Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/832433c0-2d05-47b3-9d29-159cc47579fc.roa
File:                     832433c0-2d05-47b3-9d29-159cc47579fc.roa (raw, json)
Hash identifier:          Z4CLodgizVa7uaytYoz/g7h28KZf0gkRo8Y1gFLDtmw=
Subject key identifier:   65:40:39:64:D3:4C:8E:36:D5:7D:FC:77:8C:C6:48:C2:DD:82:E5:89
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       52514ACA4575392FF90A30CE688F9F78B0DDB380
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/832433c0-2d05-47b3-9d29-159cc47579fc.roa
Signing time:             Wed 24 Sep 2025 22:46:49 +0000
ROA not before:           Wed 24 Sep 2025 22:46:49 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:51:4a:ca:45:75:39:2f:f9:0a:30:ce:68:8f:9f:78:b0:dd:b3:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 22:46:49 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=a1250f1180aceb6f9d2940ac1132c995c0b4b2e6ba93d28f78b07ca0b6979905, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:8d:37:b8:5a:df:b7:e2:cb:bf:1c:69:16:
                    60:85:2b:77:d5:92:a7:63:a3:89:dc:7b:d5:80:0b:
                    d8:97:09:65:30:17:7f:22:6d:e2:81:c1:30:b8:c4:
                    39:61:e0:f0:7e:3a:1a:cc:54:4e:4a:ff:2a:2f:8b:
                    97:8d:ce:cf:70:be:87:11:bc:2a:75:bf:b8:d1:63:
                    89:c2:7f:8c:a5:49:e7:fc:4b:74:6c:b0:65:85:f4:
                    6b:cf:1d:b4:51:05:0e:2d:2a:73:03:70:8c:0d:2a:
                    f1:4c:6e:d4:e1:30:27:d1:9d:54:05:58:b8:97:7f:
                    d1:f1:72:48:0e:da:32:15:9a:c9:3f:56:62:6b:2f:
                    1d:99:2c:5e:22:74:b2:0d:91:9c:59:5f:7d:ce:d3:
                    79:f3:fd:de:d9:a8:4f:6e:c5:b9:f1:85:8b:e2:8a:
                    f9:f2:9e:a5:21:c3:6e:01:58:e8:fa:30:55:79:54:
                    62:35:fb:d5:74:d9:c4:54:04:a3:28:99:d7:7c:6d:
                    cc:2f:f3:ae:92:9c:b9:63:3a:b1:af:f7:b6:1b:df:
                    22:fd:e8:76:be:ad:2f:90:91:e5:2c:e2:32:6e:df:
                    4e:2e:85:a6:fd:e5:af:4c:d3:7f:ef:3b:1d:44:6c:
                    a2:6b:96:11:6b:ba:bb:8f:a5:f6:59:ea:5d:a7:11:
                    43:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:40:39:64:D3:4C:8E:36:D5:7D:FC:77:8C:C6:48:C2:DD:82:E5:89
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/832433c0-2d05-47b3-9d29-159cc47579fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:32:0e:68:6a:99:59:3c:a2:d7:18:c9:56:2e:04:9a:69:2b:
         ec:df:d5:ef:ad:8d:3b:b0:28:2c:97:d6:cb:82:02:d2:31:b3:
         86:da:d4:ac:ee:5a:c7:7d:99:1f:da:62:8d:4b:b2:3a:4f:96:
         59:cd:bc:e1:30:a7:37:90:72:de:5f:a2:80:cc:90:2d:4b:2e:
         7e:f6:8b:f3:0e:07:f9:d3:bc:b5:1a:59:a8:0b:34:96:28:fb:
         89:29:7b:88:8a:12:32:71:ea:30:e5:d2:82:08:bb:f9:8d:f7:
         0e:85:e0:d0:99:c2:f0:68:63:78:35:52:c5:d1:39:49:a0:02:
         0e:fb:0b:85:c2:64:52:6a:9e:93:08:dc:ac:3d:48:ef:5d:f2:
         aa:fb:c5:a7:d8:8a:1c:38:63:24:29:61:50:e3:dd:23:89:5b:
         3c:49:a2:71:73:d5:da:08:64:9c:d2:92:69:94:34:9d:43:0c:
         6d:91:4b:1d:87:ab:17:21:11:18:c7:7c:d0:fd:ae:78:83:bb:
         b3:b2:01:9c:a8:90:b6:f1:48:54:ff:a7:31:53:61:64:23:82:
         dd:8f:33:cb:90:66:7a:ca:9f:36:bc:18:c2:58:62:96:68:fc:
         d9:eb:a9:3c:36:f9:20:07:c1:ea:ca:16:61:f0:72:8a:13:42:
         fd:7e:46:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUlFKykV1OS/5CjDOaI+feLDds4AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjI0NjQ5WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTI1MGYxMTgwYWNlYjZmOWQyOTQwYWMxMTMyYzk5NWMw
YjRiMmU2YmE5M2QyOGY3OGIwN2NhMGI2OTc5OTA1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNH403uFrft+LLvxxpFmCFK3fVkqdjo4nce9WAC9iXCWUw
F38ibeKBwTC4xDlh4PB+OhrMVE5K/yovi5eNzs9wvocRvCp1v7jRY4nCf4ylSef8
S3RssGWF9GvPHbRRBQ4tKnMDcIwNKvFMbtThMCfRnVQFWLiXf9HxckgO2jIVmsk/
VmJrLx2ZLF4idLINkZxZX33O03nz/d7ZqE9uxbnxhYviivnynqUhw24BWOj6MFV5
VGI1+9V02cRUBKMomdd8bcwv866SnLljOrGv97Yb3yL96Ha+rS+QkeUs4jJu304u
hab95a9M03/vOx1EbKJrlhFruruPpfZZ6l2nEUOTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZUA5ZNNMjjbVffx3jMZIwt2C5YkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgzMjQzM2MwLTJkMDUtNDdiMy05ZDI5LTE1OWNjNDc1NzlmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISQPQwDQYJKoZIhvcNAQELBQADggEBAB4yDmhqmVk8otcYyVYuBJppK+zf
1e+tjTuwKCyX1suCAtIxs4ba1KzuWsd9mR/aYo1LsjpPllnNvOEwpzeQct5fooDM
kC1LLn72i/MOB/nTvLUaWagLNJYo+4kpe4iKEjJx6jDl0oIIu/mN9w6F4NCZwvBo
Y3g1UsXROUmgAg77C4XCZFJqnpMI3Kw9SO9d8qr7xafYihw4YyQpYVDj3SOJWzxJ
onFz1doIZJzSkmmUNJ1DDG2RSx2HqxchERjHfND9rniDu7OyAZyokLbxSFT/pzFT
YWQjgt2PM8uQZnrKnza8GMJYYpZo/NnrqTw2+SAHwerKFmHwcooTQv1+Rk0=
-----END CERTIFICATE-----