Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabc0a4e-ae35-481a-870c-636ab81ff119.roa
File:                     aabc0a4e-ae35-481a-870c-636ab81ff119.roa (raw, json)
Hash identifier:          4y6NHV6xlsDsuIMdyeTrSDvHUW6vMKdGN63QIQnTAgU=
Subject key identifier:   B9:4D:14:1A:58:B5:87:21:E1:77:AF:70:25:7A:14:B3:2F:A7:1F:00
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1451C1B2F1912C4E40919C6F6CD86A74F68AB2BD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabc0a4e-ae35-481a-870c-636ab81ff119.roa
Signing time:             Tue 05 Aug 2025 16:30:16 +0000
ROA not before:           Tue 05 Aug 2025 16:30:16 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.246.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:51:c1:b2:f1:91:2c:4e:40:91:9c:6f:6c:d8:6a:74:f6:8a:b2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:30:16 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=60677bb0339f9e033f3c1ec51b4a4f7e1d25867fc0b09b54956028b4d3db85a2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f8:56:89:c1:e2:78:21:ae:d9:d6:7c:59:a3:
                    df:81:aa:e4:ea:58:b2:85:cb:50:11:d3:62:b8:7f:
                    47:8f:56:aa:09:37:83:99:fd:96:5e:e3:cb:96:65:
                    b4:3f:72:ca:44:c9:2a:5a:61:0f:c7:a3:10:04:fc:
                    23:d4:19:bc:78:bc:10:32:16:4b:73:dd:ca:25:c3:
                    11:7a:58:b9:b6:75:48:13:01:42:5b:91:e3:02:ea:
                    8e:13:a7:0d:9f:18:86:f6:01:83:a0:30:92:be:31:
                    53:02:70:d2:ea:dd:df:9a:a5:e8:58:12:14:5a:b9:
                    54:a2:95:78:4b:25:72:b6:2a:27:0f:ee:e3:d0:d1:
                    9c:2c:ac:20:d6:e2:55:e3:9b:04:e1:13:d2:33:8d:
                    e3:f1:29:72:43:0f:cf:c2:82:b6:4c:f9:64:37:b5:
                    df:a9:93:0c:2c:23:9d:5c:5d:9e:81:6c:c6:a4:b9:
                    df:1c:8e:79:77:e4:74:3a:d1:19:75:3c:e9:27:31:
                    06:b3:a3:27:ba:10:74:5b:29:e2:47:ca:7c:dc:56:
                    11:65:83:ab:3b:0c:2b:cf:23:b0:72:54:91:48:a2:
                    d6:14:25:f2:2b:53:11:22:49:95:72:6f:52:73:ab:
                    89:5c:76:39:4c:a9:4f:28:aa:02:74:13:40:d6:4d:
                    c0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:4D:14:1A:58:B5:87:21:E1:77:AF:70:25:7A:14:B3:2F:A7:1F:00
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aabc0a4e-ae35-481a-870c-636ab81ff119.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.246.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:08:9a:e6:4d:64:13:75:e0:d1:31:14:ce:aa:cf:07:dc:06:
         fa:4b:61:8d:2b:3d:77:55:0c:91:70:a6:09:ef:c8:a1:c4:db:
         d3:57:23:56:76:ad:97:55:e9:2b:c0:ed:a8:f3:32:94:93:db:
         33:1c:61:92:e2:54:0c:2d:a0:78:d0:73:4d:80:e4:ec:b7:ad:
         7f:9a:e4:7a:20:e0:bf:b9:ef:45:22:9a:2c:66:4a:9f:a2:3c:
         94:a4:fd:b8:4a:9a:3e:af:17:17:40:35:28:91:d6:f0:c5:d8:
         11:54:de:66:1d:4e:9e:0f:88:de:9b:71:7c:0d:f9:f3:46:30:
         70:7e:e2:73:e2:97:8f:93:5b:61:30:ab:e0:16:d5:fb:49:f4:
         7b:b6:40:f3:92:ac:6e:5e:64:74:06:52:ba:90:82:db:65:86:
         a8:14:fd:fa:e6:ef:89:ae:05:c8:89:83:d7:83:39:29:51:0a:
         d9:dd:67:17:67:81:ef:d9:94:70:7e:53:c0:18:3f:1f:75:fc:
         f2:c0:df:99:23:bd:f7:73:98:fb:49:bf:a4:23:2a:b1:d0:5c:
         cb:05:76:f6:66:69:17:93:dd:e2:72:92:4f:49:68:f2:95:19:
         d8:40:ae:72:3f:1f:e4:9c:9b:89:b7:af:9f:98:09:7e:12:85:
         69:29:27:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFFHBsvGRLE5AkZxvbNhqdPaKsr0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTYzMDE2WhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDY3N2JiMDMzOWY5ZTAzM2YzYzFlYzUxYjRhNGY3ZTFk
MjU4NjdmYzBiMDliNTQ5NTYwMjhiNGQzZGI4NWEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa+FaJweJ4Ia7Z1nxZo9+BquTqWLKFy1AR02K4f0ePVqoJ
N4OZ/ZZe48uWZbQ/cspEySpaYQ/HoxAE/CPUGbx4vBAyFktz3colwxF6WLm2dUgT
AUJbkeMC6o4Tpw2fGIb2AYOgMJK+MVMCcNLq3d+apehYEhRauVSilXhLJXK2KicP
7uPQ0ZwsrCDW4lXjmwThE9IzjePxKXJDD8/CgrZM+WQ3td+pkwwsI51cXZ6BbMak
ud8cjnl35HQ60Rl1POknMQazoye6EHRbKeJHynzcVhFlg6s7DCvPI7ByVJFIotYU
JfIrUxEiSZVyb1Jzq4lcdjlMqU8oqgJ0E0DWTcCdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuU0UGli1hyHhd69wJXoUsy+nHwAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhYmMwYTRlLWFlMzUtNDgxYS04NzBjLTYzNmFiODFmZjExOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIS9ngwDQYJKoZIhvcNAQELBQADggEBAIwImuZNZBN14NExFM6qzwfcBvpL
YY0rPXdVDJFwpgnvyKHE29NXI1Z2rZdV6SvA7ajzMpST2zMcYZLiVAwtoHjQc02A
5Oy3rX+a5Hog4L+570UimixmSp+iPJSk/bhKmj6vFxdANSiR1vDF2BFU3mYdTp4P
iN6bcXwN+fNGMHB+4nPil4+TW2Ewq+AW1ftJ9Hu2QPOSrG5eZHQGUrqQgttlhqgU
/frm74muBciJg9eDOSlRCtndZxdnge/ZlHB+U8AYPx91/PLA35kjvfdzmPtJv6Qj
KrHQXMsFdvZmaReT3eJykk9JaPKVGdhArnI/H+Scm4m3r5+YCX4ShWkpJ7g=
-----END CERTIFICATE-----