Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478d6452-7f3d-4b30-8946-9237c1b66731.roa
File:                     478d6452-7f3d-4b30-8946-9237c1b66731.roa (raw, json)
Hash identifier:          o5h+loixO4t/fdNRmJFdC1srnqzNMcxHIoRZ8W9AZDY=
Subject key identifier:   EE:74:28:92:32:71:78:BA:CB:5E:A7:2C:45:24:AB:74:4C:F2:E7:2F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       41400E68305B921C073E54C047459A95640915BA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478d6452-7f3d-4b30-8946-9237c1b66731.roa
Signing time:             Tue 19 May 2026 03:31:56 +0000
ROA not before:           Tue 19 May 2026 03:31:56 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.100.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:40:0e:68:30:5b:92:1c:07:3e:54:c0:47:45:9a:95:64:09:15:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 03:31:56 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=7d4b9e62cc912d7d08177cf3727af50131b688acb1428f5c962205446c63263d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:88:d6:b8:4f:04:79:d4:07:c9:be:29:0f:d3:
                    32:8e:9a:75:72:ae:82:7d:d9:af:06:ca:5b:6c:2c:
                    2a:d9:a1:c3:84:cb:91:c5:53:cd:1b:08:db:cd:24:
                    c0:fc:a6:b7:84:63:fd:36:50:9b:d4:c0:a7:ff:1b:
                    34:a1:f0:57:e8:7b:56:2e:dc:82:d7:97:96:72:6f:
                    91:ef:ea:ae:1b:af:be:71:eb:8f:33:9a:08:89:c0:
                    11:7c:95:eb:b4:0a:fe:25:26:7f:05:b7:a7:8e:50:
                    ba:60:fd:ff:ee:0f:30:7f:3f:2a:8d:b3:3d:f2:ca:
                    9a:7e:18:58:fd:bd:af:76:da:22:f2:31:a5:cc:4a:
                    78:f3:2c:47:c5:67:5f:7c:f3:1e:a1:1f:6e:72:70:
                    ca:98:5c:25:ea:ce:e8:ec:48:a8:31:da:a3:9f:c5:
                    3c:4b:87:73:bf:7c:62:46:50:2d:c1:95:dc:aa:a9:
                    3a:05:d2:5f:24:b7:a1:9c:15:67:69:d2:10:1b:11:
                    15:e5:03:da:b8:9e:fd:59:5f:fa:34:53:56:9f:29:
                    bf:9f:7d:9e:b1:7f:31:ce:56:fe:a6:82:f2:b5:1f:
                    b1:ee:b9:e9:cc:21:27:3e:86:c8:7c:a6:5b:fa:03:
                    96:2c:29:08:21:12:f6:27:28:d3:b4:ad:be:36:7d:
                    b2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:74:28:92:32:71:78:BA:CB:5E:A7:2C:45:24:AB:74:4C:F2:E7:2F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478d6452-7f3d-4b30-8946-9237c1b66731.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.100.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:16:09:1b:69:67:1c:bf:a2:0c:a6:da:a4:19:7b:1c:13:f8:
         3a:21:5f:4e:80:40:29:66:ae:9f:e1:89:35:12:59:0c:b9:b2:
         be:82:5e:4d:dd:64:c2:46:53:d3:31:b6:34:92:a5:3e:e5:60:
         ea:81:97:0a:79:0b:f4:d4:12:ec:6e:09:37:0c:dd:4d:12:46:
         42:6e:b9:82:12:92:8f:95:01:2a:c5:01:f1:85:0c:fe:71:83:
         78:95:63:76:13:7c:ac:4c:90:9d:97:d2:9c:2b:75:ea:7d:f3:
         89:5e:24:0e:ee:05:27:de:27:1e:5b:8d:ce:10:80:5b:43:40:
         84:fb:11:cd:d0:a2:9a:df:cf:cd:7e:d3:a8:42:49:c6:ed:8e:
         0f:fe:26:4b:09:83:82:9c:ec:a5:0f:c6:5c:0a:e0:60:c6:40:
         fa:ee:fa:a1:4c:59:62:8e:41:86:5a:0f:cd:54:b4:22:b2:b4:
         60:c0:7b:a7:b2:76:a1:cd:7f:08:4f:99:88:ba:b3:60:20:53:
         d3:be:19:8f:16:30:08:7a:eb:f3:ca:2a:e6:87:cb:5a:7e:c3:
         e8:a5:40:ff:de:4c:01:90:46:d8:e1:27:e7:15:1f:74:05:33:
         59:87:89:75:ec:4a:d8:cc:33:c6:d6:46:ae:a4:3d:30:2b:35:
         3a:32:14:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQUAOaDBbkhwHPlTAR0WalWQJFbowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDMzMTU2WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDRiOWU2MmNjOTEyZDdkMDgxNzdjZjM3MjdhZjUwMTMx
YjY4OGFjYjE0MjhmNWM5NjIyMDU0NDZjNjMyNjNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwiNa4TwR51AfJvikP0zKOmnVyroJ92a8GyltsLCrZocOE
y5HFU80bCNvNJMD8preEY/02UJvUwKf/GzSh8Ffoe1Yu3ILXl5Zyb5Hv6q4br75x
648zmgiJwBF8leu0Cv4lJn8Ft6eOULpg/f/uDzB/PyqNsz3yypp+GFj9va922iLy
MaXMSnjzLEfFZ1988x6hH25ycMqYXCXqzujsSKgx2qOfxTxLh3O/fGJGUC3Bldyq
qToF0l8kt6GcFWdp0hAbERXlA9q4nv1ZX/o0U1afKb+ffZ6xfzHOVv6mgvK1H7Hu
uenMISc+hsh8plv6A5YsKQghEvYnKNO0rb42fbI3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7nQokjJxeLrLXqcsRSSrdEzy5y8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3OGQ2NDUyLTdmM2QtNGIzMC04OTQ2LTkyMzdjMWI2NjczMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESZEowDQYJKoZIhvcNAQELBQADggEBACcWCRtpZxy/ogym2qQZexwT+Doh
X06AQClmrp/hiTUSWQy5sr6CXk3dZMJGU9MxtjSSpT7lYOqBlwp5C/TUEuxuCTcM
3U0SRkJuuYISko+VASrFAfGFDP5xg3iVY3YTfKxMkJ2X0pwrdep984leJA7uBSfe
Jx5bjc4QgFtDQIT7Ec3Qoprfz81+06hCScbtjg/+JksJg4Kc7KUPxlwK4GDGQPru
+qFMWWKOQYZaD81UtCKytGDAe6eydqHNfwhPmYi6s2AgU9O+GY8WMAh66/PKKuaH
y1p+w+ilQP/eTAGQRtjhJ+cVH3QFM1mHiXXsStjMM8bWRq6kPTArNToyFBU=
-----END CERTIFICATE-----