Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d660049-b3dd-4e9f-8930-8687c149cd82.roa
File:                     7d660049-b3dd-4e9f-8930-8687c149cd82.roa (raw, json)
Hash identifier:          9OoIrsw0EJGsrbFiHvzQ3KMeGqML23pIEw1zA8Ro2GU=
Subject key identifier:   95:E5:E8:26:70:8F:8A:13:9A:C2:E8:4B:70:0B:E9:35:35:28:87:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       094F67B02EB1863AA6FD004C90B5197FB42BD391
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d660049-b3dd-4e9f-8930-8687c149cd82.roa
Signing time:             Mon 22 Sep 2025 22:23:34 +0000
ROA not before:           Mon 22 Sep 2025 22:23:34 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:4f:67:b0:2e:b1:86:3a:a6:fd:00:4c:90:b5:19:7f:b4:2b:d3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:23:34 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=914c50234429ca192b11340216818dd99015b37c43bacf87a7568fa2d77826d1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:35:d0:b5:a0:70:d0:80:17:60:b4:c6:f7:dc:
                    52:84:7b:a5:9c:f8:e2:36:60:3c:92:39:b6:21:7e:
                    54:9e:71:cf:1f:6c:9b:fa:80:aa:bc:6b:f4:51:f0:
                    38:76:16:47:a0:87:92:30:61:2e:86:61:0c:a0:6d:
                    9b:6b:60:81:82:74:e1:7b:0d:0e:7e:3d:47:21:e3:
                    21:1c:ef:7e:44:02:de:11:b8:a3:ec:b3:3e:5b:ba:
                    16:9b:c1:2a:3e:1a:1c:24:49:bc:1a:b8:cf:13:df:
                    90:bd:68:85:37:25:77:3e:1a:84:a0:66:f3:b0:90:
                    e2:f9:3c:c7:16:df:ff:9f:95:79:a8:1c:8c:c2:f9:
                    d3:0f:66:5e:47:cc:9f:49:8b:f5:8e:c2:d9:ad:53:
                    ec:63:4f:24:a1:15:da:62:16:b5:85:8b:ad:ec:91:
                    82:3e:1a:70:35:87:2f:79:91:e6:80:f4:44:e6:b8:
                    6b:7d:61:92:d7:0f:ac:96:4c:12:b0:2c:a2:85:a4:
                    ab:f4:31:ae:2d:65:61:c5:41:7b:6e:e4:20:5e:87:
                    0c:3a:4a:1e:0c:e1:c0:62:20:73:f3:26:19:3f:d0:
                    7d:13:e6:b4:4c:fd:0b:54:d1:8a:08:49:57:f5:fa:
                    2d:ce:c2:5b:d0:6b:7a:0a:b3:5f:d6:b6:4a:e5:2e:
                    02:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E5:E8:26:70:8F:8A:13:9A:C2:E8:4B:70:0B:E9:35:35:28:87:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d660049-b3dd-4e9f-8930-8687c149cd82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:b3:f0:a4:1b:f7:df:a1:29:82:28:f2:7c:57:83:3f:2d:9f:
         18:f3:73:dc:86:5a:71:f8:96:19:08:36:a3:41:ac:64:86:c4:
         3b:e1:87:aa:95:02:2a:0d:f7:e3:46:da:dd:d3:ff:93:50:4a:
         14:e5:c2:25:d3:b2:fa:6f:5e:39:9f:53:8d:40:ca:b9:21:49:
         c9:e3:9c:f0:39:46:99:fc:03:2e:31:5e:2f:74:0f:3b:b1:1e:
         47:1d:d2:89:1e:a4:f0:19:57:dc:96:bb:1c:6e:c8:51:32:84:
         05:48:84:54:66:f9:8c:62:06:93:26:78:f8:91:64:eb:3f:45:
         b9:13:fa:28:d8:bf:89:46:0c:0c:65:29:ff:b7:27:c1:01:e0:
         0e:32:b3:63:d6:84:ad:f4:8a:c9:3f:97:8c:cd:7c:eb:a8:20:
         54:54:ce:6d:3b:e4:66:c0:f3:f4:c0:8d:c9:d8:e5:cf:43:67:
         c3:37:12:e1:e3:11:dd:dd:72:fe:38:d7:86:47:5b:17:e2:9d:
         e6:50:ad:bf:39:29:e7:74:9b:37:af:7f:71:c8:78:c2:ec:b0:
         43:a3:d5:ba:b1:8f:d2:eb:7c:bb:0d:6f:01:01:bc:5d:97:0c:
         95:4c:3d:bc:0c:b0:cf:f6:e6:cd:84:b8:fe:10:28:53:dc:83:
         c5:42:ac:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCU9nsC6xhjqm/QBMkLUZf7Qr05EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjIyMzM0WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTRjNTAyMzQ0MjljYTE5MmIxMTM0MDIxNjgxOGRkOTkw
MTViMzdjNDNiYWNmODdhNzU2OGZhMmQ3NzgyNmQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPNdC1oHDQgBdgtMb33FKEe6Wc+OI2YDySObYhflSecc8f
bJv6gKq8a/RR8Dh2Fkegh5IwYS6GYQygbZtrYIGCdOF7DQ5+PUch4yEc735EAt4R
uKPssz5buhabwSo+GhwkSbwauM8T35C9aIU3JXc+GoSgZvOwkOL5PMcW3/+flXmo
HIzC+dMPZl5HzJ9Ji/WOwtmtU+xjTyShFdpiFrWFi63skYI+GnA1hy95keaA9ETm
uGt9YZLXD6yWTBKwLKKFpKv0Ma4tZWHFQXtu5CBehww6Sh4M4cBiIHPzJhk/0H0T
5rRM/QtU0YoISVf1+i3OwlvQa3oKs1/WtkrlLgI9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUleXoJnCPihOawuhLcAvpNTUohzowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdkNjYwMDQ5LWIzZGQtNGU5Zi04OTMwLTg2ODdjMTQ5Y2Q4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIS70gwDQYJKoZIhvcNAQELBQADggEBADyz8KQb99+hKYIo8nxXgz8tnxjz
c9yGWnH4lhkINqNBrGSGxDvhh6qVAioN9+NG2t3T/5NQShTlwiXTsvpvXjmfU41A
yrkhScnjnPA5Rpn8Ay4xXi90DzuxHkcd0okepPAZV9yWuxxuyFEyhAVIhFRm+Yxi
BpMmePiRZOs/RbkT+ijYv4lGDAxlKf+3J8EB4A4ys2PWhK30isk/l4zNfOuoIFRU
zm075GbA8/TAjcnY5c9DZ8M3EuHjEd3dcv4414ZHWxfineZQrb85Ked0mzevf3HI
eMLssEOj1bqxj9LrfLsNbwEBvF2XDJVMPbwMsM/25s2EuP4QKFPcg8VCrAs=
-----END CERTIFICATE-----