Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aa04a7f8-5712-4d79-815d-4b68be4bafed.roa
File:                     aa04a7f8-5712-4d79-815d-4b68be4bafed.roa (raw, json)
Hash identifier:          hgQKHZ9sx66EddrdW+gew7rK/UhJ4nbVrL5tkI2H50Y=
Subject key identifier:   DB:44:E8:E3:28:A6:CB:2D:AB:14:21:12:FA:62:73:74:46:5F:52:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6425AF8822EB2DEAB9F98F71C1506C0993FD4745
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aa04a7f8-5712-4d79-815d-4b68be4bafed.roa
Signing time:             Mon 22 Sep 2025 23:26:07 +0000
ROA not before:           Mon 22 Sep 2025 23:26:07 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.245.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:25:af:88:22:eb:2d:ea:b9:f9:8f:71:c1:50:6c:09:93:fd:47:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 23:26:07 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=0c26371023d65258ffeba3af07e8419571be38674af7de497696c171922acda6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a3:fc:33:59:7a:8f:5f:fc:fb:c2:78:df:a1:
                    7c:11:5c:d0:b7:73:3d:4d:f1:96:76:f9:d3:fe:81:
                    67:10:a5:bb:8d:9d:f0:96:44:15:e8:31:2a:c3:56:
                    c5:35:e1:76:16:db:56:68:36:1c:e1:a5:04:a2:46:
                    69:2d:6a:df:f9:bd:94:07:6e:e5:9c:5b:4b:52:33:
                    33:c6:71:23:41:89:06:8b:25:2c:ef:a5:0b:3c:5d:
                    54:5c:1d:e2:48:0d:22:c7:e4:b7:fc:de:02:fd:ae:
                    0f:94:79:b3:19:02:a2:c0:26:f2:23:44:38:b3:3b:
                    13:ee:f1:77:91:86:f8:e1:87:cf:5d:7a:8c:a4:e1:
                    05:8f:2d:38:7f:30:f7:17:5c:a3:aa:9e:84:7c:75:
                    d4:db:8b:4a:fb:c1:6f:96:cb:8e:79:81:5c:25:35:
                    b3:80:09:7c:de:1c:79:39:c2:6b:b3:40:b5:ec:d2:
                    d8:9f:08:b9:90:e2:c2:0a:a4:4e:7c:d9:8f:ee:72:
                    eb:29:cf:ca:20:73:89:86:46:27:e2:c3:f5:6c:33:
                    b7:33:b4:a8:3e:3c:7f:d5:ba:aa:5e:73:c2:af:1a:
                    2a:ec:91:60:27:4b:c3:94:4a:b3:07:c0:23:9a:33:
                    fb:12:29:9d:69:bc:c3:db:a8:67:b9:9d:b0:79:a5:
                    be:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:44:E8:E3:28:A6:CB:2D:AB:14:21:12:FA:62:73:74:46:5F:52:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aa04a7f8-5712-4d79-815d-4b68be4bafed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.245.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:c8:3f:67:f8:31:3c:b0:dc:00:70:88:62:1b:bf:ba:40:9d:
         79:e1:1b:36:76:dd:25:0b:bb:fc:61:08:dd:38:88:f6:33:95:
         11:d1:24:08:8f:b2:52:d3:b4:3e:5d:4f:2a:97:4c:dc:0f:22:
         6b:97:dc:3b:0e:02:5e:be:59:ca:2b:63:92:0b:e3:5c:e7:cc:
         15:1b:67:32:cc:57:f8:34:2e:1c:f1:ac:46:12:26:1c:91:bc:
         c0:b7:83:12:0b:ff:52:7d:59:12:f3:6e:ed:9c:96:8d:62:54:
         2b:89:7c:66:9f:38:0f:cb:8a:68:4c:ec:49:41:da:ac:8b:42:
         f4:4a:2a:7e:9b:a4:62:a3:f9:c8:21:5d:19:ce:1a:03:1a:c5:
         aa:2b:95:12:25:e6:fd:3e:fa:aa:d0:56:5b:5e:78:75:92:9c:
         9b:0f:6a:87:0c:59:f5:5e:3d:13:68:eb:12:89:07:b9:ff:d9:
         f7:77:b6:c2:74:5f:bd:04:07:90:28:b7:09:86:80:4c:a1:9e:
         2d:e3:f2:31:26:d6:55:c9:66:9c:85:c1:44:23:6a:c1:29:ea:
         f8:74:cd:cb:f3:b5:5d:a8:ed:b0:99:1e:75:6c:00:4d:9c:aa:
         4a:26:63:29:09:a4:4a:2b:ad:6b:20:a3:3c:48:db:15:34:e8:
         c0:20:d6:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZCWviCLrLeq5+Y9xwVBsCZP9R0UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjMyNjA3WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzI2MzcxMDIzZDY1MjU4ZmZlYmEzYWYwN2U4NDE5NTcx
YmUzODY3NGFmN2RlNDk3Njk2YzE3MTkyMmFjZGE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJo/wzWXqPX/z7wnjfoXwRXNC3cz1N8ZZ2+dP+gWcQpbuN
nfCWRBXoMSrDVsU14XYW21ZoNhzhpQSiRmktat/5vZQHbuWcW0tSMzPGcSNBiQaL
JSzvpQs8XVRcHeJIDSLH5Lf83gL9rg+UebMZAqLAJvIjRDizOxPu8XeRhvjhh89d
eoyk4QWPLTh/MPcXXKOqnoR8ddTbi0r7wW+Wy455gVwlNbOACXzeHHk5wmuzQLXs
0tifCLmQ4sIKpE582Y/ucuspz8ogc4mGRifiw/VsM7cztKg+PH/Vuqpec8KvGirs
kWAnS8OUSrMHwCOaM/sSKZ1pvMPbqGe5nbB5pb6rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU20To4yimyy2rFCES+mJzdEZfUoUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhMDRhN2Y4LTU3MTItNGQ3OS04MTVkLTRiNjhiZTRiYWZlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIS9cgwDQYJKoZIhvcNAQELBQADggEBADrIP2f4MTyw3ABwiGIbv7pAnXnh
GzZ23SULu/xhCN04iPYzlRHRJAiPslLTtD5dTyqXTNwPImuX3DsOAl6+WcorY5IL
41znzBUbZzLMV/g0LhzxrEYSJhyRvMC3gxIL/1J9WRLzbu2clo1iVCuJfGafOA/L
imhM7ElB2qyLQvRKKn6bpGKj+cghXRnOGgMaxaorlRIl5v0++qrQVlteeHWSnJsP
aocMWfVePRNo6xKJB7n/2fd3tsJ0X70EB5AotwmGgEyhni3j8jEm1lXJZpyFwUQj
asEp6vh0zcvztV2o7bCZHnVsAE2cqkomYykJpEorrWsgozxI2xU06MAg1vA=
-----END CERTIFICATE-----