Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/83c637e0-f6e8-4e6c-bed0-7ccb3add4b3b.roa
File:                     83c637e0-f6e8-4e6c-bed0-7ccb3add4b3b.roa (raw, json)
Hash identifier:          I5g9QhdNNlHAzaSM4K8bxOHqI4C6qVqsyVUfuDixi4g=
Subject key identifier:   19:12:10:30:23:54:D7:5D:AC:16:12:A4:CB:8A:B3:0F:5C:82:3D:25
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0232A5A68B4D663CFE41A2CAC7D83EFC85605677
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/83c637e0-f6e8-4e6c-bed0-7ccb3add4b3b.roa
Signing time:             Mon 22 Sep 2025 21:01:17 +0000
ROA not before:           Mon 22 Sep 2025 21:01:17 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.172.90.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:32:a5:a6:8b:4d:66:3c:fe:41:a2:ca:c7:d8:3e:fc:85:60:56:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 21:01:17 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=2cb14e65bc157c8969947e2fc7ffcd43aba6157ca010edb7b1959838dad13f39, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3c:db:3c:ab:cf:13:eb:7d:c9:2e:f2:ff:17:
                    bb:99:ab:0a:bb:81:aa:8a:a5:17:17:16:9c:d2:a8:
                    42:24:41:0c:db:f1:f9:a9:75:f7:d0:a6:8d:b5:92:
                    26:c0:dd:a8:45:a6:ac:15:56:17:6d:e7:81:bf:2a:
                    96:70:09:0f:9b:04:d2:f6:52:67:c9:fe:27:91:42:
                    0a:84:19:ab:79:0f:3c:01:e4:7b:62:a5:ce:c6:17:
                    ee:b7:15:1b:d0:04:65:11:18:85:a3:9d:b7:cc:f4:
                    90:c5:35:3c:d5:89:c0:7e:42:a6:5d:99:33:cc:83:
                    56:17:1d:0b:b7:ca:ce:18:d0:3d:47:c5:74:1c:c7:
                    5e:46:4e:4a:d7:b6:f3:bd:d1:f0:51:08:fe:e4:46:
                    90:99:2b:b2:ed:ed:c1:3e:f8:b7:5d:a9:c9:ca:91:
                    21:e8:be:20:51:8e:86:84:0d:ea:7b:c3:15:ae:d4:
                    d1:6d:80:98:fc:52:a6:4b:e5:25:ac:c9:96:05:be:
                    68:20:13:27:6a:42:db:2a:f4:57:95:05:f2:87:95:
                    c3:8e:71:b0:cb:d4:82:73:ae:2c:63:94:a8:e5:a2:
                    92:99:ee:a9:95:17:da:2f:4d:bc:33:6e:89:2a:fa:
                    4c:d8:17:bf:ce:36:21:49:c7:37:98:c7:70:16:d5:
                    f1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:12:10:30:23:54:D7:5D:AC:16:12:A4:CB:8A:B3:0F:5C:82:3D:25
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/83c637e0-f6e8-4e6c-bed0-7ccb3add4b3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.172.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:b3:49:78:83:f1:61:89:77:13:4f:e5:ca:4d:07:b7:de:46:
         9e:bf:51:ef:e8:07:8f:f9:27:4c:5e:f1:e2:30:fe:a1:f3:35:
         45:8d:1f:80:06:88:c3:f3:b0:cc:32:de:a5:1e:75:57:51:df:
         4c:3b:dd:cf:7b:e0:a3:e8:9b:e3:25:b5:18:d6:6c:a0:67:e2:
         97:31:cf:0e:2f:35:4c:a6:90:12:cb:61:68:39:b5:a9:32:9d:
         ce:1b:19:7d:78:0b:52:75:5f:b5:b5:2d:d5:c1:3c:89:6f:f0:
         8a:e1:1b:18:d6:1d:29:22:d9:7b:80:8d:4c:4f:e6:f9:e4:28:
         5c:fa:10:a9:94:04:f9:68:46:e4:92:31:b4:22:1e:38:a4:45:
         4b:01:c9:40:31:56:92:24:be:4a:bf:88:2d:64:a7:47:a8:52:
         59:24:2d:af:44:e9:d6:2c:81:70:47:9c:aa:da:9a:30:b3:5d:
         1e:d1:1d:77:dc:c4:f3:e3:b5:cf:94:c8:da:16:36:27:f8:30:
         a5:47:1b:13:ca:46:7a:6e:ac:0b:db:0d:a1:cb:8b:6b:96:32:
         7e:ff:3a:2c:12:46:5f:df:71:c0:3c:ca:30:15:df:ce:7e:89:
         68:5d:1d:2d:cc:22:27:b3:61:ad:38:ab:ab:27:e8:75:5e:e4:
         e0:53:2d:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAjKlpotNZjz+QaLKx9g+/IVgVncwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjEwMTE3WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2IxNGU2NWJjMTU3Yzg5Njk5NDdlMmZjN2ZmY2Q0M2Fi
YTYxNTdjYTAxMGVkYjdiMTk1OTgzOGRhZDEzZjM5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOPNs8q88T633JLvL/F7uZqwq7gaqKpRcXFpzSqEIkQQzb
8fmpdffQpo21kibA3ahFpqwVVhdt54G/KpZwCQ+bBNL2UmfJ/ieRQgqEGat5DzwB
5Htipc7GF+63FRvQBGURGIWjnbfM9JDFNTzVicB+QqZdmTPMg1YXHQu3ys4Y0D1H
xXQcx15GTkrXtvO90fBRCP7kRpCZK7Lt7cE++LddqcnKkSHoviBRjoaEDep7wxWu
1NFtgJj8UqZL5SWsyZYFvmggEydqQtsq9FeVBfKHlcOOcbDL1IJzrixjlKjlopKZ
7qmVF9ovTbwzbokq+kzYF7/ONiFJxzeYx3AW1fFvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGRIQMCNU112sFhKky4qzD1yCPSUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgzYzYzN2UwLWY2ZTgtNGU2Yy1iZWQwLTdjY2IzYWRkNGIzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESrFowDQYJKoZIhvcNAQELBQADggEBABKzSXiD8WGJdxNP5cpNB7feRp6/
Ue/oB4/5J0xe8eIw/qHzNUWNH4AGiMPzsMwy3qUedVdR30w73c974KPom+MltRjW
bKBn4pcxzw4vNUymkBLLYWg5takync4bGX14C1J1X7W1LdXBPIlv8IrhGxjWHSki
2XuAjUxP5vnkKFz6EKmUBPloRuSSMbQiHjikRUsByUAxVpIkvkq/iC1kp0eoUlkk
La9E6dYsgXBHnKramjCzXR7RHXfcxPPjtc+UyNoWNif4MKVHGxPKRnpurAvbDaHL
i2uWMn7/OiwSRl/fccA8yjAV385+iWhdHS3MIiezYa04q6sn6HVe5OBTLUw=
-----END CERTIFICATE-----