Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/79639a63-aa0f-43bf-8632-7b6d5e2c2567.roa
File:                     79639a63-aa0f-43bf-8632-7b6d5e2c2567.roa (raw, json)
Hash identifier:          nq5DqRs8wJ/vGRQaTpli+SXcIJLyYwDH/z1LbAvPwiA=
Subject key identifier:   F2:CF:58:CC:30:D6:4D:14:FB:A6:17:48:A8:2B:8E:BD:F6:3B:BD:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28E4F0AD4F3E39F17C99C2E7A630D05E63DCB897
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/79639a63-aa0f-43bf-8632-7b6d5e2c2567.roa
Signing time:             Fri 26 Sep 2025 16:23:37 +0000
ROA not before:           Fri 26 Sep 2025 16:23:37 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.230.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:e4:f0:ad:4f:3e:39:f1:7c:99:c2:e7:a6:30:d0:5e:63:dc:b8:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:23:37 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=068f95e885a6f01f68fc19bcced777b5bce5d59e2aee3976db4d64208ad90c5d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:25:be:97:cf:dd:22:4b:5b:4a:69:72:b9:7e:
                    66:1b:76:60:18:e2:94:34:89:c9:bd:30:28:ec:7d:
                    d3:48:9a:c2:94:32:5e:47:b4:21:50:c4:97:90:be:
                    2b:a8:52:e3:cd:49:32:65:99:16:21:af:12:f4:9a:
                    92:4e:2c:f9:3e:88:58:bf:63:9f:04:36:81:9f:a4:
                    c0:d7:13:09:3e:1b:b9:26:33:51:f5:f0:07:c9:bb:
                    68:6a:1d:74:9d:ba:0e:34:d3:fd:11:17:99:97:a9:
                    af:0f:45:e1:99:98:7d:02:80:b0:cd:c8:fb:d4:46:
                    61:fb:5f:93:a2:ab:68:78:91:e9:5b:80:4d:3c:60:
                    92:5d:dd:bd:4e:a2:1b:90:90:f0:6e:33:ba:29:91:
                    f5:9b:4c:53:a7:37:c1:cb:0b:e5:26:9f:66:e8:9b:
                    f9:0b:98:2f:9f:a6:82:0e:eb:b2:60:7f:6b:d2:7c:
                    ee:19:ae:55:58:23:ee:44:6d:ad:7d:e1:bb:d4:df:
                    86:86:ef:e7:ae:a6:a6:4f:12:29:fc:b8:1c:fa:30:
                    2d:0a:a6:88:8e:67:34:3e:c9:3a:3a:82:c1:34:bd:
                    58:46:44:68:3e:2f:37:b6:b3:dc:4d:8c:62:99:b5:
                    12:b8:5b:4b:6d:bc:5a:b4:90:f9:3d:ab:32:97:a5:
                    bf:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:CF:58:CC:30:D6:4D:14:FB:A6:17:48:A8:2B:8E:BD:F6:3B:BD:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/79639a63-aa0f-43bf-8632-7b6d5e2c2567.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.230.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0f:b6:25:b4:08:4a:11:c0:98:2c:09:a9:99:0b:7e:b3:b1:b8:
         4a:3b:57:25:0d:dd:3b:ba:e4:57:4d:2c:7b:37:3c:1a:81:d8:
         f9:5d:f7:c7:a1:8c:0f:2a:c8:53:a1:80:6d:be:76:54:eb:38:
         24:ce:c4:be:25:62:d1:68:ee:e1:26:e1:d0:96:93:53:89:e4:
         80:e8:c0:87:79:cf:10:50:76:22:c6:88:a2:4c:85:cb:54:83:
         a0:ef:8f:38:37:70:5b:ac:49:e7:e4:f9:19:a5:ff:0f:cb:20:
         da:60:f8:ac:e3:83:a2:11:51:f3:e8:4a:98:9e:04:c1:1e:17:
         0c:11:db:e6:e8:48:da:f4:dd:70:f5:ec:7b:eb:c5:35:56:0a:
         75:c0:57:11:a0:be:69:98:1b:52:a8:fc:70:af:31:7f:aa:70:
         ce:a2:8f:c5:73:58:52:62:a4:09:93:b3:73:4f:bc:b4:8a:97:
         eb:e8:cc:39:90:8c:07:cd:f5:75:64:13:3a:45:9b:c7:ff:46:
         c0:95:a7:01:2a:78:49:5a:f8:e3:9a:26:e2:cc:54:80:3e:e8:
         cf:7e:e6:0d:f2:55:5c:88:ba:c4:c9:3d:5c:9e:08:cf:68:da:
         12:fb:8e:dc:4d:02:69:e6:94:a1:61:4d:0f:96:10:2c:ec:59:
         cb:a6:92:9e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKOTwrU8+OfF8mcLnpjDQXmPcuJcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYyMzM3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNjhmOTVlODg1YTZmMDFmNjhmYzE5YmNjZWQ3NzdiNWJj
ZTVkNTllMmFlZTM5NzZkYjRkNjQyMDhhZDkwYzVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjJb6Xz90iS1tKaXK5fmYbdmAY4pQ0icm9MCjsfdNImsKU
Ml5HtCFQxJeQviuoUuPNSTJlmRYhrxL0mpJOLPk+iFi/Y58ENoGfpMDXEwk+G7km
M1H18AfJu2hqHXSdug400/0RF5mXqa8PReGZmH0CgLDNyPvURmH7X5Oiq2h4kelb
gE08YJJd3b1OohuQkPBuM7opkfWbTFOnN8HLC+Umn2bom/kLmC+fpoIO67Jgf2vS
fO4ZrlVYI+5Eba194bvU34aG7+eupqZPEin8uBz6MC0KpoiOZzQ+yTo6gsE0vVhG
RGg+Lze2s9xNjGKZtRK4W0ttvFq0kPk9qzKXpb/dAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8s9YzDDWTRT7phdIqCuOvfY7vdEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc5NjM5YTYzLWFhMGYtNDNiZi04NjMyLTdiNmQ1ZTJjMjU2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAS5jANBgkqhkiG9w0BAQsFAAOCAQEAD7YltAhKEcCYLAmpmQt+s7G4SjtX
JQ3dO7rkV00sezc8GoHY+V33x6GMDyrIU6GAbb52VOs4JM7EviVi0Wju4Sbh0JaT
U4nkgOjAh3nPEFB2IsaIokyFy1SDoO+PODdwW6xJ5+T5GaX/D8sg2mD4rOODohFR
8+hKmJ4EwR4XDBHb5uhI2vTdcPXse+vFNVYKdcBXEaC+aZgbUqj8cK8xf6pwzqKP
xXNYUmKkCZOzc0+8tIqX6+jMOZCMB831dWQTOkWbx/9GwJWnASp4SVr445om4sxU
gD7oz37mDfJVXIi6xMk9XJ4Iz2jaEvuO3E0CaeaUoWFND5YQLOxZy6aSng==
-----END CERTIFICATE-----