Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa
File:                     5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa (raw, json)
Hash identifier:          CwiEUC+JjHtafNBRIVNSkLpb8fcSMml4mCESmontADE=
Subject key identifier:   31:40:34:44:D5:3C:80:81:79:78:44:D0:4B:36:5A:A9:2B:1F:A8:D3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68CC4EFD11F7C1922951F5B19E5F8A07F1891E9E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa
Signing time:             Tue 19 May 2026 02:31:12 +0000
ROA not before:           Tue 19 May 2026 02:31:12 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.70.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:cc:4e:fd:11:f7:c1:92:29:51:f5:b1:9e:5f:8a:07:f1:89:1e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 02:31:12 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=fb2ee7a17c2126af928649c0f021baac56fd7f41884ee599105f309205c72440, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f3:d2:d9:0d:54:58:9b:35:3f:ba:96:e3:fc:
                    ae:91:71:73:ad:1d:a0:c2:2c:5e:ea:aa:c9:ba:c8:
                    16:2a:f2:07:d0:e7:f0:03:a5:4a:6f:02:a4:ef:ee:
                    85:71:12:01:33:21:9e:32:ea:32:de:30:6b:97:d1:
                    6b:f8:d4:1e:15:b0:4b:0d:74:da:5a:f8:aa:16:88:
                    20:8a:d8:4f:f7:17:27:e9:fa:24:ec:19:f1:6f:cc:
                    1e:47:66:b7:55:2b:2b:c2:77:99:56:18:d1:79:a8:
                    d9:5b:a2:c2:9e:63:2c:ef:d0:ba:35:dc:f7:57:67:
                    a6:85:27:7f:c7:56:2a:f2:24:4a:17:b1:ab:fe:0b:
                    12:d2:05:7f:11:26:93:4f:2f:ce:9e:77:54:ad:d1:
                    c9:d6:17:ae:82:24:56:8a:c2:e9:a1:9a:38:03:71:
                    41:7c:44:ac:4e:49:fd:05:fc:0d:66:6c:d6:65:ab:
                    6d:6d:b6:2a:4f:77:fa:c2:d3:71:3c:83:f2:d5:23:
                    b7:57:57:55:8c:d7:0c:00:f4:83:a2:96:d8:c9:18:
                    cf:29:0b:86:a3:8d:f9:18:d5:04:cd:31:9e:30:cb:
                    6c:42:38:8d:3f:37:b3:1e:b9:fe:10:53:f8:25:6e:
                    ff:eb:18:57:89:8c:36:1c:0e:69:a7:a7:d9:dc:a7:
                    47:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:40:34:44:D5:3C:80:81:79:78:44:D0:4B:36:5A:A9:2B:1F:A8:D3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.70.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         09:a8:fd:7a:70:a7:54:fd:8d:08:08:d2:fa:e7:43:36:20:b0:
         bc:15:f0:09:73:c9:a8:07:f4:27:54:8c:39:5e:d3:78:4e:eb:
         19:9a:66:93:1c:86:35:e7:28:a4:96:0a:7c:4e:88:99:ca:1d:
         2e:ed:5e:22:1a:e9:6c:80:e7:75:57:14:0d:b6:ca:c0:a7:f9:
         55:4b:ae:82:ee:d3:28:e3:68:5a:b4:01:34:0a:cd:fe:4c:e8:
         70:9f:75:67:19:16:c2:32:a1:90:74:83:c0:b4:e8:dc:77:6f:
         fa:c1:97:2b:df:f4:d8:13:a3:36:3b:52:0b:53:64:ad:98:e0:
         ca:1a:0d:62:98:89:62:b1:3b:e3:cd:bc:79:6a:fb:8a:58:69:
         3d:a3:2c:c0:29:37:b6:68:b6:f4:3d:d4:c7:fa:b1:78:66:bc:
         f7:eb:66:59:69:87:a4:58:14:7c:a1:62:fe:6e:02:1d:2d:0d:
         f3:fd:2c:fa:e6:23:49:8d:bb:0c:d2:7c:4a:f8:97:4c:a6:98:
         69:1d:84:04:18:e8:cb:98:60:78:57:c3:f5:d2:a6:2b:52:05:
         7f:30:00:d8:52:77:88:71:92:3b:e9:e8:c3:60:2a:58:3a:34:
         e6:60:cc:3a:e2:f3:8a:1c:29:58:1b:4d:19:09:da:11:3e:09:
         a8:d2:2e:d4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaMxO/RH3wZIpUfWxnl+KB/GJHp4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDIzMTEyWhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYjJlZTdhMTdjMjEyNmFmOTI4NjQ5YzBmMDIxYmFhYzU2
ZmQ3ZjQxODg0ZWU1OTkxMDVmMzA5MjA1YzcyNDQwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW89LZDVRYmzU/upbj/K6RcXOtHaDCLF7qqsm6yBYq8gfQ
5/ADpUpvAqTv7oVxEgEzIZ4y6jLeMGuX0Wv41B4VsEsNdNpa+KoWiCCK2E/3Fyfp
+iTsGfFvzB5HZrdVKyvCd5lWGNF5qNlbosKeYyzv0Lo13PdXZ6aFJ3/HViryJEoX
sav+CxLSBX8RJpNPL86ed1St0cnWF66CJFaKwumhmjgDcUF8RKxOSf0F/A1mbNZl
q21ttipPd/rC03E8g/LVI7dXV1WM1wwA9IOiltjJGM8pC4ajjfkY1QTNMZ4wy2xC
OI0/N7Meuf4QU/glbv/rGFeJjDYcDmmnp9ncp0ctAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMUA0RNU8gIF5eETQSzZaqSsfqNMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVmNWVjMjY5LTQyMjMtNGE5Ny05Yzc0LTIyMjdkYzFmMWIxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESRjANBgkqhkiG9w0BAQsFAAOCAQEACaj9enCnVP2NCAjS+udDNiCwvBXw
CXPJqAf0J1SMOV7TeE7rGZpmkxyGNecopJYKfE6ImcodLu1eIhrpbIDndVcUDbbK
wKf5VUuugu7TKONoWrQBNArN/kzocJ91ZxkWwjKhkHSDwLTo3Hdv+sGXK9/02BOj
NjtSC1NkrZjgyhoNYpiJYrE74828eWr7ilhpPaMswCk3tmi29D3Ux/qxeGa89+tm
WWmHpFgUfKFi/m4CHS0N8/0s+uYjSY27DNJ8SviXTKaYaR2EBBjoy5hgeFfD9dKm
K1IFfzAA2FJ3iHGSO+now2AqWDo05mDMOuLzihwpWBtNGQnaET4JqNIu1A==
-----END CERTIFICATE-----