Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8dd19295-1ddd-41b9-ac94-3643bbd79b70.roa
File:                     8dd19295-1ddd-41b9-ac94-3643bbd79b70.roa (raw, json)
Hash identifier:          iy50W/sp1bZJgOH3ljEaufPU2co2M+JA1Xveq0/iSi8=
Subject key identifier:   DB:86:E2:C1:2C:57:BA:E2:7D:0E:5B:6C:0D:38:E0:37:D4:25:BC:AF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C58DF8874E736C845D2151442514D533F61731B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8dd19295-1ddd-41b9-ac94-3643bbd79b70.roa
Signing time:             Wed 15 Oct 2025 23:33:48 +0000
ROA not before:           Wed 15 Oct 2025 23:33:48 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        144.220.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:58:df:88:74:e7:36:c8:45:d2:15:14:42:51:4d:53:3f:61:73:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 23:33:48 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=f07984247e7f27ec82c5800c9b343d9b8b7b4999217bca2d9590c006ad3025a5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e2:22:40:31:ef:12:79:1c:1a:b4:c3:43:b6:
                    40:8c:e0:c9:18:af:09:72:c2:78:e1:5f:28:da:ad:
                    cd:96:74:36:15:7e:91:91:8e:5b:e0:6e:cc:63:80:
                    7e:29:2e:a1:a2:9b:a7:34:37:7e:5a:9c:49:d6:90:
                    e7:8d:29:aa:fb:35:36:23:de:00:90:b1:dc:ab:15:
                    08:0e:f6:7c:62:2c:8c:e2:14:a1:d0:56:43:1a:a6:
                    26:9c:be:a4:f3:80:10:21:da:51:53:2a:27:fe:c7:
                    79:ae:14:16:3b:58:e4:ed:9a:bb:a3:13:6c:2d:0b:
                    c1:af:a1:ee:11:e5:80:57:7f:8e:3a:10:9e:0e:b1:
                    65:27:07:29:c7:ef:6c:9b:b2:5f:1c:4b:a8:0f:9a:
                    19:27:9a:50:38:54:1d:ec:8f:24:30:9f:49:53:62:
                    82:d7:bc:a2:d0:43:1c:f8:d8:7e:72:36:cd:49:b6:
                    f8:8d:27:c2:6e:d4:0e:67:0f:0a:b3:11:0b:2b:12:
                    d2:03:dd:b5:81:fc:f9:60:28:25:f7:df:c9:6d:4a:
                    d9:7c:2b:11:34:1f:ab:59:86:66:68:2f:a0:46:dd:
                    58:22:91:af:70:1d:be:3a:81:bf:24:0d:1b:17:f1:
                    e4:15:bb:3d:34:0f:0a:5b:4b:fc:e7:23:5a:ed:b6:
                    8a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:86:E2:C1:2C:57:BA:E2:7D:0E:5B:6C:0D:38:E0:37:D4:25:BC:AF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8dd19295-1ddd-41b9-ac94-3643bbd79b70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.220.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:22:53:99:72:c8:a1:c6:06:11:ea:6f:6e:fa:df:22:93:cb:
         1e:1e:4a:04:f1:d5:77:bd:e7:65:6c:cf:ef:8c:5a:82:68:17:
         4a:c4:e4:28:71:81:cf:f7:5a:4a:80:e1:7a:f0:41:9c:b3:ca:
         5d:1b:ae:80:a4:35:e3:2a:64:4e:e1:c9:9f:42:5e:34:9d:2a:
         46:3e:47:e7:72:18:f5:da:b5:24:2b:1d:fe:86:1c:3f:e1:90:
         dc:9f:1e:f8:40:fd:55:9e:d6:41:a2:54:c2:c1:ee:bb:7f:56:
         b5:48:49:b5:61:43:94:01:cd:ff:f0:a1:6c:80:9a:33:45:92:
         2e:b4:7f:b8:19:00:e7:47:14:f3:a6:dd:1a:96:a3:5d:26:d5:
         89:46:1c:6c:28:2d:ef:4e:59:df:0f:c1:14:51:47:62:6e:78:
         d3:7f:a8:4c:aa:c7:63:46:a6:e6:53:ba:e8:c8:73:04:ca:44:
         a4:e5:78:ea:87:6d:4f:0f:9f:71:6b:04:20:67:8f:e0:26:60:
         72:d7:d8:ae:2e:61:98:6f:06:72:16:b4:c9:71:7a:2f:54:fd:
         49:02:09:d7:9e:da:bb:ec:ba:63:a6:81:76:d9:fb:d6:63:7b:
         10:3e:90:ae:9f:a1:99:a4:03:a8:ea:b5:32:35:9d:54:65:05:
         fa:bf:89:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfFjfiHTnNshF0hUUQlFNUz9hcxswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MjMzMzQ4WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDc5ODQyNDdlN2YyN2VjODJjNTgwMGM5YjM0M2Q5Yjhi
N2I0OTk5MjE3YmNhMmQ5NTkwYzAwNmFkMzAyNWE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR4iJAMe8SeRwatMNDtkCM4MkYrwlywnjhXyjarc2WdDYV
fpGRjlvgbsxjgH4pLqGim6c0N35anEnWkOeNKar7NTYj3gCQsdyrFQgO9nxiLIzi
FKHQVkMapiacvqTzgBAh2lFTKif+x3muFBY7WOTtmrujE2wtC8Gvoe4R5YBXf446
EJ4OsWUnBynH72ybsl8cS6gPmhknmlA4VB3sjyQwn0lTYoLXvKLQQxz42H5yNs1J
tviNJ8Ju1A5nDwqzEQsrEtID3bWB/PlgKCX338ltStl8KxE0H6tZhmZoL6BG3Vgi
ka9wHb46gb8kDRsX8eQVuz00DwpbS/znI1rttoprAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU24biwSxXuuJ9DltsDTjgN9QlvK8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkZDE5Mjk1LTFkZGQtNDFiOS1hYzk0LTM2NDNiYmQ3OWI3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACQ3GQwDQYJKoZIhvcNAQELBQADggEBACYiU5lyyKHGBhHqb2763yKTyx4e
SgTx1Xe952Vsz++MWoJoF0rE5Chxgc/3WkqA4XrwQZyzyl0broCkNeMqZE7hyZ9C
XjSdKkY+R+dyGPXatSQrHf6GHD/hkNyfHvhA/VWe1kGiVMLB7rt/VrVISbVhQ5QB
zf/woWyAmjNFki60f7gZAOdHFPOm3RqWo10m1YlGHGwoLe9OWd8PwRRRR2JueNN/
qEyqx2NGpuZTuujIcwTKRKTleOqHbU8Pn3FrBCBnj+AmYHLX2K4uYZhvBnIWtMlx
ei9U/UkCCdee2rvsumOmgXbZ+9ZjexA+kK6foZmkA6jqtTI1nVRlBfq/iXQ=
-----END CERTIFICATE-----