Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/97d9251a-e504-4bb5-8de0-1200ec4b12ac.roa
File:                     97d9251a-e504-4bb5-8de0-1200ec4b12ac.roa (raw, json)
Hash identifier:          +fA4sfKU3CNUtG8kZz8w8dniNxtCEX3uDQSaFfwaNZA=
Subject key identifier:   FF:23:8B:49:70:55:95:BB:D0:42:7D:C1:DC:95:C9:23:7A:BF:97:8C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       634716A22636FC3F5EBEDF240692DB1F3A370431
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/97d9251a-e504-4bb5-8de0-1200ec4b12ac.roa
Signing time:             Mon 22 Sep 2025 22:11:00 +0000
ROA not before:           Mon 22 Sep 2025 22:11:00 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.230.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:47:16:a2:26:36:fc:3f:5e:be:df:24:06:92:db:1f:3a:37:04:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:11:00 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=2f15ad60d7e6a73b860d11104a42ab389d7e260f7285e8bac1c058899d598807, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d3:ac:d2:ef:98:75:ce:10:d7:c0:49:50:86:
                    4f:1c:75:31:6f:cc:80:69:ce:cd:2b:00:e8:20:bd:
                    47:39:f9:62:7f:43:16:86:ca:3f:04:99:ec:70:3a:
                    ef:38:aa:c3:97:f5:4b:bc:91:50:79:b0:4f:52:29:
                    ce:4b:4b:ee:66:4d:f4:4b:2f:78:e1:2a:d5:1f:b9:
                    32:37:fc:78:aa:4c:1f:a8:85:10:df:c2:e0:1a:f5:
                    1f:61:fe:eb:91:9a:c6:4a:1e:0e:2b:ba:2d:25:fd:
                    48:67:cb:56:91:db:1d:7c:12:e0:9a:25:d6:a6:a3:
                    3a:e4:13:bb:ce:b7:d3:e6:dc:77:6b:cc:31:4c:cf:
                    ac:a9:c3:81:8d:c7:74:61:1f:61:bc:ae:40:28:27:
                    93:5e:46:f2:ac:f2:6f:7b:0b:24:dc:e0:2a:c4:90:
                    28:bd:6e:ff:80:c2:99:3a:d6:24:4e:7b:55:a2:c3:
                    7f:e0:c4:6e:9a:c1:a2:ac:43:77:3a:b5:7a:31:83:
                    7b:59:c5:81:9e:21:e7:f6:8b:80:4f:6a:ec:9b:85:
                    d9:a1:a9:d6:4a:2c:ef:c9:2e:41:d8:8a:d8:5a:74:
                    54:be:e2:02:89:8b:d7:bb:e7:ba:8f:a3:57:00:ab:
                    3b:4a:04:ca:b2:b1:e4:9f:bc:2d:92:4a:10:c8:99:
                    03:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:23:8B:49:70:55:95:BB:D0:42:7D:C1:DC:95:C9:23:7A:BF:97:8C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/97d9251a-e504-4bb5-8de0-1200ec4b12ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:96:38:f6:3f:a3:2c:92:b0:ad:1c:6c:de:e5:e2:54:94:5d:
         c8:af:3a:a6:c3:78:7b:29:ec:b4:9e:fe:1a:70:21:1e:fb:af:
         99:df:ff:e3:93:3b:65:63:70:dc:be:ca:a7:54:b5:85:85:68:
         9a:a5:ef:ea:5e:3d:e0:21:89:21:d3:f5:3d:5a:89:25:f0:8a:
         b1:2a:64:4d:db:00:17:8d:55:b8:f6:cc:9c:80:b4:da:e3:6b:
         3b:1e:79:c7:14:ad:17:73:40:cf:96:33:44:ad:23:2b:2b:fd:
         91:57:a6:18:17:6b:82:b9:66:27:4d:80:5e:1b:f6:23:52:77:
         5e:7d:0a:60:1f:f5:fd:ef:13:bb:29:e4:3c:ca:84:32:5a:12:
         f3:23:01:2f:4c:62:4c:db:05:08:a5:6b:69:74:94:62:08:55:
         49:6d:bc:28:75:0a:9a:5a:1d:1c:de:50:c6:0b:81:e5:16:84:
         0f:57:65:d3:d9:7a:c4:a7:68:3d:ed:83:80:1c:48:e5:ed:20:
         fd:53:28:fb:e8:4f:ab:61:b1:ca:13:6b:bf:7d:ed:e9:9d:10:
         dd:90:44:5c:14:d8:e9:fb:db:b5:d9:f6:9a:e2:15:af:9b:b1:
         d8:a6:5f:3e:7c:cb:10:f4:46:09:8f:5f:ba:9b:a2:6b:1a:fd:
         5a:91:dc:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY0cWoiY2/D9evt8kBpLbHzo3BDEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjIxMTAwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjE1YWQ2MGQ3ZTZhNzNiODYwZDExMTA0YTQyYWIzODlk
N2UyNjBmNzI4NWU4YmFjMWMwNTg4OTlkNTk4ODA3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd06zS75h1zhDXwElQhk8cdTFvzIBpzs0rAOggvUc5+WJ/
QxaGyj8EmexwOu84qsOX9Uu8kVB5sE9SKc5LS+5mTfRLL3jhKtUfuTI3/HiqTB+o
hRDfwuAa9R9h/uuRmsZKHg4rui0l/Uhny1aR2x18EuCaJdamozrkE7vOt9Pm3Hdr
zDFMz6ypw4GNx3RhH2G8rkAoJ5NeRvKs8m97CyTc4CrEkCi9bv+Awpk61iROe1Wi
w3/gxG6awaKsQ3c6tXoxg3tZxYGeIef2i4BPauybhdmhqdZKLO/JLkHYithadFS+
4gKJi9e757qPo1cAqztKBMqyseSfvC2SShDImQPzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/yOLSXBVlbvQQn3B3JXJI3q/l4wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk3ZDkyNTFhLWU1MDQtNGJiNS04ZGUwLTEyMDBlYzRiMTJhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAES7+YwDQYJKoZIhvcNAQELBQADggEBACOWOPY/oyySsK0cbN7l4lSUXciv
OqbDeHsp7LSe/hpwIR77r5nf/+OTO2VjcNy+yqdUtYWFaJql7+pePeAhiSHT9T1a
iSXwirEqZE3bABeNVbj2zJyAtNrjazseeccUrRdzQM+WM0StIysr/ZFXphgXa4K5
ZidNgF4b9iNSd159CmAf9f3vE7sp5DzKhDJaEvMjAS9MYkzbBQila2l0lGIIVUlt
vCh1CppaHRzeUMYLgeUWhA9XZdPZesSnaD3tg4AcSOXtIP1TKPvoT6thscoTa799
7emdEN2QRFwU2On727XZ9priFa+bsdimXz58yxD0RgmPX7qbomsa/VqR3FM=
-----END CERTIFICATE-----