Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
File:                     e4615e61-d476-459e-a1c0-ba780d645b1f.roa (raw, json)
Hash identifier:          KJvqoqgLZXfr/H3NoNN+27Mu5GhKTI0mDuT+zJyMGkc=
Subject key identifier:   71:FB:72:77:96:1E:D4:9C:AB:6B:FF:12:6D:F7:7A:15:44:6C:A9:DF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7800C5E90E74614093CDCF28EE190BF9603C390F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
Signing time:             Wed 08 Oct 2025 00:59:44 +0000
ROA not before:           Wed 08 Oct 2025 00:59:44 +0000
ROA not after:            Wed 12 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.60.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:00:c5:e9:0e:74:61:40:93:cd:cf:28:ee:19:0b:f9:60:3c:39:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct  8 00:59:44 2025 GMT
            Not After : Nov 12 23:59:59 2025 GMT
        Subject: serialNumber=2a2ef6796e04ffbf94df8f507ecd6d45589d8706c3848fd8835433cdb004ce24, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:16:98:fb:c2:89:a6:a3:5f:6c:1c:a4:7b:09:
                    6d:09:38:b6:af:72:9d:47:da:04:20:c9:a6:12:02:
                    0b:d5:da:ec:25:96:21:72:1f:56:f7:e6:43:4d:5b:
                    98:60:c8:0b:f1:40:50:4d:0b:48:85:8b:47:60:43:
                    d4:55:e2:8a:58:fa:a4:23:07:c4:53:96:ff:d7:10:
                    35:2d:d5:41:cb:11:3e:c7:5c:76:0c:1f:4b:35:9a:
                    97:5f:c1:5f:04:a0:f4:a1:97:c2:cb:8e:ee:c6:32:
                    4e:22:f3:3e:61:d4:db:93:ba:d6:81:af:ef:74:62:
                    a3:b2:ef:a9:37:87:95:84:0f:10:79:4b:c6:89:32:
                    46:c4:69:e6:e1:54:83:86:af:46:6c:02:d8:64:94:
                    d1:d0:07:04:9a:2a:47:b1:ff:d0:dc:02:dc:c5:b1:
                    b6:46:00:0e:cb:0f:64:7b:28:be:51:4d:eb:fa:b8:
                    11:47:62:40:5d:83:e9:70:e7:a1:99:c6:cf:68:d7:
                    3c:02:64:c2:38:bd:0f:f7:f5:1d:b2:c4:6f:2a:48:
                    a6:e8:6c:5d:f9:42:05:94:4e:e7:1b:9e:e6:52:d7:
                    35:e4:74:1c:af:f9:17:d6:02:2a:fd:e7:fa:e2:13:
                    53:66:69:f2:d2:8b:f3:2b:d9:1b:53:c3:df:2d:79:
                    64:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FB:72:77:96:1E:D4:9C:AB:6B:FF:12:6D:F7:7A:15:44:6C:A9:DF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.60.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:ee:da:f6:e5:2b:35:57:fd:03:ae:8d:61:ae:7c:95:85:e9:
         ab:2e:d1:10:c1:ed:84:10:4a:07:1f:96:10:01:cb:16:41:82:
         80:55:c4:88:f8:98:0e:a7:45:1c:7d:36:a9:90:35:92:c1:0d:
         d9:21:ce:be:c0:2c:c9:41:1e:85:57:8e:18:11:eb:0b:79:8c:
         45:54:68:7b:16:45:dc:3a:8d:12:19:d6:ac:0a:30:43:41:6f:
         71:16:7d:8a:f1:cb:bf:19:c9:90:64:f8:5e:f6:9b:be:ba:f0:
         ce:c8:b0:28:1a:c4:c1:3f:63:f8:12:76:4e:0c:4a:63:65:1c:
         f6:94:93:33:d2:d2:e5:49:9f:a9:64:d8:bb:64:4f:3d:d0:34:
         14:a9:7e:5d:97:9f:c0:2d:67:30:d1:a6:fd:39:53:06:bd:ad:
         e3:34:10:c6:35:7b:1c:e7:59:74:ed:34:73:1f:0b:62:be:b6:
         d7:62:70:da:8d:04:ca:73:f7:02:ca:13:66:17:14:6d:ce:19:
         e7:e9:03:45:29:a3:46:1b:ff:39:fa:02:ae:6a:a5:01:cc:88:
         06:d5:20:7b:c9:6a:3e:a8:ac:25:5c:95:ac:ae:00:35:d8:56:
         c5:fc:cc:81:d1:8b:76:75:2d:d4:cd:0d:dc:5e:56:3c:77:ca:
         bd:20:a7:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeADF6Q50YUCTzc8o7hkL+WA8OQ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDA4MDA1OTQ0WhcNMjUxMTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTJlZjY3OTZlMDRmZmJmOTRkZjhmNTA3ZWNkNmQ0NTU4
OWQ4NzA2YzM4NDhmZDg4MzU0MzNjZGIwMDRjZTI0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4Fpj7wommo19sHKR7CW0JOLavcp1H2gQgyaYSAgvV2uwl
liFyH1b35kNNW5hgyAvxQFBNC0iFi0dgQ9RV4opY+qQjB8RTlv/XEDUt1UHLET7H
XHYMH0s1mpdfwV8EoPShl8LLju7GMk4i8z5h1NuTutaBr+90YqOy76k3h5WEDxB5
S8aJMkbEaebhVIOGr0ZsAthklNHQBwSaKkex/9DcAtzFsbZGAA7LD2R7KL5RTev6
uBFHYkBdg+lw56GZxs9o1zwCZMI4vQ/39R2yxG8qSKbobF35QgWUTucbnuZS1zXk
dByv+RfWAir95/riE1NmafLSi/Mr2RtTw98teWRdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcftyd5Ye1Jyra/8Sbfd6FURsqd8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U0NjE1ZTYxLWQ0NzYtNDU5ZS1hMWMwLWJhNzgwZDY0NWIxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESPEwwDQYJKoZIhvcNAQELBQADggEBALPu2vblKzVX/QOujWGufJWF6asu
0RDB7YQQSgcflhAByxZBgoBVxIj4mA6nRRx9NqmQNZLBDdkhzr7ALMlBHoVXjhgR
6wt5jEVUaHsWRdw6jRIZ1qwKMENBb3EWfYrxy78ZyZBk+F72m7668M7IsCgaxME/
Y/gSdk4MSmNlHPaUkzPS0uVJn6lk2LtkTz3QNBSpfl2Xn8AtZzDRpv05Uwa9reM0
EMY1exznWXTtNHMfC2K+ttdicNqNBMpz9wLKE2YXFG3OGefpA0Upo0Yb/zn6Aq5q
pQHMiAbVIHvJaj6orCVclayuADXYVsX8zIHRi3Z1LdTNDdxeVjx3yr0gp6s=
-----END CERTIFICATE-----