Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9fbff3fa-fa14-4239-9050-a01f8f592e2b.roa
File:                     9fbff3fa-fa14-4239-9050-a01f8f592e2b.roa (raw, json)
Hash identifier:          xkwBWFTNwUDkk8omSITvaNXOx+UbGtYGIIaQdrB3oGY=
Subject key identifier:   4C:F5:A7:90:51:02:5C:7F:83:29:7A:DD:AE:5E:44:99:D0:EA:CC:CF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       022C83664D20DD3ECF4BA2D1B53DBA6D9061BC1C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9fbff3fa-fa14-4239-9050-a01f8f592e2b.roa
Signing time:             Wed 24 Sep 2025 21:37:15 +0000
ROA not before:           Wed 24 Sep 2025 21:37:15 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:2c:83:66:4d:20:dd:3e:cf:4b:a2:d1:b5:3d:ba:6d:90:61:bc:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:37:15 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=a65c834f9bbf442f6a3158bdf98f0d41ad1bbc1c934bd03893842a8c2c907358, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2d:a8:db:a6:39:bf:f8:b5:c7:cb:1f:98:c0:
                    70:64:05:85:c0:42:25:78:69:e1:c8:01:52:1e:9a:
                    db:8c:be:23:f7:ed:ae:37:8d:62:8b:f1:42:45:45:
                    1c:db:53:19:47:af:a3:4f:f4:1d:6b:da:35:ad:ad:
                    a2:87:24:cc:6a:48:ef:3f:03:e2:15:59:85:d5:bc:
                    af:f2:22:f3:f0:26:dd:25:2c:a0:9d:92:17:19:68:
                    b2:ec:06:0e:40:43:c3:95:ae:95:72:36:7d:3d:bd:
                    68:30:93:4d:bc:ad:29:6d:23:a5:5b:5f:7e:f8:18:
                    b2:b1:82:12:33:46:75:88:49:f5:f2:1e:5a:47:78:
                    e9:76:1a:5e:70:d5:9d:4d:6e:47:64:91:3d:b0:2e:
                    04:89:1f:36:56:b3:14:85:ef:1e:09:3f:d5:10:78:
                    e4:da:ec:4e:c4:2f:83:46:61:a4:cc:d7:d2:3c:9a:
                    7a:df:67:52:a3:0d:45:b7:4f:56:c7:85:08:21:c1:
                    c4:01:dd:e1:32:d4:0e:50:40:5c:48:3d:d8:3d:cf:
                    9f:34:52:fd:d3:50:aa:9f:b3:93:b0:13:30:0d:c5:
                    80:8b:9c:3d:06:a6:e3:1f:3f:f4:e7:87:3c:15:34:
                    69:e4:2a:d9:1c:ca:57:d9:58:ba:05:43:d0:72:f2:
                    53:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:F5:A7:90:51:02:5C:7F:83:29:7A:DD:AE:5E:44:99:D0:EA:CC:CF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9fbff3fa-fa14-4239-9050-a01f8f592e2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:fc:6d:c3:8b:bd:f8:42:1c:34:49:03:c6:8d:48:c1:67:49:
         6b:a5:cb:4a:10:58:43:73:47:1d:b2:c6:3d:5e:4b:92:cf:aa:
         e2:10:a3:9a:83:09:95:a4:8e:4d:2e:26:84:eb:33:82:f3:e1:
         23:a3:76:14:86:40:2e:b8:ea:d2:89:20:a7:6d:51:4c:30:e4:
         c7:1b:54:39:fe:a4:e4:d3:b5:87:43:0e:f4:54:ff:8c:38:cc:
         1e:d7:87:5d:f2:33:33:67:c4:82:26:ac:57:1b:b7:b5:29:3b:
         9a:f1:27:72:2e:dd:88:c9:3b:13:87:6a:5f:ea:89:e8:57:28:
         b5:48:78:32:ba:ce:b0:19:e7:94:4b:31:9e:98:8f:f5:b9:5d:
         81:23:01:b6:00:f0:ff:74:0b:4c:c6:a4:77:48:af:aa:95:fb:
         ca:d2:f0:b6:ad:c8:d1:3e:42:20:c3:1c:96:10:7c:32:fc:75:
         15:53:3c:11:21:70:03:dd:9b:66:21:39:8a:ce:41:15:38:bc:
         01:c7:24:5b:68:95:02:45:bc:9a:df:23:5f:f7:20:4d:5a:f2:
         d4:6a:a7:1e:4c:75:b1:2e:95:70:e3:b2:1c:2e:2e:e0:de:66:
         64:8d:52:c5:7c:6f:6e:ac:cc:67:37:ca:7d:ae:c7:68:e4:6e:
         1b:f8:e9:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAiyDZk0g3T7PS6LRtT26bZBhvBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjEzNzE1WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjVjODM0ZjliYmY0NDJmNmEzMTU4YmRmOThmMGQ0MWFk
MWJiYzFjOTM0YmQwMzg5Mzg0MmE4YzJjOTA3MzU4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcLajbpjm/+LXHyx+YwHBkBYXAQiV4aeHIAVIemtuMviP3
7a43jWKL8UJFRRzbUxlHr6NP9B1r2jWtraKHJMxqSO8/A+IVWYXVvK/yIvPwJt0l
LKCdkhcZaLLsBg5AQ8OVrpVyNn09vWgwk028rSltI6VbX374GLKxghIzRnWISfXy
HlpHeOl2Gl5w1Z1NbkdkkT2wLgSJHzZWsxSF7x4JP9UQeOTa7E7EL4NGYaTM19I8
mnrfZ1KjDUW3T1bHhQghwcQB3eEy1A5QQFxIPdg9z580Uv3TUKqfs5OwEzANxYCL
nD0GpuMfP/TnhzwVNGnkKtkcylfZWLoFQ9By8lN5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTPWnkFECXH+DKXrdrl5EmdDqzM8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlmYmZmM2ZhLWZhMTQtNDIzOS05MDUwLWEwMWY4ZjU5MmUyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQTEwDQYJKoZIhvcNAQELBQADggEBAF78bcOLvfhCHDRJA8aNSMFnSWul
y0oQWENzRx2yxj1eS5LPquIQo5qDCZWkjk0uJoTrM4Lz4SOjdhSGQC646tKJIKdt
UUww5McbVDn+pOTTtYdDDvRU/4w4zB7Xh13yMzNnxIImrFcbt7UpO5rxJ3Iu3YjJ
OxOHal/qiehXKLVIeDK6zrAZ55RLMZ6Yj/W5XYEjAbYA8P90C0zGpHdIr6qV+8rS
8LatyNE+QiDDHJYQfDL8dRVTPBEhcAPdm2YhOYrOQRU4vAHHJFtolQJFvJrfI1/3
IE1a8tRqpx5MdbEulXDjshwuLuDeZmSNUsV8b26szGc3yn2ux2jkbhv46WU=
-----END CERTIFICATE-----