Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90b82976-4167-41bd-a016-c0998744c3e5.roa
File:                     90b82976-4167-41bd-a016-c0998744c3e5.roa (raw, json)
Hash identifier:          42sxjZPO6WOUETWdmmr8BIYiRW0wcFbmPJcyNRsznt4=
Subject key identifier:   3C:85:23:6A:75:38:E3:FE:B5:AD:72:9D:91:C9:03:23:9A:85:17:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A8EC78C21A6D6FF34C98DE56101D8A4E4006F4F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90b82976-4167-41bd-a016-c0998744c3e5.roa
Signing time:             Wed 24 Sep 2025 21:57:06 +0000
ROA not before:           Wed 24 Sep 2025 21:57:06 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:8e:c7:8c:21:a6:d6:ff:34:c9:8d:e5:61:01:d8:a4:e4:00:6f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:57:06 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=86c2493e2809301e09fcd03d1a74cf9d476a80c961299046bc517c4d60b442ea, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5f:df:58:d2:4d:8f:83:7e:eb:70:0c:d7:44:
                    bb:23:f7:48:82:c4:a2:32:22:ae:0b:5a:b8:83:c8:
                    10:fd:47:b6:bd:ae:23:a0:e8:5a:43:57:f7:ee:5f:
                    af:b7:d2:58:d9:84:c3:45:65:aa:94:8a:4b:9c:a1:
                    f0:bc:e5:08:53:9b:f1:a3:22:a9:70:90:3a:49:71:
                    be:2b:e5:a3:43:42:6c:b6:c3:88:e6:17:65:c6:91:
                    0a:4c:ce:a5:f2:5d:5b:99:d7:22:a2:a3:24:fb:10:
                    2f:e7:97:1b:4f:05:1c:e9:5d:55:39:be:fb:e2:92:
                    75:b1:cf:33:56:8a:21:61:48:8c:06:f2:f7:f8:60:
                    92:c0:b5:8d:5e:cc:be:5c:60:84:32:61:34:29:74:
                    10:14:35:6e:7d:84:a6:0f:22:31:c6:16:a5:80:2f:
                    78:ef:77:7d:8c:54:06:0e:a7:8c:7f:5d:7c:3e:7b:
                    96:f5:b6:75:36:9e:c1:42:cd:bd:48:81:2b:e4:27:
                    7a:c5:df:cd:0b:92:3e:87:ad:a2:c7:c6:5b:c5:dd:
                    87:e4:45:57:91:9a:94:da:13:67:c9:49:b9:3e:97:
                    53:59:fb:16:7e:d4:51:b6:44:c8:d0:cc:5c:a0:02:
                    fc:d5:b9:9e:73:08:3e:90:5e:b0:d8:fc:c4:83:ba:
                    f2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:85:23:6A:75:38:E3:FE:B5:AD:72:9D:91:C9:03:23:9A:85:17:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90b82976-4167-41bd-a016-c0998744c3e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d1:dd:f4:51:2d:04:73:c0:b6:0e:bf:10:30:c2:02:ca:2d:
         54:6d:3e:14:ce:3f:f2:49:04:4a:6e:58:6e:6c:15:91:34:98:
         36:4f:c5:70:a7:f4:ef:9e:ac:65:1f:16:48:39:79:23:25:1a:
         4e:fc:c7:d6:32:66:8b:8f:fb:f5:f4:59:de:58:c7:ab:7c:ba:
         17:57:ec:0b:9d:f4:5b:98:b1:a6:cb:d2:97:26:6a:42:04:b9:
         12:92:10:2d:9d:5c:9a:e6:69:45:45:98:54:43:48:d4:4a:a9:
         cb:0a:52:8c:fa:7b:45:b8:0c:a6:a0:52:4f:a6:c3:56:6c:0e:
         8e:38:18:6d:29:22:ab:be:78:a1:c7:af:c6:4d:54:cc:b2:3f:
         97:73:d2:9a:52:f6:a7:18:b2:1e:21:53:e2:f2:f5:53:8d:d9:
         00:4c:15:24:2e:c8:3d:fa:02:7b:a6:8e:68:37:de:cb:71:62:
         54:9f:48:9f:0c:50:22:ff:fd:12:8b:23:89:7f:6d:04:60:25:
         1d:f5:ea:29:22:a6:2a:56:78:27:4d:d5:9f:8b:29:51:a5:2e:
         42:91:78:c6:08:3e:95:b3:d5:35:99:b2:b5:47:4c:f0:38:01:
         25:41:9b:07:f6:56:10:9a:99:34:d3:56:2a:62:37:1a:3a:ee:
         2e:08:8a:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCo7HjCGm1v80yY3lYQHYpOQAb08wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjE1NzA2WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NmMyNDkzZTI4MDkzMDFlMDlmY2QwM2QxYTc0Y2Y5ZDQ3
NmE4MGM5NjEyOTkwNDZiYzUxN2M0ZDYwYjQ0MmVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVX99Y0k2Pg37rcAzXRLsj90iCxKIyIq4LWriDyBD9R7a9
riOg6FpDV/fuX6+30ljZhMNFZaqUikucofC85QhTm/GjIqlwkDpJcb4r5aNDQmy2
w4jmF2XGkQpMzqXyXVuZ1yKioyT7EC/nlxtPBRzpXVU5vvviknWxzzNWiiFhSIwG
8vf4YJLAtY1ezL5cYIQyYTQpdBAUNW59hKYPIjHGFqWAL3jvd32MVAYOp4x/XXw+
e5b1tnU2nsFCzb1IgSvkJ3rF380Lkj6HraLHxlvF3YfkRVeRmpTaE2fJSbk+l1NZ
+xZ+1FG2RMjQzFygAvzVuZ5zCD6QXrDY/MSDuvJtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPIUjanU44/61rXKdkckDI5qFF8owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwYjgyOTc2LTQxNjctNDFiZC1hMDE2LWMwOTk4NzQ0YzNlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQmIwDQYJKoZIhvcNAQELBQADggEBAB3R3fRRLQRzwLYOvxAwwgLKLVRt
PhTOP/JJBEpuWG5sFZE0mDZPxXCn9O+erGUfFkg5eSMlGk78x9YyZouP+/X0Wd5Y
x6t8uhdX7Aud9FuYsabL0pcmakIEuRKSEC2dXJrmaUVFmFRDSNRKqcsKUoz6e0W4
DKagUk+mw1ZsDo44GG0pIqu+eKHHr8ZNVMyyP5dz0ppS9qcYsh4hU+Ly9VON2QBM
FSQuyD36Anumjmg33stxYlSfSJ8MUCL//RKLI4l/bQRgJR316ikipipWeCdN1Z+L
KVGlLkKReMYIPpWz1TWZsrVHTPA4ASVBmwf2VhCamTTTVipiNxo67i4IirM=
-----END CERTIFICATE-----