Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bafe7e-8a14-4449-886c-ff6de1b13d73.roa
File:                     78bafe7e-8a14-4449-886c-ff6de1b13d73.roa (raw, json)
Hash identifier:          uJiKyhIGX24j96YoeyA2hD4UG9hsz8O3nQj9TdTpnss=
Subject key identifier:   73:B6:BC:4D:38:DA:8A:D1:7B:88:21:2E:EB:8A:1C:58:0F:6D:16:7D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3CA7ED3EA627611A084CC18889E9B56A48ACC27C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bafe7e-8a14-4449-886c-ff6de1b13d73.roa
Signing time:             Mon 22 Sep 2025 17:13:12 +0000
ROA not before:           Mon 22 Sep 2025 17:13:12 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:a7:ed:3e:a6:27:61:1a:08:4c:c1:88:89:e9:b5:6a:48:ac:c2:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:13:12 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=45f19a4a4f96ee2656034aa09fe9b7e37f8cab5543a096babdf1067b33c40577, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:46:15:9a:a1:d6:5d:e5:b1:45:e0:19:01:59:
                    91:f9:3a:60:c9:5b:a9:e2:4f:96:0d:f5:cd:e0:00:
                    88:76:84:05:80:43:45:81:75:e5:22:11:59:6a:b5:
                    5c:ce:ad:f9:14:f6:07:3b:93:9a:15:3f:a1:8b:b6:
                    d7:35:55:1b:ed:41:69:2c:a1:fd:d0:41:c7:98:05:
                    fd:2b:e4:0c:ae:62:1d:22:f8:5d:16:47:00:57:57:
                    d5:11:5c:ab:ae:af:ac:a4:59:88:ec:17:9b:d7:5a:
                    12:70:5a:dd:db:89:24:24:42:bc:72:de:54:09:89:
                    71:d6:bb:41:4c:65:48:d4:da:51:be:cd:2e:de:52:
                    81:73:cc:50:0e:74:39:e5:54:60:20:80:7d:20:1c:
                    c1:95:ae:0f:da:d7:8d:4e:c4:44:e5:09:e7:a8:21:
                    e8:e2:e2:8f:a9:76:1a:c1:0a:a7:7e:31:91:67:af:
                    ca:e9:02:fe:18:06:dd:70:73:b1:56:f5:18:e4:17:
                    93:ba:aa:4e:63:a9:6b:c6:e7:e0:e3:b7:a7:7f:6a:
                    ca:a2:36:63:b7:f8:1a:1d:09:ea:ed:b2:5e:12:95:
                    df:ad:59:db:9d:c8:60:0f:1f:9e:47:53:9e:ff:97:
                    0b:32:ab:b9:42:3b:be:1b:c3:13:4c:86:1a:93:1b:
                    fc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B6:BC:4D:38:DA:8A:D1:7B:88:21:2E:EB:8A:1C:58:0F:6D:16:7D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bafe7e-8a14-4449-886c-ff6de1b13d73.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d5:d4:90:65:7f:86:95:3c:f7:49:a6:2a:72:f4:8d:95:b8:
         83:03:f1:f6:08:74:54:3c:bf:50:7a:9a:95:32:e8:f2:99:c5:
         1a:02:34:8e:4f:d5:68:ae:df:86:35:9e:4c:62:16:f5:50:3f:
         60:53:b2:83:2b:02:1c:43:f3:78:21:cb:9f:d7:b5:90:4f:20:
         ef:30:50:47:fd:14:c3:9d:60:ee:9e:60:a8:2e:2b:a4:b9:ae:
         6d:d0:ce:fb:b9:0f:9e:25:28:71:22:58:66:a1:15:8a:b5:9d:
         80:88:04:25:af:3e:c4:7a:9b:2c:d5:4d:88:08:79:07:ef:44:
         08:a2:f4:ea:ab:6e:99:3c:f1:63:a7:87:eb:8e:b2:72:a5:0d:
         cb:2a:ea:d3:c0:ee:03:1a:c2:9d:c1:02:68:70:28:94:0c:e4:
         a6:50:3c:f9:f6:fa:4f:06:24:3d:db:66:0a:f8:3f:4d:6a:ce:
         d6:b1:68:3c:33:8b:00:91:12:b1:08:ab:b0:ea:c2:4c:06:82:
         94:c0:73:78:66:04:f7:e2:04:bf:3c:fe:cb:4d:77:ee:f3:10:
         93:bc:be:f8:6a:a0:67:66:35:0a:e3:38:dd:1b:f0:6e:f0:7e:
         5e:bf:71:10:7f:5d:69:6b:0f:24:90:08:06:26:18:05:80:bd:
         26:e0:60:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPKftPqYnYRoITMGIiem1akiswnwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTcxMzEyWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NWYxOWE0YTRmOTZlZTI2NTYwMzRhYTA5ZmU5YjdlMzdm
OGNhYjU1NDNhMDk2YmFiZGYxMDY3YjMzYzQwNTc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpRhWaodZd5bFF4BkBWZH5OmDJW6niT5YN9c3gAIh2hAWA
Q0WBdeUiEVlqtVzOrfkU9gc7k5oVP6GLttc1VRvtQWksof3QQceYBf0r5AyuYh0i
+F0WRwBXV9URXKuur6ykWYjsF5vXWhJwWt3biSQkQrxy3lQJiXHWu0FMZUjU2lG+
zS7eUoFzzFAOdDnlVGAggH0gHMGVrg/a141OxETlCeeoIeji4o+pdhrBCqd+MZFn
r8rpAv4YBt1wc7FW9RjkF5O6qk5jqWvG5+Djt6d/asqiNmO3+BodCertsl4Sld+t
WdudyGAPH55HU57/lwsyq7lCO74bwxNMhhqTG/yrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc7a8TTjaitF7iCEu64ocWA9tFn0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc4YmFmZTdlLThhMTQtNDQ0OS04ODZjLWZmNmRlMWIxM2Q3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmtswDQYJKoZIhvcNAQELBQADggEBAJHV1JBlf4aVPPdJpipy9I2VuIMD
8fYIdFQ8v1B6mpUy6PKZxRoCNI5P1Wiu34Y1nkxiFvVQP2BTsoMrAhxD83ghy5/X
tZBPIO8wUEf9FMOdYO6eYKguK6S5rm3Qzvu5D54lKHEiWGahFYq1nYCIBCWvPsR6
myzVTYgIeQfvRAii9Oqrbpk88WOnh+uOsnKlDcsq6tPA7gMawp3BAmhwKJQM5KZQ
PPn2+k8GJD3bZgr4P01qztaxaDwziwCRErEIq7DqwkwGgpTAc3hmBPfiBL88/stN
d+7zEJO8vvhqoGdmNQrjON0b8G7wfl6/cRB/XWlrDySQCAYmGAWAvSbgYJI=
-----END CERTIFICATE-----