Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8a6bf3a2-1f52-43aa-9d06-7d28263b83e1.roa
File:                     8a6bf3a2-1f52-43aa-9d06-7d28263b83e1.roa (raw, json)
Hash identifier:          LmqYRv7eEKYBoV4E4M2p1xeynmGL3No1TUlxla4FLxA=
Subject key identifier:   B1:1F:B5:11:6A:5B:A8:33:1C:76:1C:E9:92:3E:B7:E1:91:92:4A:75
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       252291BDB9F48C3D0BBE4F97714934E8B79BD1F6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8a6bf3a2-1f52-43aa-9d06-7d28263b83e1.roa
Signing time:             Wed 24 Sep 2025 21:37:08 +0000
ROA not before:           Wed 24 Sep 2025 21:37:08 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:22:91:bd:b9:f4:8c:3d:0b:be:4f:97:71:49:34:e8:b7:9b:d1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:37:08 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=b873068c6ffc11afbcdf009d2a490fbec40b7f425cdffd12ce2c2fa48874c5f6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2c:d7:b2:b3:19:9a:68:f2:2e:c0:7f:c6:e4:
                    b4:57:fc:73:32:2c:fe:3f:3b:6f:e7:f1:f7:ad:66:
                    67:80:1e:b8:5c:63:a5:0d:1a:f3:fc:b8:a1:f4:64:
                    e5:6e:47:1a:88:4c:0a:8c:e4:30:e2:fd:c2:04:60:
                    b7:47:b4:af:cb:03:49:fb:7a:d6:7f:a8:50:74:5d:
                    93:1a:2c:5d:5e:64:b2:c6:66:91:bd:32:d4:d0:ea:
                    87:a9:ce:a0:e4:02:79:ad:ef:b7:ff:1f:fe:02:21:
                    3a:dc:6f:6c:5e:1f:44:fb:4c:66:e0:0f:07:c0:25:
                    97:f6:cb:53:01:ef:ba:0d:2a:7b:f2:38:8b:0f:66:
                    36:b5:73:7b:fc:32:d6:9e:61:62:65:7a:66:d4:00:
                    91:db:cd:9c:fa:30:38:32:fd:a6:0d:91:12:78:4a:
                    cf:3d:98:0a:5c:3e:98:03:b5:fc:05:75:b9:aa:7a:
                    90:2f:04:9c:47:e3:70:04:8a:58:dd:2a:7e:a1:e7:
                    82:1e:e2:92:5c:0e:0d:03:bf:f4:30:76:32:8c:f1:
                    df:be:41:d1:93:7a:1a:24:1e:c7:07:77:c1:21:01:
                    1a:b2:00:b6:fc:08:c6:a1:71:87:74:bd:d5:86:6a:
                    fa:7d:47:e3:7f:4c:45:94:4f:a5:8e:26:08:6d:55:
                    93:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:1F:B5:11:6A:5B:A8:33:1C:76:1C:E9:92:3E:B7:E1:91:92:4A:75
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8a6bf3a2-1f52-43aa-9d06-7d28263b83e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:41:b0:10:81:26:ef:47:4b:62:f0:59:02:58:fa:ea:3a:b0:
         a6:71:a1:87:af:9f:06:05:9b:b1:1d:39:27:67:34:2c:fc:b4:
         f2:b3:d9:70:b4:40:02:8e:48:4c:17:d8:38:c4:82:06:76:17:
         23:30:80:b7:78:78:f0:38:b1:9b:6e:1f:7f:5e:b9:22:d9:71:
         85:18:72:cd:00:88:c8:4d:91:e7:1c:75:f8:f2:47:7a:82:eb:
         98:66:1a:c4:a4:aa:5a:91:a3:3a:9c:38:df:38:99:ce:86:a0:
         40:3b:10:58:f0:f6:68:dc:19:96:5a:48:db:ff:4d:89:0a:00:
         8a:74:e4:8b:d0:f4:4d:14:3c:ba:a6:df:e8:d7:2e:ab:d9:70:
         83:1b:42:de:46:06:f3:d5:08:b3:aa:af:bf:be:87:bf:c6:b6:
         05:92:38:ea:b8:74:8f:8e:21:9f:0e:98:b1:9f:f1:54:b6:d0:
         ef:40:02:2d:74:30:11:d4:4f:e9:64:e3:31:cb:1d:e5:6e:70:
         4c:42:98:d6:43:df:26:33:9d:09:54:f6:5e:95:1f:b3:3f:fd:
         f7:d4:e6:ab:97:e8:f4:80:0c:80:79:1c:81:a8:17:08:2f:41:
         10:ba:dd:b3:6f:78:67:12:25:6c:03:3b:a9:2a:b9:03:c4:62:
         1f:29:10:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJSKRvbn0jD0Lvk+XcUk06Leb0fYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjEzNzA4WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODczMDY4YzZmZmMxMWFmYmNkZjAwOWQyYTQ5MGZiZWM0
MGI3ZjQyNWNkZmZkMTJjZTJjMmZhNDg4NzRjNWY2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCILNeysxmaaPIuwH/G5LRX/HMyLP4/O2/n8fetZmeAHrhc
Y6UNGvP8uKH0ZOVuRxqITAqM5DDi/cIEYLdHtK/LA0n7etZ/qFB0XZMaLF1eZLLG
ZpG9MtTQ6oepzqDkAnmt77f/H/4CITrcb2xeH0T7TGbgDwfAJZf2y1MB77oNKnvy
OIsPZja1c3v8MtaeYWJlembUAJHbzZz6MDgy/aYNkRJ4Ss89mApcPpgDtfwFdbmq
epAvBJxH43AEiljdKn6h54Ie4pJcDg0Dv/QwdjKM8d++QdGTehokHscHd8EhARqy
ALb8CMahcYd0vdWGavp9R+N/TEWUT6WOJghtVZPNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsR+1EWpbqDMcdhzpkj634ZGSSnUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhhNmJmM2EyLTFmNTItNDNhYS05ZDA2LTdkMjgyNjNiODNlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQSwwDQYJKoZIhvcNAQELBQADggEBACVBsBCBJu9HS2LwWQJY+uo6sKZx
oYevnwYFm7EdOSdnNCz8tPKz2XC0QAKOSEwX2DjEggZ2FyMwgLd4ePA4sZtuH39e
uSLZcYUYcs0AiMhNkeccdfjyR3qC65hmGsSkqlqRozqcON84mc6GoEA7EFjw9mjc
GZZaSNv/TYkKAIp05IvQ9E0UPLqm3+jXLqvZcIMbQt5GBvPVCLOqr7++h7/GtgWS
OOq4dI+OIZ8OmLGf8VS20O9AAi10MBHUT+lk4zHLHeVucExCmNZD3yYznQlU9l6V
H7M//ffU5quX6PSADIB5HIGoFwgvQRC63bNveGcSJWwDO6kquQPEYh8pEJU=
-----END CERTIFICATE-----