Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7e0a78ad-7538-452e-8568-f2c021858c5f.roa
File:                     7e0a78ad-7538-452e-8568-f2c021858c5f.roa (raw, json)
Hash identifier:          PlhwT6kn84UVu6+4AgsfKY33PXJzd6X1r6YL77J+y+k=
Subject key identifier:   55:FA:B2:D1:C4:31:3C:3F:15:E3:D4:38:8A:70:4E:FB:E4:14:A3:14
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2F00B49EBC1F0AE459709F1BA56145753E2D1D02
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7e0a78ad-7538-452e-8568-f2c021858c5f.roa
Signing time:             Mon 22 Sep 2025 21:23:34 +0000
ROA not before:           Mon 22 Sep 2025 21:23:34 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.172.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:00:b4:9e:bc:1f:0a:e4:59:70:9f:1b:a5:61:45:75:3e:2d:1d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 21:23:34 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=c67432de67195a8de6649fe5ac7e9805bf73715a01483a17d144886d03fd6c3f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:25:7d:7e:9e:66:e2:51:32:a5:73:53:7e:7e:
                    0e:9e:ff:5b:9d:96:8c:81:b0:84:7e:ba:0a:75:a6:
                    70:d4:cf:56:e4:77:8e:3b:56:8a:ad:19:d6:71:b5:
                    c2:50:d5:37:41:03:38:d1:95:42:1f:bf:2d:23:04:
                    f2:12:95:55:db:74:ac:33:b2:9d:ea:d0:d4:2d:9e:
                    c0:b5:62:03:07:6f:c0:da:33:b0:77:ad:e8:0c:05:
                    f7:ee:d6:e0:f0:16:ef:d7:6e:ca:7f:38:d8:45:1d:
                    95:58:f2:2c:1e:2d:2e:8a:8e:22:6a:fd:d9:1f:ed:
                    75:8f:f2:8c:de:9e:d1:10:14:e6:43:85:9d:ef:17:
                    50:85:52:77:6a:d3:c6:4a:7e:83:09:22:7e:15:13:
                    d1:2b:43:9a:d3:8f:4b:0e:db:b2:95:a6:27:7d:6a:
                    8e:83:38:04:2a:67:3a:2d:31:b6:84:48:4e:28:67:
                    72:b2:9c:f7:25:00:ab:31:4f:c1:41:72:9d:3d:3c:
                    e4:b6:0c:b2:77:a5:a0:9b:40:c2:93:49:bd:25:26:
                    c2:96:5e:d0:a2:b9:7e:ff:89:8e:3c:09:96:ef:70:
                    ae:4d:08:84:e8:15:37:96:0c:68:b3:73:22:87:cb:
                    9b:3d:a0:cc:e9:98:46:2b:ab:cb:2c:a8:ea:ba:cc:
                    bb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FA:B2:D1:C4:31:3C:3F:15:E3:D4:38:8A:70:4E:FB:E4:14:A3:14
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7e0a78ad-7538-452e-8568-f2c021858c5f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.172.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3c:51:0f:2a:7f:be:59:16:b1:25:80:ca:0e:c7:92:b1:69:aa:
         5d:f9:b0:4c:75:50:22:1d:3a:38:06:80:e2:ad:7f:d7:2a:2e:
         d4:ca:4d:5c:69:0f:e5:32:39:d6:d5:8f:35:ac:25:7c:71:f4:
         49:e7:79:c3:75:94:4b:d5:be:be:5b:c4:f3:9c:e4:09:63:8e:
         ec:f0:e3:e7:aa:e8:a2:66:51:24:1d:fb:7d:a0:ac:80:17:64:
         ed:13:dd:96:dd:58:24:a2:72:89:0f:ce:aa:91:1f:7c:ff:22:
         b4:1c:b4:3e:c1:55:c0:2e:58:38:63:14:56:e7:17:8b:de:fc:
         2b:d8:19:0e:c8:ad:03:05:96:58:d0:59:1d:ac:ca:10:f1:4e:
         cf:ca:57:6b:89:55:72:d0:61:17:a3:10:c1:02:99:3e:b7:1f:
         0c:9c:89:f9:26:50:01:4f:b7:89:bb:2e:cc:cb:6d:a9:c0:16:
         c6:75:a1:2f:04:3a:e1:fd:2b:2f:3d:7b:5c:3c:a7:2b:57:ac:
         d0:ab:c8:58:54:6e:9e:cd:55:8d:e3:9f:93:ea:31:24:61:f9:
         cc:6a:1c:e7:51:49:d2:7f:72:4a:de:bc:0e:ef:19:79:1d:22:
         d4:c2:50:f1:4d:e3:d7:1c:62:2f:92:5f:2c:15:8d:74:ce:7b:
         9d:50:4c:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULwC0nrwfCuRZcJ8bpWFFdT4tHQIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjEyMzM0WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjc0MzJkZTY3MTk1YThkZTY2NDlmZTVhYzdlOTgwNWJm
NzM3MTVhMDE0ODNhMTdkMTQ0ODg2ZDAzZmQ2YzNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCJX1+nmbiUTKlc1N+fg6e/1udloyBsIR+ugp1pnDUz1bk
d447VoqtGdZxtcJQ1TdBAzjRlUIfvy0jBPISlVXbdKwzsp3q0NQtnsC1YgMHb8Da
M7B3regMBffu1uDwFu/Xbsp/ONhFHZVY8iweLS6KjiJq/dkf7XWP8ozentEQFOZD
hZ3vF1CFUndq08ZKfoMJIn4VE9ErQ5rTj0sO27KVpid9ao6DOAQqZzotMbaESE4o
Z3KynPclAKsxT8FBcp09POS2DLJ3paCbQMKTSb0lJsKWXtCiuX7/iY48CZbvcK5N
CIToFTeWDGizcyKHy5s9oMzpmEYrq8ssqOq6zLvvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVfqy0cQxPD8V49Q4inBO++QUoxQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdlMGE3OGFkLTc1MzgtNDUyZS04NTY4LWYyYzAyMTg1OGM1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQSrPAwDQYJKoZIhvcNAQELBQADggEBADxRDyp/vlkWsSWAyg7HkrFpql35
sEx1UCIdOjgGgOKtf9cqLtTKTVxpD+UyOdbVjzWsJXxx9EnnecN1lEvVvr5bxPOc
5Aljjuzw4+eq6KJmUSQd+32grIAXZO0T3ZbdWCSicokPzqqRH3z/IrQctD7BVcAu
WDhjFFbnF4ve/CvYGQ7IrQMFlljQWR2syhDxTs/KV2uJVXLQYRejEMECmT63Hwyc
ifkmUAFPt4m7LszLbanAFsZ1oS8EOuH9Ky89e1w8pytXrNCryFhUbp7NVY3jn5Pq
MSRh+cxqHOdRSdJ/ckrevA7vGXkdItTCUPFN49ccYi+SXywVjXTOe51QTDY=
-----END CERTIFICATE-----