Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b20cd1d6-a9af-45d0-acb3-13a118450393.roa
File:                     b20cd1d6-a9af-45d0-acb3-13a118450393.roa (raw, json)
Hash identifier:          ohPkKK81+9FLhLcW0zsFM2MlWIs3QmTHx+p0mY3K68M=
Subject key identifier:   30:08:83:93:ED:03:2D:F9:E1:47:2B:13:5C:BF:C4:FA:48:79:B4:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       62242BC6BD7C9A6273508584586430D07EF109A9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b20cd1d6-a9af-45d0-acb3-13a118450393.roa
Signing time:             Wed 24 Sep 2025 22:24:23 +0000
ROA not before:           Wed 24 Sep 2025 22:24:23 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.224.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:24:2b:c6:bd:7c:9a:62:73:50:85:84:58:64:30:d0:7e:f1:09:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 22:24:23 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=2f887ee7ab6d8447f9f7b3754e8f07377c73919da0516fd236ed415bbffe3411, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:12:cf:1f:43:13:86:a8:a2:a5:68:9d:5a:6e:
                    29:f0:63:45:c8:9f:45:47:be:14:45:d7:b7:b3:25:
                    58:51:0b:95:d9:68:1b:da:2b:de:ab:bb:42:90:b4:
                    99:56:b7:55:f2:8e:86:08:43:a0:af:73:c1:f3:e2:
                    23:91:7c:b0:2b:37:70:69:4d:f5:9d:20:33:a6:7b:
                    62:91:2c:96:bb:bd:7b:d4:f0:6e:55:3d:16:b3:21:
                    43:b6:76:74:6c:b7:71:b4:a6:e2:1d:4a:04:34:4e:
                    7e:ee:43:6a:64:f7:98:9a:ef:20:59:6e:8b:ad:c9:
                    5d:a0:b2:0e:a8:27:c4:7f:2a:9e:df:4d:b5:37:8e:
                    eb:3a:47:14:f7:f5:55:be:38:04:c5:4a:25:4b:d4:
                    60:f8:b3:aa:c6:97:83:70:2e:29:46:8c:c0:52:20:
                    2e:3c:c0:fe:91:b3:98:2e:7f:9d:01:3a:d1:5a:58:
                    00:ac:3b:e6:73:26:cd:26:fc:06:1d:77:df:f7:bc:
                    03:16:de:81:32:68:74:be:cf:74:1d:80:04:ce:b5:
                    95:75:ce:fa:e1:d4:58:e7:e0:c8:b1:53:a0:a0:e4:
                    3f:d2:86:e3:a1:68:11:c6:8a:91:28:5c:d0:fd:2e:
                    bb:5a:55:a4:53:3f:7f:1a:93:b0:46:da:64:04:e8:
                    e5:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:08:83:93:ED:03:2D:F9:E1:47:2B:13:5C:BF:C4:FA:48:79:B4:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b20cd1d6-a9af-45d0-acb3-13a118450393.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:01:27:8e:92:6b:0f:76:bd:16:b1:d9:54:00:63:e7:6c:61:
         6d:be:3e:e5:68:57:99:6b:dc:9c:40:0e:94:0d:a4:80:5d:72:
         b1:6c:e6:f5:c6:6f:70:5c:5b:ac:a2:47:d9:f6:79:89:40:e1:
         0a:94:e3:5a:74:be:be:56:d3:89:af:4d:42:d1:af:30:0c:80:
         f9:5d:c9:f8:5a:de:3e:19:a9:48:41:8b:e1:12:d6:0e:aa:99:
         cf:cb:a1:5c:b7:be:7e:68:d1:8b:6e:9a:96:c2:96:98:bb:9a:
         b2:40:41:a0:1c:cd:09:a7:72:e5:2f:31:4c:d3:83:e3:52:67:
         5f:ba:ca:2a:45:d9:dd:f3:96:b1:dd:93:ed:d8:f7:bf:fa:23:
         3a:f8:85:5e:d9:39:53:04:77:a0:8b:0c:f9:49:64:28:b4:3e:
         8a:54:b7:b9:11:f3:5a:5e:78:55:3f:cc:08:31:76:95:8b:05:
         39:c2:fb:e1:29:b5:1a:80:c1:4f:17:85:76:f2:98:22:1b:25:
         72:7c:18:30:ed:a3:43:b6:bf:97:69:18:72:09:58:eb:f4:ea:
         37:9f:f0:03:a2:ee:5e:fa:58:aa:3a:8b:fe:22:76:0d:d7:2e:
         68:28:5a:7d:2d:6a:75:95:df:12:16:0c:cb:22:e5:27:26:55:
         ec:0b:ab:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYiQrxr18mmJzUIWEWGQw0H7xCakwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjIyNDIzWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjg4N2VlN2FiNmQ4NDQ3ZjlmN2IzNzU0ZThmMDczNzdj
NzM5MTlkYTA1MTZmZDIzNmVkNDE1YmJmZmUzNDExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyEs8fQxOGqKKlaJ1abinwY0XIn0VHvhRF17ezJVhRC5XZ
aBvaK96ru0KQtJlWt1XyjoYIQ6Cvc8Hz4iORfLArN3BpTfWdIDOme2KRLJa7vXvU
8G5VPRazIUO2dnRst3G0puIdSgQ0Tn7uQ2pk95ia7yBZboutyV2gsg6oJ8R/Kp7f
TbU3jus6RxT39VW+OATFSiVL1GD4s6rGl4NwLilGjMBSIC48wP6Rs5guf50BOtFa
WACsO+ZzJs0m/AYdd9/3vAMW3oEyaHS+z3QdgATOtZV1zvrh1Fjn4MixU6Cg5D/S
huOhaBHGipEoXND9LrtaVaRTP38ak7BG2mQE6OUvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMAiDk+0DLfnhRysTXL/E+kh5tPcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IyMGNkMWQ2LWE5YWYtNDVkMC1hY2IzLTEzYTExODQ1MDM5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESQeAwDQYJKoZIhvcNAQELBQADggEBAHIBJ46Saw92vRax2VQAY+dsYW2+
PuVoV5lr3JxADpQNpIBdcrFs5vXGb3BcW6yiR9n2eYlA4QqU41p0vr5W04mvTULR
rzAMgPldyfha3j4ZqUhBi+ES1g6qmc/LoVy3vn5o0YtumpbClpi7mrJAQaAczQmn
cuUvMUzTg+NSZ1+6yipF2d3zlrHdk+3Y97/6Izr4hV7ZOVMEd6CLDPlJZCi0PopU
t7kR81peeFU/zAgxdpWLBTnC++EptRqAwU8XhXbymCIbJXJ8GDDto0O2v5dpGHIJ
WOv06jef8AOi7l76WKo6i/4idg3XLmgoWn0tanWV3xIWDMsi5ScmVewLqyw=
-----END CERTIFICATE-----