Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b0ec418-2c6c-4c00-9df5-b88648886f14.roa
File:                     7b0ec418-2c6c-4c00-9df5-b88648886f14.roa (raw, json)
Hash identifier:          dZJU++CSpr5dDbRFwDBTv3MK3J6kQHhLB3/UO3jzBmk=
Subject key identifier:   3F:55:B6:FF:67:7F:69:25:37:36:2E:0E:DE:25:13:85:82:C2:F9:E3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6D0B55AED44035B823831A4576C25359E27D906B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b0ec418-2c6c-4c00-9df5-b88648886f14.roa
Signing time:             Mon 22 Sep 2025 17:23:48 +0000
ROA not before:           Mon 22 Sep 2025 17:23:48 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:0b:55:ae:d4:40:35:b8:23:83:1a:45:76:c2:53:59:e2:7d:90:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:23:48 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=71a7cc1d103ea126145c98073ffac113a0b49ea3fdf4a65069ef24a5a4e4be8d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b5:d3:2e:c8:82:79:0b:f5:d0:8e:72:6c:b8:
                    21:d6:d6:95:97:4b:d6:7c:c7:b5:6b:da:a2:8d:ca:
                    0f:93:a4:8e:aa:30:26:27:6a:9f:9e:f6:74:0e:6a:
                    05:ca:08:ea:de:5f:98:65:6f:ac:a6:41:b8:87:27:
                    9d:af:0e:0c:e1:d6:25:75:d9:ff:88:dc:40:5b:a6:
                    7f:a8:8c:b8:eb:99:fc:64:5e:ec:9d:07:8e:8d:c1:
                    b3:f9:8d:c8:84:c2:f7:ce:4f:32:9d:2c:39:57:ff:
                    8a:0f:37:40:e7:32:e5:f7:87:73:73:34:fd:e0:41:
                    96:bf:40:73:41:ff:c7:9a:1a:3f:12:45:65:b2:2e:
                    04:2a:9b:cf:ba:27:87:b4:1a:c2:7f:b8:ab:a3:62:
                    ec:76:0c:a7:d8:de:85:15:8e:0e:32:e1:8b:3a:3a:
                    66:db:c5:f0:86:19:24:cc:f4:db:c9:c9:e1:dc:54:
                    19:bf:c2:b7:8c:86:43:01:54:2c:fa:05:46:74:bd:
                    2b:21:e4:78:84:51:66:e6:63:70:fd:9b:20:e7:ee:
                    5b:20:f4:05:e1:40:21:db:c6:9b:6f:ac:9a:0f:e0:
                    77:25:20:03:8a:46:50:92:84:8b:d5:53:4d:a3:64:
                    ac:d2:08:cd:66:c2:a0:ee:a6:59:1d:37:94:a6:9c:
                    9b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:55:B6:FF:67:7F:69:25:37:36:2E:0E:DE:25:13:85:82:C2:F9:E3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b0ec418-2c6c-4c00-9df5-b88648886f14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:35:b9:1a:ac:17:4f:fe:98:8b:77:b2:cf:cf:72:80:4f:c6:
         09:b3:5c:44:f6:20:2f:d0:8f:71:e6:32:78:3f:63:3c:b9:e2:
         64:7a:f5:61:d1:fe:f9:c7:70:e8:b6:7f:3a:af:9b:d2:04:cc:
         48:b3:9a:11:1a:d1:64:a4:bf:b2:37:e4:f5:da:d7:09:df:ce:
         a7:b8:3b:58:60:ca:96:2b:2e:ca:42:6a:ad:14:62:2b:6e:5c:
         51:8c:24:d4:3e:f5:8f:09:9a:f7:b1:f4:2e:c7:d0:34:7b:af:
         88:4a:de:29:01:9e:fe:8b:5e:18:85:c9:79:f1:38:7c:4c:06:
         2c:17:e2:01:8a:9d:c0:b5:c9:45:dd:a1:3a:8c:87:9c:ef:aa:
         d1:fb:34:ab:5a:c4:6c:b7:24:1e:aa:ca:70:b5:43:2f:91:89:
         d8:a0:9c:a3:3c:36:82:b9:44:d5:2c:6f:27:09:13:f5:11:4d:
         40:f1:9b:ce:48:8c:93:c5:40:53:d6:84:51:7f:cf:be:3c:42:
         9e:45:a3:6f:cf:fd:3e:38:72:3d:93:68:e5:14:43:91:f6:8e:
         60:81:e3:6a:f6:c7:dc:f0:94:98:61:77:06:07:5a:94:44:16:
         84:b0:e6:88:66:da:84:36:b8:c7:c6:ef:4e:02:5f:08:3c:11:
         37:d0:cf:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbQtVrtRANbgjgxpFdsJTWeJ9kGswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTcyMzQ4WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MWE3Y2MxZDEwM2VhMTI2MTQ1Yzk4MDczZmZhYzExM2Ew
YjQ5ZWEzZmRmNGE2NTA2OWVmMjRhNWE0ZTRiZThkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDntdMuyIJ5C/XQjnJsuCHW1pWXS9Z8x7Vr2qKNyg+TpI6q
MCYnap+e9nQOagXKCOreX5hlb6ymQbiHJ52vDgzh1iV12f+I3EBbpn+ojLjrmfxk
XuydB46NwbP5jciEwvfOTzKdLDlX/4oPN0DnMuX3h3NzNP3gQZa/QHNB/8eaGj8S
RWWyLgQqm8+6J4e0GsJ/uKujYux2DKfY3oUVjg4y4Ys6OmbbxfCGGSTM9NvJyeHc
VBm/wreMhkMBVCz6BUZ0vSsh5HiEUWbmY3D9myDn7lsg9AXhQCHbxptvrJoP4Hcl
IAOKRlCShIvVU02jZKzSCM1mwqDuplkdN5SmnJvvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP1W2/2d/aSU3Ni4O3iUThYLC+eMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdiMGVjNDE4LTJjNmMtNGMwMC05ZGY1LWI4ODY0ODg4NmYxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmlcwDQYJKoZIhvcNAQELBQADggEBAA41uRqsF0/+mIt3ss/PcoBPxgmz
XET2IC/Qj3HmMng/Yzy54mR69WHR/vnHcOi2fzqvm9IEzEizmhEa0WSkv7I35PXa
1wnfzqe4O1hgypYrLspCaq0UYituXFGMJNQ+9Y8Jmvex9C7H0DR7r4hK3ikBnv6L
XhiFyXnxOHxMBiwX4gGKncC1yUXdoTqMh5zvqtH7NKtaxGy3JB6qynC1Qy+Ridig
nKM8NoK5RNUsbycJE/URTUDxm85IjJPFQFPWhFF/z748Qp5Fo2/P/T44cj2TaOUU
Q5H2jmCB42r2x9zwlJhhdwYHWpREFoSw5ohm2oQ2uMfG704CXwg8ETfQz7s=
-----END CERTIFICATE-----