27:9a:
                    de:26:14:d5:46:32:37:21:d5:b3:9c:92:a9:f7:b3:
                    7d:e2:51:e4:c8:f7:c5:04:8c:7f:06:53:8f:b0:20:
                    bb:ea:20:dd:6f:d8:6f:0e:4a:56:4b:45:82:bb:9a:
                    80:2f:3c:f7:d6:c7:04:8a:24:45:0f:c5:54:38:10:
                    c6:9c:73:ef:83:c6:69:4f:31:48:c6:d4:a2:00:a3:
                    aa:db:d9:60:60:85:dc:56:3d:f7:d6:78:ff:f2:e4:
                    06:81:42:d5:0f:7f:f2:f8:89:28:f7:b2:37:b7:53:
                    f4:cb:53:5e:c3:cb:bf:b7:7a:73:bf:25:dd:ff:90:
                    66:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:C4:89:1C:B8:D8:60:71:19:FB:73:84:39:26:4C:ED:11:B4:B9:B6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6bbb02de-d551-49bd-9750-3a7ad11d0927.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:2a:e0:53:b5:02:73:75:d6:27:b8:bf:78:e9:86:57:b9:db:
         77:29:e6:fb:bf:be:26:78:1e:be:e2:18:54:12:cd:89:b1:63:
         5e:e4:88:de:9f:be:0a:b3:27:3e:48:1d:45:39:ff:b0:81:e0:
         7c:84:d8:12:7a:77:3b:10:7a:ca:7c:3c:d8:af:1f:07:9c:89:
         93:8d:99:9c:f0:9e:58:96:fc:23:1a:de:e7:33:c9:ea:70:01:
         e0:93:3d:14:4e:fc:e6:e1:32:3a:80:9c:99:d9:83:88:e6:e7:
         4a:85:40:d8:5c:d2:52:d7:c0:7a:b8:cb:22:87:f9:b4:7c:90:
         4f:50:1f:3b:85:91:e3:2a:8d:b6:a6:b7:8c:57:2a:e7:ed:a7:
         d2:f3:fa:31:dc:ee:f2:88:7b:70:f3:05:76:f4:d0:27:ac:15:
         26:9d:92:bf:0c:6f:d1:77:a6:fd:e1:6a:39:34:1f:06:f9:08:
         86:4a:b1:45:21:82:23:c0:cb:69:94:fd:97:db:32:24:94:85:
         af:97:14:09:64:a5:71:bc:c1:3b:ee:a5:d2:a0:6e:3f:91:27:
         8b:b4:8d:ac:a1:5e:5f:9e:f5:94:e2:51:36:64:12:fe:49:5e:
         0b:ec:6c:ea:9c:9e:eb:b2:10:a7:cf:f2:e6:5c:49:50:d1:40:
         80:2c:79:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAfhF1o5mANmQSdgHqviq3IP2pbcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjIyMTQ4WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNTBlYzczOWViNzk2MzBjNmE3NDE1ZWUwZTRhZTA0OTdl
NDAzZjE3ZGExYzJmMzI1MmQ0YzE5NmRmYzMwZDhiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnGgDM2GhI9rQEFMgdE3zRkgGlkJEqWeBlNGj76EpDDBXN
eVT3cVGyXvdP6LXHULe4SZmjlwQkbwfVpcn3yoCszOge6vz/4N4FA/jdP6NVRWYi
EQ02fB9y5RGUCymDUIzvxOun3WFol10CF75oMP2QU/Kg2cTtqnSRQCUT7//lZ+K3
75Qnmt4mFNVGMjch1bOckqn3s33iUeTI98UEjH8GU4+wILvqIN1v2G8OSlZLRYK7
moAvPPfWxwSKJEUPxVQ4EMacc++DxmlPMUjG1KIAo6rb2WBghdxWPffWeP/y5AaB
QtUPf/L4iSj3sje3U/TLU17Dy7+3enO/Jd3/kGYTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfcSJHLjYYHEZ+3OEOSZM7RG0ubYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZiYmIwMmRlLWQ1NTEtNDliZC05NzUwLTNhN2FkMTFkMDkyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESQXQwDQYJKoZIhvcNAQELBQADggEBAFQq4FO1AnN11ie4v3jphle523cp
5vu/viZ4Hr7iGFQSzYmxY17kiN6fvgqzJz5IHUU5/7CB4HyE2BJ6dzsQesp8PNiv
HweciZONmZzwnliW/CMa3uczyepwAeCTPRRO/ObhMjqAnJnZg4jm50qFQNhc0lLX
wHq4yyKH+bR8kE9QHzuFkeMqjbamt4xXKuftp9Lz+jHc7vKIe3DzBXb00CesFSad
kr8Mb9F3pv3hajk0Hwb5CIZKsUUhgiPAy2mU/ZfbMiSUha+XFAlkpXG8wTvupdKg
bj+RJ4u0jayhXl+e9ZTiUTZkEv5JXgvsbOqcnuuyEKfP8uZcSVDRQIAseUc=
-----END CERTIFICATE-----