Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b8e8988d-131d-4d71-8592-32ba54d2aaac.roa
File:                     b8e8988d-131d-4d71-8592-32ba54d2aaac.roa (raw, json)
Hash identifier:          UCBLlCVmBEdI4rJyPjPl0FHSvO5s3UjD53bog+orYYY=
Subject key identifier:   30:A4:19:4A:01:D7:AC:C3:CE:03:01:F6:81:42:3B:B1:87:DB:27:7A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       14B4B8A85F59C9EE1720B75C99C1A3B5F975AA99
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b8e8988d-131d-4d71-8592-32ba54d2aaac.roa
Signing time:             Tue 04 Nov 2025 01:21:51 +0000
ROA not before:           Tue 04 Nov 2025 01:21:51 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.60.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:b4:b8:a8:5f:59:c9:ee:17:20:b7:5c:99:c1:a3:b5:f9:75:aa:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:21:51 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=8d8041e1988fe8dfbaa1666d00f4df4631f57fcebad2c5a1a096ca5b86dee1a4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:66:89:ed:f7:e1:9e:9d:16:8c:00:bd:8d:48:
                    40:34:cd:48:17:3b:4d:ca:6e:1a:b4:55:e9:b1:3a:
                    2e:51:79:d2:34:2b:70:13:92:43:94:d3:16:ca:ea:
                    5a:b2:31:d1:d7:b5:fc:41:b5:57:47:66:bd:cb:32:
                    52:30:df:a9:4c:73:b1:1c:b1:b0:50:a8:41:6a:32:
                    48:61:f8:58:38:4b:37:48:2f:9a:07:59:ea:31:ff:
                    0f:25:0b:98:83:a1:8b:fc:2e:18:ec:17:3b:0b:6f:
                    80:fe:c8:d0:79:7c:9c:42:0e:ed:50:f0:69:9c:ed:
                    52:c6:5a:f0:5b:0e:7f:54:c2:be:df:b3:85:59:f3:
                    ab:a8:cc:21:31:55:a5:11:3e:95:73:46:dd:a0:88:
                    2e:42:a6:ff:93:e9:89:a8:8b:8b:9f:f2:5b:56:cc:
                    ef:56:32:c4:99:fe:d1:cd:bc:62:41:b3:83:90:6d:
                    27:f8:a0:d4:85:95:f4:d1:94:83:48:83:4d:a0:27:
                    39:89:7e:ef:8a:a8:8d:3e:ec:4e:fa:12:de:eb:57:
                    82:7c:61:81:c4:b0:67:7d:ac:4a:6f:bb:d8:5c:6e:
                    2a:53:6c:51:67:16:a8:4b:98:03:10:45:4f:c2:ea:
                    c6:41:a2:59:eb:45:e7:00:2d:9e:a0:88:f7:af:7b:
                    e4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:A4:19:4A:01:D7:AC:C3:CE:03:01:F6:81:42:3B:B1:87:DB:27:7A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b8e8988d-131d-4d71-8592-32ba54d2aaac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.60.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         2b:13:2c:93:c7:e6:f7:f2:91:fb:1e:42:cd:7c:89:09:e4:9d:
         c5:00:62:99:02:ec:a7:ed:91:fa:8b:69:58:4e:33:a0:aa:1e:
         cd:a2:33:a7:e2:1a:34:0b:73:4a:05:6f:46:1c:70:6c:11:de:
         61:f7:53:21:e0:0b:a8:01:fb:9c:70:5f:50:bc:34:09:7e:e5:
         77:42:2a:e4:1c:e8:05:f4:97:30:52:65:58:dc:85:74:66:48:
         c5:27:92:85:fa:17:26:f9:25:39:75:b9:04:7a:c7:83:0a:84:
         75:89:08:38:48:e9:e0:f4:90:b6:7e:ca:dc:67:8d:e6:7c:c9:
         d1:4b:3d:3b:e4:78:30:ed:1e:d1:17:27:d7:39:ea:a7:d1:c2:
         f0:4b:68:41:01:08:a7:f6:9f:51:93:ab:11:8f:39:7d:da:24:
         e2:ac:2d:e9:36:da:95:3c:99:5b:3e:a8:16:8f:33:02:09:f1:
         52:9f:0f:b4:69:3b:91:fc:90:09:03:3b:44:fe:13:21:95:cc:
         0d:a4:13:71:88:8f:5d:f4:75:50:4d:db:b3:59:47:29:39:2e:
         aa:c4:f9:61:84:13:c6:fe:17:f4:ce:7a:98:8d:8f:29:81:24:
         0a:f1:02:1b:26:35:25:0d:b6:44:4a:86:fe:8b:5b:3a:21:a9:
         23:b2:65:a4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFLS4qF9Zye4XILdcmcGjtfl1qpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDEyMTUxWhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDgwNDFlMTk4OGZlOGRmYmFhMTY2NmQwMGY0ZGY0NjMx
ZjU3ZmNlYmFkMmM1YTFhMDk2Y2E1Yjg2ZGVlMWE0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClZont9+GenRaMAL2NSEA0zUgXO03Kbhq0VemxOi5RedI0
K3ATkkOU0xbK6lqyMdHXtfxBtVdHZr3LMlIw36lMc7EcsbBQqEFqMkhh+Fg4SzdI
L5oHWeox/w8lC5iDoYv8LhjsFzsLb4D+yNB5fJxCDu1Q8Gmc7VLGWvBbDn9Uwr7f
s4VZ86uozCExVaURPpVzRt2giC5Cpv+T6Ymoi4uf8ltWzO9WMsSZ/tHNvGJBs4OQ
bSf4oNSFlfTRlINIg02gJzmJfu+KqI0+7E76Et7rV4J8YYHEsGd9rEpvu9hcbipT
bFFnFqhLmAMQRU/C6sZBolnrRecALZ6giPeve+RNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMKQZSgHXrMPOAwH2gUI7sYfbJ3owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I4ZTg5ODhkLTEzMWQtNGQ3MS04NTkyLTMyYmE1NGQyYWFhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESPDANBgkqhkiG9w0BAQsFAAOCAQEAKxMsk8fm9/KR+x5CzXyJCeSdxQBi
mQLsp+2R+otpWE4zoKoezaIzp+IaNAtzSgVvRhxwbBHeYfdTIeALqAH7nHBfULw0
CX7ld0Iq5BzoBfSXMFJlWNyFdGZIxSeShfoXJvklOXW5BHrHgwqEdYkIOEjp4PSQ
tn7K3GeN5nzJ0Us9O+R4MO0e0Rcn1znqp9HC8EtoQQEIp/afUZOrEY85fdok4qwt
6TbalTyZWz6oFo8zAgnxUp8PtGk7kfyQCQM7RP4TIZXMDaQTcYiPXfR1UE3bs1lH
KTkuqsT5YYQTxv4X9M56mI2PKYEkCvECGyY1JQ22REqG/otbOiGpI7JlpA==
-----END CERTIFICATE-----