Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabc0a4e-ae35-481a-870c-636ab81ff119.roa
File:                     aabc0a4e-ae35-481a-870c-636ab81ff119.roa (raw, json)
Hash identifier:          lUrwUic9T0imVhR2LjnVN+ldoPwPPe8h8vZ4fK7tjpk=
Subject key identifier:   21:3A:12:A5:9A:B4:66:E7:F7:66:10:02:17:4E:4E:FB:BA:95:BC:8C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5DA514D78EEE1B652884683A1C5F61F1CA504EFD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabc0a4e-ae35-481a-870c-636ab81ff119.roa
Signing time:             Fri 26 Sep 2025 16:24:47 +0000
ROA not before:           Fri 26 Sep 2025 16:24:47 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.246.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:a5:14:d7:8e:ee:1b:65:28:84:68:3a:1c:5f:61:f1:ca:50:4e:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:24:47 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=b25098e5e118b7329541e4195f624bbaf6c02e6fd28a279742e6c570300f7ac6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4c:5e:f1:8b:f4:c4:dc:ff:f0:54:b6:7c:e3:
                    09:c1:cf:e2:b7:b9:16:01:c2:ce:af:5c:da:28:ec:
                    eb:1f:cf:17:54:d6:e7:6c:cb:bc:c2:93:d5:86:af:
                    de:bb:e8:19:59:9a:04:00:9f:54:28:eb:89:da:3c:
                    f2:60:19:0e:42:e2:b3:05:32:e6:89:91:f1:76:f7:
                    22:6d:9d:ea:61:9c:20:a0:b9:19:66:bc:55:7f:e2:
                    c9:92:d1:de:5e:a8:d6:fb:83:11:71:7c:08:ec:73:
                    55:c0:98:57:5f:1f:53:40:d6:ec:35:c3:51:0a:ab:
                    34:31:e6:dc:ac:07:77:92:4f:1b:22:93:dc:b3:13:
                    ef:b6:7c:d5:8c:1d:30:49:07:2b:62:08:9c:4b:67:
                    0f:5a:39:73:54:c8:a3:d3:58:cf:22:86:39:36:7b:
                    de:d7:1d:26:ce:88:77:57:c9:93:1f:8b:c8:8f:2a:
                    a4:4a:60:3b:04:75:ba:8f:98:63:8a:a8:1a:fe:42:
                    b3:80:30:37:4b:af:d4:3a:18:0d:5e:6d:06:2b:89:
                    40:8e:89:31:c7:31:73:b2:5f:b9:6c:d7:1d:72:9b:
                    66:58:3a:06:0b:8f:a7:7e:2a:78:1c:bc:58:d8:ec:
                    08:d9:cb:f2:2b:e1:43:10:99:b0:ac:05:cd:01:e3:
                    5e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:3A:12:A5:9A:B4:66:E7:F7:66:10:02:17:4E:4E:FB:BA:95:BC:8C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabc0a4e-ae35-481a-870c-636ab81ff119.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.246.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:66:8e:33:de:ac:e3:ea:84:ef:02:10:ee:b9:38:30:70:83:
         b8:5b:93:8e:25:46:4b:14:2c:bd:ff:ec:20:3d:9d:e2:28:fc:
         9d:5c:23:4e:dc:0c:2a:99:65:97:ed:e9:48:9d:fa:93:89:94:
         99:26:f0:02:e6:d9:f5:22:30:c0:9a:14:c2:e4:67:f1:7d:41:
         fc:8d:ed:c4:8e:b7:8c:ba:d6:0d:1f:8a:37:fc:24:82:59:9f:
         50:7c:9e:38:31:c9:f0:33:4f:d9:bc:5f:41:d0:9d:13:3c:3c:
         de:9c:21:9e:6f:a1:68:55:90:0f:3f:02:30:3b:18:da:2b:42:
         26:32:95:d1:f3:47:55:fe:81:a1:64:b3:2d:9f:4b:82:ef:40:
         c3:60:5a:50:ec:c9:d5:b9:da:39:90:25:fe:de:fe:f8:3e:ce:
         1f:06:02:71:e1:98:8c:aa:9b:e3:43:48:a3:a4:c1:0c:88:3e:
         a1:21:8a:b2:d3:5c:69:d3:8d:af:0f:54:97:11:54:58:9a:f4:
         b1:5a:2a:ab:92:97:d6:04:59:69:cf:07:b0:2f:12:5b:f8:df:
         50:60:a3:f9:c9:c1:f0:ba:a7:b8:b7:74:0c:bb:e1:40:51:91:
         e1:bd:25:d6:c8:f1:fd:b7:dd:85:f7:c0:ff:69:62:f3:57:14:
         3c:03:a3:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXaUU147uG2UohGg6HF9h8cpQTv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYyNDQ3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjUwOThlNWUxMThiNzMyOTU0MWU0MTk1ZjYyNGJiYWY2
YzAyZTZmZDI4YTI3OTc0MmU2YzU3MDMwMGY3YWM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnTF7xi/TE3P/wVLZ84wnBz+K3uRYBws6vXNoo7OsfzxdU
1udsy7zCk9WGr9676BlZmgQAn1Qo64naPPJgGQ5C4rMFMuaJkfF29yJtnephnCCg
uRlmvFV/4smS0d5eqNb7gxFxfAjsc1XAmFdfH1NA1uw1w1EKqzQx5tysB3eSTxsi
k9yzE++2fNWMHTBJBytiCJxLZw9aOXNUyKPTWM8ihjk2e97XHSbOiHdXyZMfi8iP
KqRKYDsEdbqPmGOKqBr+QrOAMDdLr9Q6GA1ebQYriUCOiTHHMXOyX7ls1x1ym2ZY
OgYLj6d+KngcvFjY7AjZy/Ir4UMQmbCsBc0B415zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIToSpZq0Zuf3ZhACF05O+7qVvIwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhYmMwYTRlLWFlMzUtNDgxYS04NzBjLTYzNmFiODFmZjExOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIS9ngwDQYJKoZIhvcNAQELBQADggEBADdmjjPerOPqhO8CEO65ODBwg7hb
k44lRksULL3/7CA9neIo/J1cI07cDCqZZZft6Uid+pOJlJkm8ALm2fUiMMCaFMLk
Z/F9QfyN7cSOt4y61g0fijf8JIJZn1B8njgxyfAzT9m8X0HQnRM8PN6cIZ5voWhV
kA8/AjA7GNorQiYyldHzR1X+gaFksy2fS4LvQMNgWlDsydW52jmQJf7e/vg+zh8G
AnHhmIyqm+NDSKOkwQyIPqEhirLTXGnTja8PVJcRVFia9LFaKquSl9YEWWnPB7Av
Elv431Bgo/nJwfC6p7i3dAy74UBRkeG9JdbI8f233YX3wP9pYvNXFDwDo48=
-----END CERTIFICATE-----