Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d5ff663c-6577-4c42-9b77-ee5cef5cc05a.roa
File:                     d5ff663c-6577-4c42-9b77-ee5cef5cc05a.roa (raw, json)
Hash identifier:          NfrrRFziQ9FO6+lDCh0DKQ5XussZR6kFIFFIZnFUnK4=
Subject key identifier:   9A:AB:43:B2:76:9D:E9:9E:85:7E:88:70:72:80:2F:12:81:CD:23:67
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       12DB42A739F88931ED14DFF1A6D4F1DF0A62F214
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d5ff663c-6577-4c42-9b77-ee5cef5cc05a.roa
Signing time:             Tue 28 Oct 2025 01:10:14 +0000
ROA not before:           Tue 28 Oct 2025 01:10:14 +0000
ROA not after:            Tue 02 Dec 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        18.96.0.0/14 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:db:42:a7:39:f8:89:31:ed:14:df:f1:a6:d4:f1:df:0a:62:f2:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 28 01:10:14 2025 GMT
            Not After : Dec  2 23:59:59 2025 GMT
        Subject: serialNumber=d691b88075370f0bf04dd97677cc0f23561ee5a95cc44ef01753c9fb20c02fd5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:52:62:f9:d6:e6:3b:f4:98:fc:b0:bd:12:0d:
                    d3:43:11:32:12:c7:be:84:0a:c2:5f:62:64:c7:84:
                    73:60:db:ef:02:04:d3:19:10:87:51:35:fa:4b:93:
                    71:ac:65:ff:e8:93:d6:f7:a1:ce:8f:2f:a6:4b:42:
                    bd:c6:39:1e:20:2c:49:1b:1e:ae:b5:65:64:f4:46:
                    98:74:d4:a8:d9:ed:39:d5:52:22:3c:08:e9:04:1a:
                    d2:16:b0:bc:0c:22:f5:a2:be:0a:96:42:e0:9e:a3:
                    17:a1:0e:a0:af:37:34:64:f8:bb:cd:85:36:4e:f3:
                    27:67:85:64:69:de:62:4a:d0:cb:ae:af:36:d2:d3:
                    af:82:eb:84:bf:3b:88:73:4b:05:b5:44:fc:f0:9d:
                    7a:41:e4:47:79:e7:53:fe:6a:ba:e8:93:08:4c:f1:
                    62:30:9c:f8:da:8a:f9:45:2f:e4:73:3a:11:5c:30:
                    d9:43:3b:3d:b6:56:cb:d4:eb:de:68:ea:0d:2c:8e:
                    85:b9:54:69:fc:2c:ca:60:49:85:dc:19:e3:80:ce:
                    78:40:d6:bc:d5:1e:a5:f8:c4:0a:e2:03:aa:64:f5:
                    f9:dd:d8:f4:73:18:e7:d7:9b:56:dd:2c:cf:34:0f:
                    fa:d4:ed:89:34:e4:bf:ae:06:50:8f:ba:cb:d0:f3:
                    66:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:AB:43:B2:76:9D:E9:9E:85:7E:88:70:72:80:2F:12:81:CD:23:67
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d5ff663c-6577-4c42-9b77-ee5cef5cc05a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.96.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         31:fc:7b:2f:30:99:7b:89:34:c6:18:e7:9c:50:73:0e:d5:03:
         5d:37:f1:3a:88:ce:81:d7:b9:92:6f:98:5e:12:5a:0e:25:69:
         c2:ff:57:89:b5:6f:7b:1b:f1:a5:eb:44:d5:48:3b:2f:13:0d:
         c9:d1:61:45:39:c5:da:04:4e:91:9f:d9:11:28:15:48:26:23:
         b4:d8:be:b0:19:5c:d7:e5:c0:1e:ec:64:28:c7:fc:8a:9b:6e:
         7a:e3:cd:e3:fe:5e:ab:86:f2:47:c1:a4:68:3b:a5:ef:ba:d6:
         1c:d0:e4:b4:d0:84:d4:6d:b8:ea:07:c0:44:fd:9d:ec:14:0d:
         bd:62:a1:e0:17:b3:82:46:dc:6e:16:75:eb:b7:fb:3b:6e:ff:
         93:3c:cf:ef:5c:d7:80:65:5f:00:96:fc:52:92:29:c7:5a:e6:
         0b:d1:5f:fd:69:65:cf:8e:8e:7e:4a:44:7a:fc:30:b3:14:80:
         05:e3:21:14:6d:1f:44:c1:9d:cf:41:d2:b8:e2:a9:6a:32:7a:
         bf:e4:b8:6f:94:c4:2f:cc:e3:8f:25:2a:72:8e:e4:e7:fa:72:
         35:25:3f:72:5c:cb:4e:28:c7:46:5a:40:36:e7:45:e8:1d:24:
         f5:71:dc:98:3f:32:3a:0a:6f:94:27:1d:97:d6:0f:7c:fa:9e:
         8f:dd:cd:2c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEttCpzn4iTHtFN/xptTx3wpi8hQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDI4MDExMDE0WhcNMjUxMjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjkxYjg4MDc1MzcwZjBiZjA0ZGQ5NzY3N2NjMGYyMzU2
MWVlNWE5NWNjNDRlZjAxNzUzYzlmYjIwYzAyZmQ1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHUmL51uY79Jj8sL0SDdNDETISx76ECsJfYmTHhHNg2+8C
BNMZEIdRNfpLk3GsZf/ok9b3oc6PL6ZLQr3GOR4gLEkbHq61ZWT0Rph01KjZ7TnV
UiI8COkEGtIWsLwMIvWivgqWQuCeoxehDqCvNzRk+LvNhTZO8ydnhWRp3mJK0Muu
rzbS06+C64S/O4hzSwW1RPzwnXpB5Ed551P+arrokwhM8WIwnPjaivlFL+RzOhFc
MNlDOz22VsvU695o6g0sjoW5VGn8LMpgSYXcGeOAznhA1rzVHqX4xAriA6pk9fnd
2PRzGOfXm1bdLM80D/rU7Yk05L+uBlCPusvQ82bPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmqtDsnad6Z6FfohwcoAvEoHNI2cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q1ZmY2NjNjLTY1NzctNGM0Mi05Yjc3LWVlNWNlZjVjYzA1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISYDANBgkqhkiG9w0BAQsFAAOCAQEAMfx7LzCZe4k0xhjnnFBzDtUDXTfx
OojOgde5km+YXhJaDiVpwv9XibVvexvxpetE1Ug7LxMNydFhRTnF2gROkZ/ZESgV
SCYjtNi+sBlc1+XAHuxkKMf8iptueuPN4/5eq4byR8GkaDul77rWHNDktNCE1G24
6gfARP2d7BQNvWKh4BezgkbcbhZ167f7O27/kzzP71zXgGVfAJb8UpIpx1rmC9Ff
/Wllz46OfkpEevwwsxSABeMhFG0fRMGdz0HSuOKpajJ6v+S4b5TEL8zjjyUqco7k
5/pyNSU/clzLTijHRlpANudF6B0k9XHcmD8yOgpvlCcdl9YPfPqej93NLA==
-----END CERTIFICATE-----