Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a4e8962-ad38-45b0-b5b2-8ea5db0784b9.roa
File:                     9a4e8962-ad38-45b0-b5b2-8ea5db0784b9.roa (raw, json)
Hash identifier:          rhuinLSMfiBckJtIll2fc1+W4KtGbqj56X+MxWSYw1k=
Subject key identifier:   29:58:8B:7F:8C:51:7A:3D:9D:E2:44:95:C4:DD:1F:69:6A:D1:22:C0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       07FB52701FDC7B9219CAA2B89A8321A9F27ED053
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a4e8962-ad38-45b0-b5b2-8ea5db0784b9.roa
Signing time:             Wed 24 Sep 2025 21:12:41 +0000
ROA not before:           Wed 24 Sep 2025 21:12:41 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:fb:52:70:1f:dc:7b:92:19:ca:a2:b8:9a:83:21:a9:f2:7e:d0:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:12:41 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=b7db66a51a61b2e5fa010f2370075b604eafadd95c0b6899f05214ec07b8ba82, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7c:d5:46:d4:3c:ac:2b:b3:7e:7b:e3:fa:ed:
                    e3:29:05:c7:1a:08:9c:62:a3:9d:1d:ea:7c:1a:cd:
                    4b:fd:5f:9e:b9:7f:b9:ba:ed:5b:e8:89:f1:df:fb:
                    41:3f:22:bb:ae:5c:0e:fa:19:e4:33:15:b7:32:c9:
                    05:ac:94:d1:68:94:03:ad:a4:f3:3c:f3:71:8c:12:
                    f4:48:0a:c7:ce:c7:06:24:d7:66:86:70:d5:00:7f:
                    be:fb:45:b8:4e:8c:e9:e4:d9:db:a6:a5:84:31:6f:
                    9d:37:64:c7:1b:0e:72:23:9c:0e:d0:c3:a4:01:4d:
                    c0:e1:af:1b:ef:ee:b8:e2:de:68:ea:99:98:4d:2a:
                    ef:15:ea:23:ef:77:10:b7:55:f2:66:2c:9a:05:42:
                    12:bb:81:d3:5d:06:ce:db:dd:64:7e:e4:12:fe:57:
                    5a:da:94:cf:17:85:8d:79:01:e2:69:a9:5b:c4:ee:
                    38:35:c2:41:3a:91:69:a0:e7:80:16:f1:24:26:6f:
                    98:26:64:10:bf:a4:8b:72:b7:15:ee:9c:34:23:ff:
                    02:82:5f:a2:e1:f6:22:c2:3a:51:a5:9b:eb:58:70:
                    8b:e7:bd:e9:e5:40:c1:09:9b:ca:a9:41:0d:76:18:
                    07:02:43:c2:26:02:ac:5e:b0:ef:9c:da:8d:2f:cd:
                    45:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:58:8B:7F:8C:51:7A:3D:9D:E2:44:95:C4:DD:1F:69:6A:D1:22:C0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9a4e8962-ad38-45b0-b5b2-8ea5db0784b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:3b:b1:75:04:a8:1c:8b:1b:7e:a3:de:71:2d:17:97:09:8b:
         96:85:f2:28:92:1f:c5:de:0b:78:99:34:36:de:78:c1:fd:28:
         72:cb:1b:47:d6:70:88:64:99:6d:2d:1b:c6:3d:97:2c:90:dd:
         87:b0:53:69:74:37:b1:60:2c:ef:6b:31:a0:fd:b8:19:ef:a9:
         61:4c:74:c1:15:f4:1f:84:d1:9a:64:d5:cd:4f:cd:a0:ed:4e:
         ce:d1:ba:4c:ca:12:26:4e:d0:53:be:a0:bb:d5:bf:32:8b:70:
         33:bc:ac:8e:bb:55:97:30:ab:73:38:b6:29:e1:9c:17:9a:2e:
         3e:ec:82:d1:b7:f4:88:07:59:d9:0c:fc:44:0b:00:11:33:63:
         d9:37:8e:20:b8:9c:b3:75:e6:dd:72:55:27:7c:c3:a4:5f:a1:
         6d:69:41:21:1b:8b:80:c7:22:5e:4b:b2:34:b2:a1:f0:66:37:
         5e:06:02:15:2c:88:75:87:15:c5:a2:ce:d2:ca:c3:c5:0e:29:
         cb:8b:b8:bc:fc:9a:09:53:84:9d:08:0d:55:a3:99:73:bb:ef:
         ce:8a:5b:39:19:ab:33:aa:55:f6:5c:6a:e6:2e:a3:28:5c:81:
         7e:22:11:46:43:8e:1f:2e:6e:d3:aa:85:4a:9f:be:e6:3c:ef:
         e5:21:ca:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB/tScB/ce5IZyqK4moMhqfJ+0FMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjExMjQxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiN2RiNjZhNTFhNjFiMmU1ZmEwMTBmMjM3MDA3NWI2MDRl
YWZhZGQ5NWMwYjY4OTlmMDUyMTRlYzA3YjhiYTgyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDefNVG1DysK7N+e+P67eMpBccaCJxio50d6nwazUv9X565
f7m67VvoifHf+0E/IruuXA76GeQzFbcyyQWslNFolAOtpPM883GMEvRICsfOxwYk
12aGcNUAf777RbhOjOnk2dumpYQxb503ZMcbDnIjnA7Qw6QBTcDhrxvv7rji3mjq
mZhNKu8V6iPvdxC3VfJmLJoFQhK7gdNdBs7b3WR+5BL+V1ralM8XhY15AeJpqVvE
7jg1wkE6kWmg54AW8SQmb5gmZBC/pItytxXunDQj/wKCX6Lh9iLCOlGlm+tYcIvn
venlQMEJm8qpQQ12GAcCQ8ImAqxesO+c2o0vzUWlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKViLf4xRej2d4kSVxN0faWrRIsAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlhNGU4OTYyLWFkMzgtNDViMC1iNWIyLThlYTVkYjA3ODRiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQMkwDQYJKoZIhvcNAQELBQADggEBAFw7sXUEqByLG36j3nEtF5cJi5aF
8iiSH8XeC3iZNDbeeMH9KHLLG0fWcIhkmW0tG8Y9lyyQ3YewU2l0N7FgLO9rMaD9
uBnvqWFMdMEV9B+E0Zpk1c1PzaDtTs7RukzKEiZO0FO+oLvVvzKLcDO8rI67VZcw
q3M4tinhnBeaLj7sgtG39IgHWdkM/EQLABEzY9k3jiC4nLN15t1yVSd8w6RfoW1p
QSEbi4DHIl5LsjSyofBmN14GAhUsiHWHFcWiztLKw8UOKcuLuLz8mglThJ0IDVWj
mXO7786KWzkZqzOqVfZcauYuoyhcgX4iEUZDjh8ubtOqhUqfvuY87+Uhyp4=
-----END CERTIFICATE-----