Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aad98751-abfe-4e86-863d-51e7cd883544.roa
File:                     aad98751-abfe-4e86-863d-51e7cd883544.roa (raw, json)
Hash identifier:          RWwdMX+v5JgDsckxGJ0Pf8Imcagdxj9ejk6Ni0vdc2E=
Subject key identifier:   4D:EE:B3:BC:6F:59:D3:72:46:18:B9:EB:5A:42:02:72:56:21:1A:27
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       19B6F1312997CA2A1607D7651FF95D8F6FA3358D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aad98751-abfe-4e86-863d-51e7cd883544.roa
Signing time:             Mon 22 Sep 2025 17:57:56 +0000
ROA not before:           Mon 22 Sep 2025 17:57:56 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:b6:f1:31:29:97:ca:2a:16:07:d7:65:1f:f9:5d:8f:6f:a3:35:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:57:56 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=80cd9b866390477abe4922269c2e3645a4d8dc8375a2156ccbfe47d7ff091d96, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:0c:02:2c:6e:42:7f:35:df:3b:f9:0c:7b:e6:
                    c8:48:e0:9f:af:93:52:0b:9a:ec:84:8d:20:6b:b4:
                    2b:c1:de:2f:19:5d:da:c3:b2:e9:6e:83:6c:cb:d6:
                    e5:01:ca:cb:26:3f:82:32:e4:d4:e5:2f:60:42:d1:
                    3d:89:c3:58:24:f0:98:e7:aa:b9:d7:19:94:e9:a5:
                    b7:4b:b8:a7:fa:9d:b3:b6:de:ca:5f:1f:5e:61:06:
                    e5:e4:16:b7:9b:2b:60:7c:11:39:ab:43:c2:57:4d:
                    eb:70:f5:d6:94:54:ef:e2:15:0c:61:59:13:ac:4e:
                    93:3c:ed:f8:96:47:c4:ae:f3:88:be:bf:85:da:16:
                    bc:a7:d0:26:ea:a9:43:a7:92:3c:18:5b:5f:78:ac:
                    2f:77:18:e5:18:bb:a2:c9:58:41:21:0c:11:65:a2:
                    cd:94:94:6e:31:6b:be:2d:ac:e0:15:95:24:21:31:
                    c3:15:50:54:42:1b:de:f4:4b:3e:70:11:05:1f:5d:
                    32:5d:0c:12:ba:a1:c5:c6:44:8a:f8:58:1d:85:44:
                    da:57:98:37:28:49:eb:7f:0c:57:5b:9d:ec:2f:34:
                    58:2e:e2:13:f1:65:0e:0c:53:0c:ce:cc:cb:18:a3:
                    38:17:ac:3f:d6:e1:b2:c7:2a:2c:fa:3d:c4:20:a1:
                    73:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EE:B3:BC:6F:59:D3:72:46:18:B9:EB:5A:42:02:72:56:21:1A:27
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aad98751-abfe-4e86-863d-51e7cd883544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:62:4d:70:cc:21:a3:a6:b7:a7:e2:dd:c5:38:f9:c9:ce:71:
         39:dc:5b:b2:64:ca:4e:67:14:df:e8:5a:c7:51:a6:36:40:17:
         b7:57:29:19:ab:26:c7:2d:8b:e0:5b:5f:1e:7a:88:9a:d9:8d:
         6a:4f:5a:77:45:d2:cc:bc:a1:ba:4f:02:b3:b2:c7:87:ab:ae:
         95:09:fd:d4:20:6f:a5:c3:07:ea:7a:3c:17:73:a8:a5:53:0c:
         9b:93:f6:fd:52:53:67:4d:81:c4:24:33:0e:08:3a:5d:eb:98:
         87:d2:61:51:98:58:f7:47:62:01:2a:f3:d6:18:41:bb:82:06:
         c6:cb:26:c5:9f:c3:e1:cd:b6:5c:91:d1:fa:ea:22:24:51:9a:
         5d:05:e7:06:32:b0:02:b3:d9:c6:ec:3b:dd:59:a9:8c:1f:ac:
         3a:4a:31:59:b4:11:4b:5d:72:c4:f2:a3:f5:dd:ec:d4:52:97:
         ad:d5:11:13:b0:a2:18:9b:0d:f6:4c:1b:71:10:3b:5c:99:11:
         70:4a:d0:be:91:73:3f:80:f2:eb:b2:cc:d3:fa:41:c5:c0:ee:
         76:c8:39:f6:28:ca:07:fd:54:47:da:bc:f8:83:de:99:69:04:
         2b:df:81:e3:fc:62:6a:77:35:53:d0:0a:27:7a:03:93:89:10:
         91:19:ed:08
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGbbxMSmXyioWB9dlH/ldj2+jNY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTc1NzU2WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MGNkOWI4NjYzOTA0NzdhYmU0OTIyMjY5YzJlMzY0NWE0
ZDhkYzgzNzVhMjE1NmNjYmZlNDdkN2ZmMDkxZDk2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRDAIsbkJ/Nd87+Qx75shI4J+vk1ILmuyEjSBrtCvB3i8Z
XdrDsulug2zL1uUByssmP4Iy5NTlL2BC0T2Jw1gk8JjnqrnXGZTppbdLuKf6nbO2
3spfH15hBuXkFrebK2B8ETmrQ8JXTetw9daUVO/iFQxhWROsTpM87fiWR8Su84i+
v4XaFryn0CbqqUOnkjwYW194rC93GOUYu6LJWEEhDBFlos2UlG4xa74trOAVlSQh
McMVUFRCG970Sz5wEQUfXTJdDBK6ocXGRIr4WB2FRNpXmDcoSet/DFdbnewvNFgu
4hPxZQ4MUwzOzMsYozgXrD/W4bLHKiz6PcQgoXMBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTe6zvG9Z03JGGLnrWkICclYhGicwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhZDk4NzUxLWFiZmUtNGU4Ni04NjNkLTUxZTdjZDg4MzU0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISmjgwDQYJKoZIhvcNAQELBQADggEBAH9iTXDMIaOmt6fi3cU4+cnOcTnc
W7Jkyk5nFN/oWsdRpjZAF7dXKRmrJscti+BbXx56iJrZjWpPWndF0sy8obpPArOy
x4errpUJ/dQgb6XDB+p6PBdzqKVTDJuT9v1SU2dNgcQkMw4IOl3rmIfSYVGYWPdH
YgEq89YYQbuCBsbLJsWfw+HNtlyR0frqIiRRml0F5wYysAKz2cbsO91ZqYwfrDpK
MVm0EUtdcsTyo/Xd7NRSl63VEROwohibDfZMG3EQO1yZEXBK0L6Rcz+A8uuyzNP6
QcXA7nbIOfYoygf9VEfavPiD3plpBCvfgeP8Ymp3NVPQCid6A5OJEJEZ7Qg=
-----END CERTIFICATE-----