Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/872a7ff0-1c93-40c3-8b6a-7224229f2815.roa
File:                     872a7ff0-1c93-40c3-8b6a-7224229f2815.roa (raw, json)
Hash identifier:          rPqbqoHKWm41OciZjwNpZjPqI7g716Z9wg9GOq4qX3g=
Subject key identifier:   C9:03:91:67:25:67:A9:55:BE:D8:90:86:4F:D3:2C:12:7E:88:9E:CF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       533FEDFF26EB9DFE0B663E99DBCE9B0BCACF724D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/872a7ff0-1c93-40c3-8b6a-7224229f2815.roa
Signing time:             Mon 22 Sep 2025 23:30:04 +0000
ROA not before:           Mon 22 Sep 2025 23:30:04 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.128.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:3f:ed:ff:26:eb:9d:fe:0b:66:3e:99:db:ce:9b:0b:ca:cf:72:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:30:04 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=0afe5d8324324d1332bdd9ed809888f60f57471fa8e2ad6b7c33bc5bf6aac905, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b2:11:de:d6:65:7d:e0:5f:e9:ee:a0:02:08:
                    f9:9f:8c:21:84:1c:cf:b8:fb:2d:77:30:d1:62:42:
                    4d:86:23:8f:aa:ae:26:8a:61:1e:d7:02:b3:80:16:
                    06:57:dd:97:7e:eb:a6:db:28:6d:99:37:0b:10:7e:
                    d1:7b:4f:7f:d8:db:ec:34:c5:ff:af:d9:8d:32:34:
                    25:49:22:e3:6c:80:db:04:44:96:71:6a:73:57:39:
                    cc:2e:28:65:5b:df:57:d4:e6:5e:d6:dc:93:64:fa:
                    04:7a:d8:36:52:e8:24:b0:8b:f7:b2:7e:c5:f8:cc:
                    cd:83:7a:b1:cf:ee:13:60:ba:11:11:51:15:c3:18:
                    8e:14:ff:cd:c9:9a:c4:ae:87:2a:0b:0b:46:87:77:
                    c3:35:e5:7c:de:3e:d1:65:b4:a3:e3:47:05:da:cf:
                    0a:98:8d:ca:9e:fa:13:15:1d:59:d8:47:f4:c8:5c:
                    2f:17:c2:f6:9a:b6:63:df:9b:a9:73:f6:64:27:40:
                    bb:bb:31:44:14:2a:a6:8d:11:7a:e3:69:b3:1f:34:
                    91:31:13:19:17:1c:a9:b1:d3:3a:25:b3:93:1b:3a:
                    46:e1:5e:cb:95:7d:6f:d2:b0:aa:a4:79:78:32:87:
                    08:ed:b1:eb:45:c2:fd:6d:20:a3:f5:eb:22:8c:77:
                    38:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:03:91:67:25:67:A9:55:BE:D8:90:86:4F:D3:2C:12:7E:88:9E:CF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/872a7ff0-1c93-40c3-8b6a-7224229f2815.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:0a:24:5d:f5:46:d8:a6:26:db:e2:fc:36:cf:10:08:ad:32:
         07:c3:7d:13:ef:44:42:42:47:9e:92:d4:b3:33:e5:7f:c1:60:
         71:6d:e0:7e:25:69:77:41:4f:bd:63:81:38:6e:28:9f:73:08:
         fc:fe:ca:fc:e7:e1:8e:1f:ce:e8:c0:ac:8c:18:b2:b9:1a:c9:
         1b:9c:45:e6:cb:cb:7a:e3:66:ba:60:7d:ec:37:07:bc:37:b0:
         40:f6:f5:24:59:c9:03:b0:c6:e5:3d:73:3b:67:ba:7d:86:c5:
         93:e3:f9:8a:4f:94:53:63:65:ee:a6:30:0b:fb:ee:e8:58:33:
         fb:b8:44:6f:91:a8:97:5b:3b:8b:80:89:df:a2:83:46:74:b9:
         ff:c2:f4:be:84:a5:d3:00:f2:53:13:b0:96:c2:21:f9:2f:4f:
         16:78:b9:d4:75:cf:89:f1:ff:4f:fd:84:f8:f8:25:ee:24:18:
         2c:67:fe:58:6d:48:00:82:ab:e9:0a:af:aa:8c:21:39:2e:6c:
         19:2b:e4:26:fb:a6:53:99:43:0c:6c:40:82:d9:3d:ae:6e:16:
         16:2e:15:0f:0a:d3:24:3e:7b:f5:d6:dc:76:e8:e3:8e:e3:a2:
         da:5e:aa:e1:5c:64:88:61:b0:14:a1:b3:b4:15:cb:53:25:12:
         fa:26:bd:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUz/t/ybrnf4LZj6Z286bC8rPck0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjMzMDA0WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWZlNWQ4MzI0MzI0ZDEzMzJiZGQ5ZWQ4MDk4ODhmNjBm
NTc0NzFmYThlMmFkNmI3YzMzYmM1YmY2YWFjOTA1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkshHe1mV94F/p7qACCPmfjCGEHM+4+y13MNFiQk2GI4+q
riaKYR7XArOAFgZX3Zd+66bbKG2ZNwsQftF7T3/Y2+w0xf+v2Y0yNCVJIuNsgNsE
RJZxanNXOcwuKGVb31fU5l7W3JNk+gR62DZS6CSwi/eyfsX4zM2DerHP7hNguhER
URXDGI4U/83JmsSuhyoLC0aHd8M15XzePtFltKPjRwXazwqYjcqe+hMVHVnYR/TI
XC8XwvaatmPfm6lz9mQnQLu7MUQUKqaNEXrjabMfNJExExkXHKmx0zols5MbOkbh
XsuVfW/SsKqkeXgyhwjtsetFwv1tIKP16yKMdzhbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyQORZyVnqVW+2JCGT9MsEn6Ins8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg3MmE3ZmYwLTFjOTMtNDBjMy04YjZhLTcyMjQyMjlmMjgxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMS9YAwDQYJKoZIhvcNAQELBQADggEBAG8KJF31RtimJtvi/DbPEAitMgfD
fRPvREJCR56S1LMz5X/BYHFt4H4laXdBT71jgThuKJ9zCPz+yvzn4Y4fzujArIwY
srkayRucRebLy3rjZrpgfew3B7w3sED29SRZyQOwxuU9cztnun2GxZPj+YpPlFNj
Ze6mMAv77uhYM/u4RG+RqJdbO4uAid+ig0Z0uf/C9L6EpdMA8lMTsJbCIfkvTxZ4
udR1z4nx/0/9hPj4Je4kGCxn/lhtSACCq+kKr6qMITkubBkr5Cb7plOZQwxsQILZ
Pa5uFhYuFQ8K0yQ+e/XW3Hbo447jotpequFcZIhhsBShs7QVy1MlEvomvfw=
-----END CERTIFICATE-----