Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b12b8b9a-edca-4091-8a7b-29e1140a4579.roa
File:                     b12b8b9a-edca-4091-8a7b-29e1140a4579.roa (raw, json)
Hash identifier:          VeplcGggJFpirqGGYSbFb4Agel3g0XcJ66U8IcnCLw8=
Subject key identifier:   33:66:0B:28:86:0C:91:6C:FF:0E:63:0E:42:82:72:DC:6A:85:E9:26
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C80BAE957C0EFABEFB261519EE55867C1E63757
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b12b8b9a-edca-4091-8a7b-29e1140a4579.roa
Signing time:             Mon 22 Sep 2025 18:07:16 +0000
ROA not before:           Mon 22 Sep 2025 18:07:16 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.155.88.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:80:ba:e9:57:c0:ef:ab:ef:b2:61:51:9e:e5:58:67:c1:e6:37:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 18:07:16 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=5d310fce7eb2a6ae866edd929c43ea804c09d8cf7e7c85971763620549da84c3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5b:15:e8:84:28:af:92:5c:26:05:ae:b1:3d:
                    b6:f9:fe:ad:8d:fc:d3:fc:41:ca:6f:fd:09:05:45:
                    3f:aa:08:e5:05:e8:d0:54:81:a8:4e:bf:57:12:3f:
                    fe:f3:f9:9d:69:50:6d:8e:47:58:71:dc:79:71:76:
                    6a:e4:eb:48:01:29:0f:8c:66:96:38:60:58:80:a6:
                    1f:19:89:3e:fb:96:93:be:60:dd:18:f7:ca:ba:77:
                    3e:25:b5:26:fc:40:fd:d2:f7:95:16:a4:99:f4:67:
                    35:11:fe:d0:2f:56:67:a4:ed:f4:5f:37:88:f0:ad:
                    63:6b:3f:8f:09:8c:2a:04:50:db:d0:c0:86:24:20:
                    db:14:69:7c:4e:43:a0:88:f5:d9:27:11:a7:46:4c:
                    df:0e:52:e8:e8:4a:b4:99:cc:6c:56:74:a9:87:13:
                    c7:9a:69:50:41:79:a4:17:a9:39:bf:5b:05:e9:0e:
                    1d:33:04:d4:c7:36:b9:a1:e9:11:4e:00:db:53:06:
                    4d:9d:f6:cf:7d:fd:9f:cb:9b:83:74:57:f3:12:df:
                    31:2f:b3:66:05:33:bf:17:99:1a:cd:30:41:57:84:
                    c7:15:0a:67:86:4e:92:1c:86:e5:e9:79:f1:4f:12:
                    c0:b0:2b:1a:69:6b:d1:3c:aa:14:8a:a6:a2:43:d1:
                    e9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:66:0B:28:86:0C:91:6C:FF:0E:63:0E:42:82:72:DC:6A:85:E9:26
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b12b8b9a-edca-4091-8a7b-29e1140a4579.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.155.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         62:92:97:d1:7f:29:ac:59:78:84:ba:4d:83:a3:e5:bd:af:7d:
         d5:93:9b:b4:30:79:0a:9e:d0:56:68:34:99:e9:c2:aa:d0:bc:
         f3:d5:5d:b2:43:db:d9:be:b0:92:df:eb:a4:0c:7a:7e:07:c7:
         c6:96:e5:ad:ef:39:88:ec:d4:00:36:27:f9:2e:20:55:a8:b7:
         71:3f:a8:8a:ca:e8:ee:65:be:ab:58:e2:18:b6:27:68:26:c3:
         95:28:11:f9:f3:2d:21:d1:ef:c6:84:f9:0b:79:b9:e0:0d:08:
         8f:34:fd:07:48:7c:3e:d8:77:5e:f1:00:fe:e7:e9:5e:86:83:
         d4:41:0f:61:a2:8d:7a:d7:2f:ac:96:7b:06:71:13:24:8e:78:
         32:4b:e2:f5:d0:e8:f1:85:72:21:24:83:1c:5b:4e:46:bb:b3:
         65:5f:b4:1a:3f:68:0c:cd:b2:8c:22:5f:4a:db:67:92:5a:70:
         4b:fb:3f:f7:8b:91:f5:49:1e:7f:30:b0:91:c8:1d:7c:d6:21:
         ec:d4:99:89:26:39:1a:b1:e9:be:47:97:b2:2a:97:28:4e:c9:
         85:06:66:09:2a:61:80:75:95:0b:5f:d6:74:ff:fd:53:4a:f4:
         23:a7:22:d3:1c:60:5b:f9:6c:08:e0:99:fb:69:6b:6a:b5:31:
         13:1e:cd:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfIC66VfA76vvsmFRnuVYZ8HmN1cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTgwNzE2WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDMxMGZjZTdlYjJhNmFlODY2ZWRkOTI5YzQzZWE4MDRj
MDlkOGNmN2U3Yzg1OTcxNzYzNjIwNTQ5ZGE4NGMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6WxXohCivklwmBa6xPbb5/q2N/NP8Qcpv/QkFRT+qCOUF
6NBUgahOv1cSP/7z+Z1pUG2OR1hx3Hlxdmrk60gBKQ+MZpY4YFiAph8ZiT77lpO+
YN0Y98q6dz4ltSb8QP3S95UWpJn0ZzUR/tAvVmek7fRfN4jwrWNrP48JjCoEUNvQ
wIYkINsUaXxOQ6CI9dknEadGTN8OUujoSrSZzGxWdKmHE8eaaVBBeaQXqTm/WwXp
Dh0zBNTHNrmh6RFOANtTBk2d9s99/Z/Lm4N0V/MS3zEvs2YFM78XmRrNMEFXhMcV
CmeGTpIchuXpefFPEsCwKxppa9E8qhSKpqJD0em7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM2YLKIYMkWz/DmMOQoJy3GqF6SYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IxMmI4YjlhLWVkY2EtNDA5MS04YTdiLTI5ZTExNDBhNDU3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSm1gwDQYJKoZIhvcNAQELBQADggEBAGKSl9F/KaxZeIS6TYOj5b2vfdWT
m7QweQqe0FZoNJnpwqrQvPPVXbJD29m+sJLf66QMen4Hx8aW5a3vOYjs1AA2J/ku
IFWot3E/qIrK6O5lvqtY4hi2J2gmw5UoEfnzLSHR78aE+Qt5ueANCI80/QdIfD7Y
d17xAP7n6V6Gg9RBD2GijXrXL6yWewZxEySOeDJL4vXQ6PGFciEkgxxbTka7s2Vf
tBo/aAzNsowiX0rbZ5JacEv7P/eLkfVJHn8wsJHIHXzWIezUmYkmORqx6b5Hl7Iq
lyhOyYUGZgkqYYB1lQtf1nT//VNK9COnItMcYFv5bAjgmftpa2q1MRMezfs=
-----END CERTIFICATE-----