Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a46004ae-d036-4943-8f95-e3f15315031b.roa
File:                     a46004ae-d036-4943-8f95-e3f15315031b.roa (raw, json)
Hash identifier:          FJJ31LQDOvZnWUEUhl8jye69i6KzFGLwuBSSwud0RRQ=
Subject key identifier:   2D:1F:E3:0D:87:2E:CA:AA:86:B3:91:31:7B:E8:48:A1:75:73:75:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7BE4C537D7B5CBABDB215DE57BDFFBE425A97623
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a46004ae-d036-4943-8f95-e3f15315031b.roa
Signing time:             Wed 24 Sep 2025 22:22:25 +0000
ROA not before:           Wed 24 Sep 2025 22:22:25 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:e4:c5:37:d7:b5:cb:ab:db:21:5d:e5:7b:df:fb:e4:25:a9:76:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 22:22:25 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=f403162fa3c5a201c138e9e68cf1da904c9e38a640de0517c2adf7b218384612, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:82:f1:74:6d:00:3a:d1:06:84:f3:1a:af:f2:
                    d4:62:09:01:24:79:98:cf:5d:f6:ac:e6:0f:06:81:
                    58:1b:03:8b:4c:0d:1f:20:3c:da:d1:80:2d:f6:0d:
                    78:ec:60:86:62:fd:64:44:b0:2a:93:5e:15:0b:66:
                    1b:eb:95:c1:f9:df:ac:94:a0:74:ff:32:28:92:94:
                    6f:ee:bf:5d:fb:bd:84:6e:33:c7:7d:2c:a7:42:43:
                    28:2b:51:97:f8:cd:27:e4:95:82:c9:87:2f:d4:2e:
                    19:f1:a5:a6:16:af:0e:75:8e:80:43:db:4c:23:0d:
                    77:20:77:7b:67:28:c6:c6:9f:75:01:be:9e:69:32:
                    34:a4:0d:92:74:3b:08:3f:b0:35:9f:08:51:a6:4e:
                    17:da:57:18:f6:ba:7a:e9:5c:19:ac:e4:19:84:4c:
                    b5:a0:0e:4f:cb:25:d0:ec:0e:76:90:f2:ed:96:78:
                    4c:28:4f:e5:9e:ab:d2:6b:2c:16:19:47:06:47:93:
                    bd:51:8f:cb:6b:31:e7:74:25:78:8f:05:66:d2:05:
                    36:9a:25:dc:7a:7e:88:6b:00:7d:37:c5:1c:d9:0f:
                    31:68:de:5e:e2:ae:fc:7b:e5:ac:7a:88:70:66:f8:
                    5a:1a:a3:45:59:c5:2b:69:da:fd:3c:4d:19:51:f1:
                    5f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:1F:E3:0D:87:2E:CA:AA:86:B3:91:31:7B:E8:48:A1:75:73:75:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a46004ae-d036-4943-8f95-e3f15315031b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:4d:3b:c3:e0:ca:41:b8:99:ba:7f:61:aa:ef:5f:30:dc:21:
         2f:48:b5:f0:37:59:70:b1:26:a6:aa:bc:3a:b7:bc:d7:d6:2b:
         ae:29:7a:19:c7:65:47:7a:18:5c:32:e5:9e:4a:0b:67:8c:99:
         a9:e2:05:77:f3:d3:a3:5c:7e:fa:08:76:0d:d2:ec:79:32:7c:
         b8:1e:e7:17:1d:e9:11:46:a0:c0:51:8d:83:94:c1:d8:4d:53:
         f8:37:81:29:76:a8:17:9a:89:c9:49:3c:61:2e:49:0b:8a:17:
         80:0a:bb:54:7f:e2:53:dc:04:ff:fc:7f:fd:4e:bc:f9:af:44:
         b1:d7:52:93:ca:33:af:c3:c9:2b:28:36:94:e7:f3:91:7e:d3:
         f9:f8:3f:74:36:36:5b:9f:8f:78:86:9d:77:80:3f:a5:76:fc:
         bc:9a:31:fb:5d:5a:41:41:90:15:06:fc:5e:b0:03:75:b6:ca:
         50:93:db:08:cc:7d:53:08:33:f9:ff:20:d0:f0:f5:21:a2:6e:
         60:f6:39:87:0a:8b:93:d4:ca:19:1f:fa:89:0f:ab:19:c6:72:
         5a:4c:8f:42:b5:07:1f:85:a7:b8:f4:8e:fb:4d:4d:8b:1d:a8:
         22:42:37:31:14:40:33:5c:35:a0:fa:e6:68:cb:bd:67:0d:c9:
         72:8a:b7:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe+TFN9e1y6vbIV3le9/75CWpdiMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjIyMjI1WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDAzMTYyZmEzYzVhMjAxYzEzOGU5ZTY4Y2YxZGE5MDRj
OWUzOGE2NDBkZTA1MTdjMmFkZjdiMjE4Mzg0NjEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqgvF0bQA60QaE8xqv8tRiCQEkeZjPXfas5g8GgVgbA4tM
DR8gPNrRgC32DXjsYIZi/WREsCqTXhULZhvrlcH536yUoHT/MiiSlG/uv137vYRu
M8d9LKdCQygrUZf4zSfklYLJhy/ULhnxpaYWrw51joBD20wjDXcgd3tnKMbGn3UB
vp5pMjSkDZJ0Owg/sDWfCFGmThfaVxj2unrpXBms5BmETLWgDk/LJdDsDnaQ8u2W
eEwoT+Weq9JrLBYZRwZHk71Rj8trMed0JXiPBWbSBTaaJdx6fohrAH03xRzZDzFo
3l7irvx75ax6iHBm+Foao0VZxStp2v08TRlR8V8XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULR/jDYcuyqqGs5Exe+hIoXVzdRowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E0NjAwNGFlLWQwMzYtNDk0My04Zjk1LWUzZjE1MzE1MDMxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESQbYwDQYJKoZIhvcNAQELBQADggEBAAJNO8PgykG4mbp/YarvXzDcIS9I
tfA3WXCxJqaqvDq3vNfWK64pehnHZUd6GFwy5Z5KC2eMmaniBXfz06NcfvoIdg3S
7HkyfLge5xcd6RFGoMBRjYOUwdhNU/g3gSl2qBeaiclJPGEuSQuKF4AKu1R/4lPc
BP/8f/1OvPmvRLHXUpPKM6/DySsoNpTn85F+0/n4P3Q2Nlufj3iGnXeAP6V2/Lya
MftdWkFBkBUG/F6wA3W2ylCT2wjMfVMIM/n/INDw9SGibmD2OYcKi5PUyhkf+okP
qxnGclpMj0K1Bx+Fp7j0jvtNTYsdqCJCNzEUQDNcNaD65mjLvWcNyXKKt6s=
-----END CERTIFICATE-----