Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/72a95330-c9dd-4119-b352-5c8259b14e52.roa
File:                     72a95330-c9dd-4119-b352-5c8259b14e52.roa (raw, json)
Hash identifier:          sJ1+XRgpMRAlufaVkOK+cvvQBAlS58iNUvYSkW0dEoo=
Subject key identifier:   5E:AF:94:DA:A1:E8:1E:99:1F:FA:F2:DB:C6:A2:FD:53:F6:40:EB:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       783F6CFF3B2F341C444FF1BBDC5B8F4DD825412C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/72a95330-c9dd-4119-b352-5c8259b14e52.roa
Signing time:             Mon 22 Sep 2025 23:15:39 +0000
ROA not before:           Mon 22 Sep 2025 23:15:39 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:3f:6c:ff:3b:2f:34:1c:44:4f:f1:bb:dc:5b:8f:4d:d8:25:41:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:15:39 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=57e73dfab0d6e2866668d94504b656193f9e22eaa42b3bd317cf55ad73c2701e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c2:5e:1e:aa:3b:ec:08:1e:f4:35:0e:49:16:
                    a7:da:2f:31:f8:2f:53:ec:d6:4b:00:df:1a:58:25:
                    ec:03:7f:a3:45:2f:5d:c2:d6:4c:5a:d0:82:dd:8d:
                    a7:58:76:26:81:a0:8c:01:29:7c:2f:82:2c:b3:ab:
                    24:41:d6:fe:43:6c:68:76:2a:80:81:e1:9b:95:dc:
                    c0:80:cc:5c:1b:7d:78:fb:75:fd:0b:c1:64:43:cf:
                    10:a3:15:53:67:f7:54:2e:e5:2a:34:1d:66:27:61:
                    14:73:e4:4e:54:55:c5:e1:5f:50:33:9c:03:8a:2b:
                    85:dc:17:6c:f7:40:73:60:f1:1d:88:a4:d5:b1:33:
                    ba:25:9c:d5:3f:bc:71:7c:1d:21:19:53:7c:16:9d:
                    b8:46:8c:40:64:83:6d:fc:70:c3:a5:05:fe:46:13:
                    72:a2:2a:a5:d6:84:99:ff:2f:6d:36:b2:41:bb:f9:
                    83:e7:91:f3:21:83:f8:37:34:9d:16:6a:33:7f:ee:
                    f7:8b:b8:d3:3e:92:f3:30:89:3f:ef:76:66:13:7b:
                    b0:08:7d:20:39:2e:0d:48:f4:a1:90:1f:3e:7c:a7:
                    73:3a:93:ff:36:4d:59:d4:eb:0c:ca:6a:d1:55:5b:
                    cf:30:72:c7:e2:e2:3a:9a:2f:05:d3:69:fd:f5:8c:
                    b6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:AF:94:DA:A1:E8:1E:99:1F:FA:F2:DB:C6:A2:FD:53:F6:40:EB:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/72a95330-c9dd-4119-b352-5c8259b14e52.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:d2:04:eb:db:99:4c:18:03:aa:6b:a3:a3:48:b2:cd:0f:be:
         0a:35:d4:d8:58:ba:a5:aa:f2:65:41:81:a7:2e:74:0a:98:04:
         d9:db:73:b2:5b:3d:f0:f0:97:3b:d0:e4:b7:0a:6a:ac:b1:3f:
         10:61:37:34:c1:a2:dd:7b:c2:16:04:3f:7a:3b:6b:70:4d:c8:
         65:25:73:45:ca:c2:45:5e:6c:52:21:33:34:9d:1a:6e:c7:7d:
         09:c5:2c:96:ee:ea:3a:c3:77:1d:b9:52:fa:9a:fb:4e:0e:68:
         5e:17:5b:f7:85:f8:a9:35:4a:e2:3c:4e:0d:b4:97:8e:03:09:
         1a:2f:e0:c1:d5:1c:0b:4f:f0:19:1b:45:9f:fd:41:f0:9d:79:
         0a:e8:f9:63:55:2c:4a:51:d1:50:9f:e8:ec:7b:dc:25:ff:78:
         7d:c8:cf:f7:71:f5:8a:2b:30:a3:5f:22:f5:c2:9f:76:c0:0e:
         8a:e5:0f:14:78:db:27:b9:e0:bd:af:b6:68:7c:f3:ce:ce:66:
         39:36:14:db:40:2e:14:f7:ff:e9:6f:85:9e:32:6f:e6:f7:51:
         05:d5:a5:2b:65:6a:93:ed:e6:9f:fb:7f:15:5c:5d:d1:91:81:
         50:48:de:b5:a2:b8:ac:f3:be:28:09:e9:68:3d:e6:d2:51:b0:
         10:64:71:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeD9s/zsvNBxET/G73FuPTdglQSwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjMxNTM5WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1N2U3M2RmYWIwZDZlMjg2NjY2OGQ5NDUwNGI2NTYxOTNm
OWUyMmVhYTQyYjNiZDMxN2NmNTVhZDczYzI3MDFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJwl4eqjvsCB70NQ5JFqfaLzH4L1Ps1ksA3xpYJewDf6NF
L13C1kxa0ILdjadYdiaBoIwBKXwvgiyzqyRB1v5DbGh2KoCB4ZuV3MCAzFwbfXj7
df0LwWRDzxCjFVNn91Qu5So0HWYnYRRz5E5UVcXhX1AznAOKK4XcF2z3QHNg8R2I
pNWxM7olnNU/vHF8HSEZU3wWnbhGjEBkg238cMOlBf5GE3KiKqXWhJn/L202skG7
+YPnkfMhg/g3NJ0WajN/7veLuNM+kvMwiT/vdmYTe7AIfSA5Lg1I9KGQHz58p3M6
k/82TVnU6wzKatFVW88wcsfi4jqaLwXTaf31jLaBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXq+U2qHoHpkf+vLbxqL9U/ZA63cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcyYTk1MzMwLWM5ZGQtNDExOS1iMzUyLTVjODI1OWIxNGU1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAES9d4wDQYJKoZIhvcNAQELBQADggEBAAvSBOvbmUwYA6pro6NIss0Pvgo1
1NhYuqWq8mVBgacudAqYBNnbc7JbPfDwlzvQ5LcKaqyxPxBhNzTBot17whYEP3o7
a3BNyGUlc0XKwkVebFIhMzSdGm7HfQnFLJbu6jrDdx25Uvqa+04OaF4XW/eF+Kk1
SuI8Tg20l44DCRov4MHVHAtP8BkbRZ/9QfCdeQro+WNVLEpR0VCf6Ox73CX/eH3I
z/dx9YorMKNfIvXCn3bADorlDxR42ye54L2vtmh8887OZjk2FNtALhT3/+lvhZ4y
b+b3UQXVpStlapPt5p/7fxVcXdGRgVBI3rWiuKzzvigJ6Wg95tJRsBBkcSg=
-----END CERTIFICATE-----