Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9017f163-fceb-4c91-82f1-b8accd9276ec.roa
File:                     9017f163-fceb-4c91-82f1-b8accd9276ec.roa (raw, json)
Hash identifier:          jSwlQIFGl59/YQEZaOcnB6Cayp84CghZwajaMO7VuLk=
Subject key identifier:   08:C6:F0:91:C3:10:4F:44:D8:36:93:59:42:E4:5D:A2:85:05:51:48
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       207D7DA3DF29BCF3CDDDC4DF66B3E448E2A5D3CE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9017f163-fceb-4c91-82f1-b8accd9276ec.roa
Signing time:             Wed 24 Sep 2025 21:49:24 +0000
ROA not before:           Wed 24 Sep 2025 21:49:24 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:7d:7d:a3:df:29:bc:f3:cd:dd:c4:df:66:b3:e4:48:e2:a5:d3:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:49:24 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=7cc90b0302a35c9cdd00b2c9bf28132cd10a4e9d510825cca8c85a545307faff, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:93:3b:f3:59:ad:3d:bb:80:12:8a:bc:8d:
                    32:2a:73:3a:09:c5:7f:2a:4c:8a:01:24:85:2f:ba:
                    ca:4d:20:e7:09:5f:2f:d8:a8:5d:5b:cd:c8:a7:bd:
                    69:6f:eb:51:2e:96:88:3e:b4:f9:7f:fb:43:5f:55:
                    16:24:42:8f:10:4e:e7:c6:5a:da:cd:74:51:57:a9:
                    4f:61:60:7c:99:a5:ca:a3:e2:cd:c2:72:43:8d:d0:
                    80:63:04:7d:bd:e5:98:16:ce:28:13:39:2a:bc:c7:
                    fd:33:65:8e:80:e1:2e:e7:63:c4:68:54:f5:2b:30:
                    53:ff:a9:eb:32:6d:6f:eb:ab:c8:d6:21:5c:13:89:
                    47:f5:3c:ae:c7:4e:39:12:d5:90:95:04:3e:39:33:
                    4c:97:4e:5d:45:af:e7:3a:02:c4:22:48:3b:f9:7c:
                    4b:f4:f0:ab:94:02:11:d6:7c:fc:b4:c1:19:49:4c:
                    37:c2:db:5e:1e:b1:11:30:a6:bd:d1:64:e5:b0:4d:
                    27:d8:d7:72:46:36:9f:72:c7:d8:c0:c1:1d:d4:5d:
                    19:81:fc:4d:bb:4f:84:1c:ce:ed:b6:f6:c8:da:76:
                    6e:fe:b5:9e:76:2d:58:9c:ee:f1:1f:88:37:c1:a7:
                    4a:bb:ff:7f:29:b7:2c:57:67:7f:08:ea:a9:a1:ac:
                    7d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C6:F0:91:C3:10:4F:44:D8:36:93:59:42:E4:5D:A2:85:05:51:48
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9017f163-fceb-4c91-82f1-b8accd9276ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:26:ec:13:5b:58:dc:cd:bf:2b:fc:6e:a7:80:63:6e:f8:af:
         bf:ee:19:4f:06:b8:3e:d5:2a:91:89:88:08:9c:78:d6:3b:0a:
         ac:05:07:29:39:bd:f7:82:89:57:c4:30:a1:26:62:e8:cc:15:
         d7:3d:af:5a:c6:62:38:ea:f7:9d:ec:24:0a:36:91:e2:5a:11:
         99:4b:a8:72:3b:38:2e:b2:3d:9f:c1:ee:c8:7b:05:88:7c:61:
         95:4e:44:bf:80:ad:c7:63:9a:5e:d8:5d:09:e7:85:18:f9:1e:
         51:ca:e7:e4:f6:78:8c:a8:6c:34:45:7c:93:5e:e3:87:90:53:
         f3:43:62:2d:f3:73:f1:5f:61:1c:21:5e:0d:ab:58:be:8b:0b:
         38:b3:20:17:17:55:6b:64:63:2c:0c:ec:8c:a4:95:62:65:3d:
         db:b2:1b:87:f2:20:75:1b:22:4f:89:61:9b:a2:d6:fe:9f:14:
         cd:3d:cc:e9:e0:57:bc:7f:7e:26:16:f9:4e:ea:b5:94:86:8b:
         5e:fe:42:d5:e9:a3:53:80:15:c2:93:d4:d0:36:b8:7b:fa:ed:
         23:f1:61:ca:47:c0:46:29:0e:ac:3f:af:ba:70:2a:81:5b:c8:
         be:7b:23:57:c0:56:12:4d:af:4d:85:c5:d3:fc:12:be:96:d7:
         a5:79:e5:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIH19o98pvPPN3cTfZrPkSOKl084wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjE0OTI0WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Y2M5MGIwMzAyYTM1YzljZGQwMGIyYzliZjI4MTMyY2Qx
MGE0ZTlkNTEwODI1Y2NhOGM4NWE1NDUzMDdmYWZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4yJM781mtPbuAEoq8jTIqczoJxX8qTIoBJIUvuspNIOcJ
Xy/YqF1bzcinvWlv61Eulog+tPl/+0NfVRYkQo8QTufGWtrNdFFXqU9hYHyZpcqj
4s3CckON0IBjBH295ZgWzigTOSq8x/0zZY6A4S7nY8RoVPUrMFP/qesybW/rq8jW
IVwTiUf1PK7HTjkS1ZCVBD45M0yXTl1Fr+c6AsQiSDv5fEv08KuUAhHWfPy0wRlJ
TDfC214esREwpr3RZOWwTSfY13JGNp9yx9jAwR3UXRmB/E27T4Qczu229sjadm7+
tZ52LVic7vEfiDfBp0q7/38ptyxXZ38I6qmhrH1FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCMbwkcMQT0TYNpNZQuRdooUFUUgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwMTdmMTYzLWZjZWItNGM5MS04MmYxLWI4YWNjZDkyNzZlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQtkwDQYJKoZIhvcNAQELBQADggEBAJ8m7BNbWNzNvyv8bqeAY274r7/u
GU8GuD7VKpGJiAiceNY7CqwFByk5vfeCiVfEMKEmYujMFdc9r1rGYjjq953sJAo2
keJaEZlLqHI7OC6yPZ/B7sh7BYh8YZVORL+Arcdjml7YXQnnhRj5HlHK5+T2eIyo
bDRFfJNe44eQU/NDYi3zc/FfYRwhXg2rWL6LCzizIBcXVWtkYywM7IyklWJlPduy
G4fyIHUbIk+JYZui1v6fFM09zOngV7x/fiYW+U7qtZSGi17+QtXpo1OAFcKT1NA2
uHv67SPxYcpHwEYpDqw/r7pwKoFbyL57I1fAVhJNr02FxdP8Er6W16V55WU=
-----END CERTIFICATE-----