Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
File:                     e4615e61-d476-459e-a1c0-ba780d645b1f.roa (raw, json)
Hash identifier:          JeKFp9AAWNQ5W19WCMWWujzGDd4eM1Zu7FS9CZW+xXU=
Subject key identifier:   19:1F:CA:AB:D0:09:97:A3:C6:02:98:F7:CB:FD:47:EC:7A:60:60:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1AE0C39C6F44B69FAD5EBC369E867A41FABF0640
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
Signing time:             Sun 02 Nov 2025 00:50:40 +0000
ROA not before:           Sun 02 Nov 2025 00:50:40 +0000
ROA not after:            Sun 07 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.60.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e0:c3:9c:6f:44:b6:9f:ad:5e:bc:36:9e:86:7a:41:fa:bf:06:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  2 00:50:40 2025 GMT
            Not After : Dec  7 23:59:59 2025 GMT
        Subject: serialNumber=b9db4df5aacc93f2bd438737047ad894b9bac3905220236d3c938fd039c93de5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2b:ef:d1:b7:a5:b6:91:31:e9:d1:1d:87:92:
                    54:60:8b:8e:42:eb:7b:0d:aa:b0:cb:76:23:d2:a1:
                    ee:6f:9b:d4:89:ee:4d:97:62:d8:1b:fc:2f:7d:25:
                    c2:c6:1a:45:7c:79:8c:48:77:9f:1b:82:5c:e0:4d:
                    a4:57:a2:7b:9f:57:6f:07:96:0b:74:37:69:78:93:
                    50:cc:48:e9:8a:ba:18:3b:a4:b1:65:96:7e:7a:c5:
                    ec:8e:76:2e:36:d9:72:42:5f:ee:15:31:85:fe:1a:
                    3b:cb:ac:65:0c:7e:fa:48:08:e9:c4:11:74:35:c1:
                    9b:42:c6:5a:a6:b5:67:b5:0c:d9:ab:34:33:33:b1:
                    a8:fc:63:76:8a:28:e6:1c:ae:2a:cd:5f:d8:a9:03:
                    eb:0f:02:a2:a5:e5:bb:db:36:db:3b:e2:2e:81:e6:
                    1f:ae:3f:72:72:fd:af:87:73:ef:6a:8e:d7:c9:c0:
                    2d:79:50:16:90:a7:98:f6:f6:68:4a:fc:54:cd:87:
                    0e:7e:21:69:2f:51:10:fd:00:86:c3:e7:83:91:69:
                    98:92:c2:93:c9:d0:db:cd:74:8b:bf:d0:65:bf:64:
                    7a:5c:0f:8f:d1:a8:8a:b1:bb:7f:c9:21:bb:89:a8:
                    8e:4c:82:34:88:33:51:43:79:27:1d:c1:c0:39:df:
                    98:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:1F:CA:AB:D0:09:97:A3:C6:02:98:F7:CB:FD:47:EC:7A:60:60:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.60.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:8f:4b:ac:24:76:2f:34:27:1b:e6:b5:94:3e:b2:34:97:19:
         1f:d6:ec:6d:74:ee:3e:a5:1b:06:b0:35:f8:92:af:00:de:10:
         a1:b3:c9:3b:ea:d0:49:7f:41:1b:86:99:f0:19:80:01:f0:89:
         c6:76:b6:93:e7:fc:c4:0e:3b:64:fa:77:78:2a:6e:f9:e7:59:
         98:f5:99:59:68:b6:a0:84:5f:ba:d0:06:00:ab:0d:c4:43:6a:
         98:73:99:45:e7:58:a6:5e:df:3f:49:88:08:bc:d0:31:98:bb:
         e0:80:d9:7f:92:77:95:15:13:22:aa:8e:97:47:51:fe:3c:48:
         74:22:8f:db:c7:e1:af:26:81:de:a2:31:68:96:d5:95:6b:a9:
         11:18:0e:94:39:0e:64:79:f6:32:eb:69:cf:e1:b7:1a:d2:81:
         8b:41:67:da:0a:3e:4e:64:f6:ac:13:c8:e9:74:fd:1d:49:80:
         05:30:37:96:b1:b8:5d:7d:42:2d:21:cd:9a:af:ae:55:0d:bd:
         88:45:a7:de:cd:bd:73:60:7d:78:ee:3d:a1:0c:f2:16:09:0d:
         65:bc:06:1f:cd:c4:d5:7f:f6:85:71:7e:02:04:52:85:69:77:
         e7:59:58:9e:99:79:cc:1d:ff:dc:1c:f8:a2:27:9c:8a:ad:7a:
         1c:74:b7:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGuDDnG9Etp+tXrw2noZ6Qfq/BkAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTAyMDA1MDQwWhcNMjUxMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOWRiNGRmNWFhY2M5M2YyYmQ0Mzg3MzcwNDdhZDg5NGI5
YmFjMzkwNTIyMDIzNmQzYzkzOGZkMDM5YzkzZGU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6K+/Rt6W2kTHp0R2HklRgi45C63sNqrDLdiPSoe5vm9SJ
7k2XYtgb/C99JcLGGkV8eYxId58bglzgTaRXonufV28Hlgt0N2l4k1DMSOmKuhg7
pLFlln56xeyOdi422XJCX+4VMYX+GjvLrGUMfvpICOnEEXQ1wZtCxlqmtWe1DNmr
NDMzsaj8Y3aKKOYcrirNX9ipA+sPAqKl5bvbNts74i6B5h+uP3Jy/a+Hc+9qjtfJ
wC15UBaQp5j29mhK/FTNhw5+IWkvURD9AIbD54ORaZiSwpPJ0NvNdIu/0GW/ZHpc
D4/RqIqxu3/JIbuJqI5MgjSIM1FDeScdwcA535jZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGR/Kq9AJl6PGApj3y/1H7HpgYN0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U0NjE1ZTYxLWQ0NzYtNDU5ZS1hMWMwLWJhNzgwZDY0NWIxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESPEwwDQYJKoZIhvcNAQELBQADggEBAEqPS6wkdi80JxvmtZQ+sjSXGR/W
7G107j6lGwawNfiSrwDeEKGzyTvq0El/QRuGmfAZgAHwicZ2tpPn/MQOO2T6d3gq
bvnnWZj1mVlotqCEX7rQBgCrDcRDaphzmUXnWKZe3z9JiAi80DGYu+CA2X+Sd5UV
EyKqjpdHUf48SHQij9vH4a8mgd6iMWiW1ZVrqREYDpQ5DmR59jLrac/htxrSgYtB
Z9oKPk5k9qwTyOl0/R1JgAUwN5axuF19Qi0hzZqvrlUNvYhFp97NvXNgfXjuPaEM
8hYJDWW8Bh/NxNV/9oVxfgIEUoVpd+dZWJ6Zecwd/9wc+KInnIqtehx0t+Q=
-----END CERTIFICATE-----