Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c21b4430-6df4-411e-af89-e6f0a2b9b6f6.roa
File:                     c21b4430-6df4-411e-af89-e6f0a2b9b6f6.roa (raw, json)
Hash identifier:          KVRtLv0pnOLrr6ppN8edm79Z0Yok9n2qm2ojNJggXZ8=
Subject key identifier:   B4:D4:25:D7:BF:74:68:03:3D:B1:7F:CB:4F:BC:D3:FA:AF:C1:7F:C0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       71CDD39694DC76EEEA886D958CE8DF724D9235
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c21b4430-6df4-411e-af89-e6f0a2b9b6f6.roa
Signing time:             Tue 05 Aug 2025 16:30:17 +0000
ROA not before:           Tue 05 Aug 2025 16:30:17 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.246.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:cd:d3:96:94:dc:76:ee:ea:88:6d:95:8c:e8:df:72:4d:92:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:30:17 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=f50e8dbea00fef9466ee6aada2cf7c1b552efb72a2bf09dd2fd9e8ee8f872425, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3b:fe:8c:ac:16:33:93:e0:77:76:bf:dc:c7:
                    61:a3:4f:81:93:39:f1:8d:3d:d3:b7:6a:01:02:70:
                    55:2f:b7:7d:11:b9:5f:9d:57:08:98:65:c4:59:cb:
                    f7:38:a7:d3:0c:02:95:9c:e9:e8:11:e5:17:bf:70:
                    5f:b7:8a:d0:4c:9e:25:49:e8:8f:f8:a7:f8:f8:24:
                    ff:f0:f5:66:6d:06:b2:3f:70:fd:df:7f:71:b1:1c:
                    00:98:b6:5c:b2:da:d6:c5:c0:7a:43:4b:10:86:38:
                    c7:e4:9c:aa:97:83:f5:f9:c0:a0:8f:e3:55:3a:5a:
                    9b:3e:46:44:2d:e1:12:4f:79:95:1b:f8:28:e5:e4:
                    b1:96:8c:7e:6b:04:37:0a:31:54:76:da:6d:c6:3f:
                    09:94:b3:e1:95:ea:b2:a8:a1:c5:5c:54:a4:45:10:
                    54:f2:40:36:e0:8f:0a:04:31:81:a1:1d:16:2e:db:
                    69:a8:a1:ab:03:c8:cb:36:59:b7:98:11:f2:99:1c:
                    15:8f:29:f2:db:9e:b3:ad:14:0a:9e:3e:c8:96:39:
                    0d:2a:26:60:59:39:5e:a4:3c:b7:5f:f9:a5:a6:d5:
                    05:3d:e1:29:88:7c:88:20:ec:73:46:71:e1:49:a0:
                    c5:52:c7:9e:d6:b0:81:d8:81:1e:c2:ba:d1:95:21:
                    51:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D4:25:D7:BF:74:68:03:3D:B1:7F:CB:4F:BC:D3:FA:AF:C1:7F:C0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c21b4430-6df4-411e-af89-e6f0a2b9b6f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.246.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:db:4c:a4:85:7a:46:84:59:11:a0:17:02:5b:78:20:89:9b:
         10:6d:17:a3:1a:37:c3:2e:cd:96:f2:86:a7:9e:b0:ce:73:e4:
         8a:93:08:5c:60:87:f7:b9:b6:3d:75:7f:ee:e1:dc:79:61:0a:
         00:43:bf:81:e6:42:86:32:f4:3e:30:d4:80:d9:57:2f:c9:c7:
         6a:31:6c:3e:3d:2d:59:e7:2c:0b:86:b1:53:f6:75:8e:d9:fd:
         56:4c:fb:7e:dd:98:73:9d:cd:6b:c7:54:32:7d:c8:1e:82:b7:
         83:9e:f9:07:b7:41:a3:4f:32:8e:f6:e6:d2:3f:f9:91:fe:86:
         95:4e:cf:95:4e:41:c6:36:90:79:5b:dc:37:15:1b:15:bb:11:
         21:47:e0:56:17:ee:bf:3a:48:8d:8e:ba:3d:7f:4c:e4:41:bb:
         a3:9c:9f:51:a0:a3:65:6e:cd:e1:5e:d9:48:8b:40:f5:29:db:
         b4:34:73:c4:0d:73:13:a6:cb:2a:31:82:58:ac:7d:8b:2a:c3:
         08:3c:88:94:6f:bd:41:63:e3:22:bc:28:3b:f2:9c:82:5c:62:
         ea:a9:81:db:a6:c2:8b:05:9c:10:61:45:4a:c1:7f:aa:8c:aa:
         f8:aa:25:8b:35:89:84:93:49:06:8a:d7:cb:25:22:e2:cf:8c:
         93:f5:0f:b1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITcc3TlpTcdu7qiG2VjOjfck2SNTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA4MDUxNjMwMTdaFw0yNTA5MDkyMzU5NTla
MHoxSTBHBgNVBAUTQGY1MGU4ZGJlYTAwZmVmOTQ2NmVlNmFhZGEyY2Y3YzFiNTUy
ZWZiNzJhMmJmMDlkZDJmZDllOGVlOGY4NzI0MjUxLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALI7/oysFjOT4Hd2v9zHYaNPgZM58Y0907dqAQJwVS+3fRG5
X51XCJhlxFnL9zin0wwClZzp6BHlF79wX7eK0EyeJUnoj/in+Pgk//D1Zm0Gsj9w
/d9/cbEcAJi2XLLa1sXAekNLEIY4x+ScqpeD9fnAoI/jVTpamz5GRC3hEk95lRv4
KOXksZaMfmsENwoxVHbabcY/CZSz4ZXqsqihxVxUpEUQVPJANuCPCgQxgaEdFi7b
aaihqwPIyzZZt5gR8pkcFY8p8tues60UCp4+yJY5DSomYFk5XqQ8t1/5pabVBT3h
KYh8iCDsc0Zx4UmgxVLHntawgdiBHsK60ZUhURkCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBS01CXXv3RoAz2xf8tPvNP6r8F/wDAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvYzIxYjQ0MzAtNmRmNC00MTFlLWFmODktZTZmMGEyYjliNmY2LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAhL2dDANBgkqhkiG9w0BAQsFAAOCAQEAFNtMpIV6RoRZEaAXAlt4IImbEG0X
oxo3wy7NlvKGp56wznPkipMIXGCH97m2PXV/7uHceWEKAEO/geZChjL0PjDUgNlX
L8nHajFsPj0tWecsC4axU/Z1jtn9Vkz7ft2Yc53Na8dUMn3IHoK3g575B7dBo08y
jvbm0j/5kf6GlU7PlU5BxjaQeVvcNxUbFbsRIUfgVhfuvzpIjY66PX9M5EG7o5yf
UaCjZW7N4V7ZSItA9SnbtDRzxA1zE6bLKjGCWKx9iyrDCDyIlG+9QWPjIrwoO/Kc
glxi6qmB26bCiwWcEGFFSsF/qoyq+KolizWJhJNJBorXyyUi4s+Mk/UPsQ==
-----END CERTIFICATE-----