Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9108926f-14af-4456-8586-5408f83eb7f3.roa
File:                     9108926f-14af-4456-8586-5408f83eb7f3.roa (raw, json)
Hash identifier:          kOEbGDWqkj1t8SKXkIlnRv08S7Q5QE0NMEwhyPxpveI=
Subject key identifier:   CF:3B:16:22:CB:1B:B2:EB:1D:D2:EE:4E:96:58:F6:25:A2:E5:57:47
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       573A3F873218186002A57F1913F3C9D8AFB98217
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9108926f-14af-4456-8586-5408f83eb7f3.roa
Signing time:             Mon 22 Sep 2025 17:40:29 +0000
ROA not before:           Mon 22 Sep 2025 17:40:29 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:3a:3f:87:32:18:18:60:02:a5:7f:19:13:f3:c9:d8:af:b9:82:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:40:29 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=5a139f9b7430e76fa0cec76446415612205d72b37a022af1a62980328cfb57c4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ed:10:96:ae:1a:b1:6e:45:01:23:75:e3:2a:
                    f4:ed:dc:e4:26:1d:7a:82:5e:1e:22:44:a6:ac:7e:
                    5f:d6:89:6d:1e:a0:19:55:bb:a3:84:cf:e2:86:a6:
                    f2:c9:db:a6:59:f1:6b:85:36:4e:8e:8c:5c:08:2e:
                    26:15:d3:5c:bc:59:4d:c0:4e:53:d7:6f:10:7f:0f:
                    07:64:15:43:20:c1:5b:3c:8f:f2:89:e0:91:a6:68:
                    55:78:a4:d4:9c:73:7d:c9:f3:f3:61:dc:f6:3c:af:
                    b4:4c:4b:1f:8f:b0:ba:93:21:70:b3:10:3c:da:b0:
                    28:31:34:66:06:34:f0:3d:af:9c:3b:e8:dd:23:27:
                    ac:28:ac:c4:0b:5c:4f:33:5b:d5:37:95:dc:42:1b:
                    f9:d0:91:da:f3:0a:bd:12:96:7e:0c:a1:57:f6:55:
                    0c:6d:cc:c4:e1:a6:00:8f:77:fa:fe:7d:a6:df:68:
                    76:2d:3f:91:59:cc:3a:90:7e:ec:d4:17:7e:8b:22:
                    9a:05:04:08:a4:c8:dd:99:06:6c:82:4c:14:0a:68:
                    a4:a8:fc:82:23:46:cb:b0:07:b8:68:c5:b1:15:99:
                    a7:c0:ba:4a:4e:a3:05:36:3c:ab:ed:8d:7e:fd:85:
                    6d:9c:dd:d5:a9:b5:7e:d6:66:58:0e:67:43:f6:dd:
                    69:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3B:16:22:CB:1B:B2:EB:1D:D2:EE:4E:96:58:F6:25:A2:E5:57:47
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9108926f-14af-4456-8586-5408f83eb7f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:9a:6f:2c:14:b9:53:a1:9c:7c:9b:cd:68:f7:c8:59:02:25:
         ff:e8:a3:75:2c:0d:ad:e0:09:e5:63:d4:ff:1f:dd:9a:58:44:
         ea:3e:08:e7:c3:a3:c3:3e:09:1e:d9:a8:73:12:fc:00:62:af:
         27:7d:0a:bf:3c:f3:d2:fe:da:ff:64:d8:35:4a:b0:fa:d9:5b:
         25:8e:fb:fe:57:94:15:1f:36:a6:63:d6:04:7f:3b:c7:95:d5:
         21:65:7e:09:e6:81:ee:52:af:07:0e:30:c2:5e:0c:cf:31:e4:
         09:2f:95:8f:ff:e4:47:16:8d:38:0e:1f:20:5b:16:61:7d:ca:
         f4:ec:6b:25:d8:15:7a:33:98:29:31:b8:6c:23:df:a3:86:34:
         99:6c:85:16:c7:6e:0a:8c:34:e9:59:48:64:27:ad:a4:04:20:
         1a:f3:ca:46:d3:5c:37:ee:9f:37:72:2a:1d:12:70:13:aa:40:
         56:7d:92:7b:2f:db:ed:3c:d8:93:be:87:5f:bc:0e:2b:8d:09:
         10:8b:36:33:87:44:7e:ad:d4:e3:4a:af:fb:58:37:b7:8d:af:
         f3:52:48:c3:30:b5:23:00:a8:aa:19:f4:67:b0:ae:72:79:d4:
         10:d7:98:d1:e5:d5:97:e4:b8:50:f2:5e:99:45:ac:ee:58:ac:
         98:00:81:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVzo/hzIYGGACpX8ZE/PJ2K+5ghcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTc0MDI5WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTEzOWY5Yjc0MzBlNzZmYTBjZWM3NjQ0NjQxNTYxMjIw
NWQ3MmIzN2EwMjJhZjFhNjI5ODAzMjhjZmI1N2M0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt7RCWrhqxbkUBI3XjKvTt3OQmHXqCXh4iRKasfl/WiW0e
oBlVu6OEz+KGpvLJ26ZZ8WuFNk6OjFwILiYV01y8WU3ATlPXbxB/DwdkFUMgwVs8
j/KJ4JGmaFV4pNScc33J8/Nh3PY8r7RMSx+PsLqTIXCzEDzasCgxNGYGNPA9r5w7
6N0jJ6worMQLXE8zW9U3ldxCG/nQkdrzCr0Sln4MoVf2VQxtzMThpgCPd/r+fabf
aHYtP5FZzDqQfuzUF36LIpoFBAikyN2ZBmyCTBQKaKSo/IIjRsuwB7hoxbEVmafA
ukpOowU2PKvtjX79hW2c3dWptX7WZlgOZ0P23Wk5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzzsWIssbsusd0u5Ollj2JaLlV0cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkxMDg5MjZmLTE0YWYtNDQ1Ni04NTg2LTU0MDhmODNlYjdmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESmoowDQYJKoZIhvcNAQELBQADggEBAA+abywUuVOhnHybzWj3yFkCJf/o
o3UsDa3gCeVj1P8f3ZpYROo+COfDo8M+CR7ZqHMS/ABiryd9Cr8889L+2v9k2DVK
sPrZWyWO+/5XlBUfNqZj1gR/O8eV1SFlfgnmge5SrwcOMMJeDM8x5AkvlY//5EcW
jTgOHyBbFmF9yvTsayXYFXozmCkxuGwj36OGNJlshRbHbgqMNOlZSGQnraQEIBrz
ykbTXDfunzdyKh0ScBOqQFZ9knsv2+082JO+h1+8DiuNCRCLNjOHRH6t1ONKr/tY
N7eNr/NSSMMwtSMAqKoZ9GewrnJ51BDXmNHl1ZfkuFDyXplFrO5YrJgAgUE=
-----END CERTIFICATE-----