Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa
File:                     f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa (raw, json)
Hash identifier:          6XDFboZlw8nl3Z0o8GEMKnUmYdyk+h9XLdCg/+E1ewc=
Subject key identifier:   CB:A9:7D:67:2C:BA:79:35:94:FF:35:F2:2E:A0:23:1A:D6:76:AE:7E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       360E200516A652B3787EB55E0AB834253694D403
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa
Signing time:             Mon 16 Jun 2025 17:30:21 +0000
ROA not before:           Mon 16 Jun 2025 17:30:21 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.252.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 01 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:0e:20:05:16:a6:52:b3:78:7e:b5:5e:0a:b8:34:25:36:94:d4:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 16 17:30:21 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=ca47e9ac1319e91e52fdbd18c37dd373e6ecff1f6475984a733efa24b7bda7c7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:33:f1:6e:d0:01:4b:ec:51:65:82:a4:cd:96:
                    74:86:14:4b:8e:4b:d7:72:8d:de:2c:f7:14:e3:cb:
                    58:1d:17:37:b7:05:36:24:39:3b:c2:34:de:ac:65:
                    45:d9:9a:2e:84:6e:20:9a:bc:07:a5:56:43:47:a1:
                    68:23:08:2f:fd:94:16:5d:85:33:91:d6:9c:75:b5:
                    39:20:d1:29:0d:43:be:ca:02:6c:3f:f6:31:8b:65:
                    91:b7:ba:fb:7f:ab:73:92:78:1b:11:62:cb:f2:54:
                    06:07:4b:37:f1:d0:24:51:78:7d:97:f4:95:7c:cf:
                    d1:3b:8b:21:05:6f:ac:fe:96:7c:fb:7a:48:9a:63:
                    4f:9c:80:c6:69:01:ee:b2:05:75:88:5f:43:89:32:
                    fa:61:ab:bc:1d:1c:3d:fb:e2:23:f9:f6:a6:fd:c1:
                    b2:09:30:80:55:41:3b:65:6d:33:45:ff:cd:00:22:
                    2f:2a:45:c0:4a:c5:cb:2c:c3:a4:7e:9f:fc:7b:7f:
                    27:f7:10:5d:ce:d9:11:b4:00:b3:a8:e8:50:d7:9a:
                    fe:23:d4:f2:f0:00:6e:98:fe:c2:af:03:2e:64:dd:
                    99:cc:45:ea:07:07:c4:a6:9f:77:37:48:21:6e:9f:
                    9d:eb:9d:17:85:fa:04:1a:d5:64:b0:8b:51:ce:95:
                    10:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A9:7D:67:2C:BA:79:35:94:FF:35:F2:2E:A0:23:1A:D6:76:AE:7E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7ca7e8e-7968-4cd8-bb34-8c21062b40f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:3c:31:e1:21:b7:a4:2c:86:e0:97:d8:b4:75:9a:ff:2c:0d:
         95:2b:45:74:be:db:71:91:2f:4a:b0:cf:8f:22:b4:69:d1:9d:
         21:0e:0c:4b:74:75:82:e1:af:f8:35:33:4c:50:38:40:34:09:
         0a:17:12:e0:f9:81:25:62:86:cc:b0:80:fc:8f:20:4f:b7:59:
         e2:d7:ea:ec:08:68:2b:c0:59:d8:9a:d6:56:21:ca:91:ef:6a:
         ba:33:ba:f0:e1:38:d3:d4:5d:08:d8:3c:75:79:e5:c8:9d:1d:
         f4:7e:17:17:45:bf:ad:56:b4:df:f9:20:9b:5a:3b:2b:ad:f1:
         4d:8b:8d:43:a3:ee:a9:a8:08:a1:79:7f:e4:e2:9b:42:35:c3:
         18:8b:b4:42:dd:1d:6a:2e:81:68:61:3e:33:7b:ab:12:cf:42:
         e5:25:d1:92:e1:e9:8c:8c:63:63:86:30:a2:24:1c:dd:47:63:
         4f:db:5d:24:f2:68:96:34:2e:dc:13:67:b4:12:23:77:96:fd:
         32:f7:a2:ab:f1:b5:ac:ff:41:5b:de:25:2b:c9:81:94:f2:ea:
         61:e4:b9:d0:a2:dc:35:02:3e:df:5a:b2:3d:e8:2f:7c:13:57:
         ba:9c:10:5d:ae:f8:18:69:de:ae:21:91:c7:11:4c:c2:6a:8b:
         cf:9b:ab:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNg4gBRamUrN4frVeCrg0JTaU1AMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjE2MTczMDIxWhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTQ3ZTlhYzEzMTllOTFlNTJmZGJkMThjMzdkZDM3M2U2
ZWNmZjFmNjQ3NTk4NGE3MzNlZmEyNGI3YmRhN2M3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAM/Fu0AFL7FFlgqTNlnSGFEuOS9dyjd4s9xTjy1gdFze3
BTYkOTvCNN6sZUXZmi6EbiCavAelVkNHoWgjCC/9lBZdhTOR1px1tTkg0SkNQ77K
Amw/9jGLZZG3uvt/q3OSeBsRYsvyVAYHSzfx0CRReH2X9JV8z9E7iyEFb6z+lnz7
ekiaY0+cgMZpAe6yBXWIX0OJMvphq7wdHD374iP59qb9wbIJMIBVQTtlbTNF/80A
Ii8qRcBKxcssw6R+n/x7fyf3EF3O2RG0ALOo6FDXmv4j1PLwAG6Y/sKvAy5k3ZnM
ReoHB8Smn3c3SCFun53rnReF+gQa1WSwi1HOlRCBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUy6l9Zyy6eTWU/zXyLqAjGtZ2rn4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3Y2E3ZThlLTc5NjgtNGNkOC1iYjM0LThjMjEwNjJiNDBmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAS/DANBgkqhkiG9w0BAQsFAAOCAQEAUTwx4SG3pCyG4JfYtHWa/ywNlStF
dL7bcZEvSrDPjyK0adGdIQ4MS3R1guGv+DUzTFA4QDQJChcS4PmBJWKGzLCA/I8g
T7dZ4tfq7AhoK8BZ2JrWViHKke9qujO68OE409RdCNg8dXnlyJ0d9H4XF0W/rVa0
3/kgm1o7K63xTYuNQ6PuqagIoXl/5OKbQjXDGIu0Qt0dai6BaGE+M3urEs9C5SXR
kuHpjIxjY4YwoiQc3UdjT9tdJPJoljQu3BNntBIjd5b9Mveiq/G1rP9BW94lK8mB
lPLqYeS50KLcNQI+31qyPegvfBNXupwQXa74GGneriGRxxFMwmqLz5ur6w==
-----END CERTIFICATE-----