Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa
File:                     8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa (raw, json)
Hash identifier:          oSArhyT0ELIUk+eo8PR4T1VTgRmZsooIEG6L5sblr8k=
Subject key identifier:   60:18:88:EE:AF:AD:18:B9:E8:67:C7:11:A0:BF:06:56:B8:1E:82:4C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6C172FA82777D6C28717395DB9FCD4E7E7398C5E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa
Signing time:             Mon 29 Apr 2024 00:00:00 +0000
ROA not before:           Mon 29 Apr 2024 00:00:00 +0000
ROA not after:            Mon 03 Jun 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        18.236.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 07 May 2024 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:17:2f:a8:27:77:d6:c2:87:17:39:5d:b9:fc:d4:e7:e7:39:8c:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 29 00:00:00 2024 GMT
            Not After : Jun  3 23:59:59 2024 GMT
        Subject: serialNumber=275ce78f85cfac0a627516bfbca503eae6a159cb4723f7d1c173562bbbc23cbc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:fb:a6:d4:90:06:d2:8b:fb:58:b9:11:c6:b2:
                    a0:35:0f:a1:fc:5c:93:7c:e5:93:a7:92:dc:68:2f:
                    9e:50:1a:a8:dc:b0:33:6d:4f:39:87:6e:e5:6b:80:
                    b8:08:33:64:0d:01:36:1a:d3:10:a8:41:92:bf:af:
                    80:4e:90:0b:e7:dc:bf:07:2e:85:10:5f:60:37:46:
                    41:d8:c3:b9:69:b6:83:bc:aa:6e:c3:2c:3c:5e:4e:
                    13:de:8a:c2:6c:cc:73:c7:33:11:32:61:f1:c7:9c:
                    58:82:95:77:fe:d1:c0:ff:98:18:f3:c6:c7:59:b8:
                    08:e6:60:85:b7:44:95:92:44:17:39:02:43:0a:06:
                    ee:66:63:e7:82:b8:14:c9:fd:26:4f:04:cc:6f:e7:
                    f7:f9:9c:0c:3f:67:6c:a0:05:8a:27:a9:c9:98:9a:
                    2e:8c:f0:b3:be:a0:bb:ae:27:05:eb:3e:7f:7a:51:
                    fd:c1:2e:6e:54:55:6f:3c:e4:af:c0:d5:fe:86:5f:
                    3b:0c:54:ac:79:01:69:8a:0d:03:f4:e1:e4:23:41:
                    7a:98:19:87:3d:5c:5d:7b:15:64:8c:93:f3:df:0e:
                    ac:9c:b5:10:82:ac:f7:24:ab:2e:10:47:b9:32:41:
                    11:ad:ca:ce:9d:5c:ae:f6:f9:17:77:6f:46:80:28:
                    4c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:18:88:EE:AF:AD:18:B9:E8:67:C7:11:A0:BF:06:56:B8:1E:82:4C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8528dc4b-312e-45ce-93d3-d1ea15bf2e99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.236.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         7e:8b:c6:8c:87:0d:a3:e4:b2:81:6b:7b:9b:0a:b0:7f:7b:4b:
         aa:22:ba:be:aa:18:b3:5d:10:27:9b:7d:81:1e:19:14:6e:db:
         30:fe:a0:f2:b9:e4:97:d2:ea:f7:b0:f2:b4:8e:10:b8:eb:fb:
         cb:62:3a:60:f3:14:09:a8:64:f9:38:89:e6:9b:57:7e:d3:c6:
         e7:44:6d:1f:f4:b1:4a:68:be:74:ba:82:d1:db:20:75:cd:35:
         6e:e5:2c:17:56:42:64:c0:a5:1a:7b:51:98:f4:a4:51:d8:34:
         60:71:21:db:46:01:ac:d3:38:b1:5b:b7:c3:be:33:9f:ce:6d:
         89:6a:12:e6:ba:a2:a4:68:3d:9c:72:7a:ca:ee:7a:d8:98:6e:
         eb:2b:3c:ba:00:27:16:5d:6b:61:db:17:fd:f8:d9:f0:0d:4d:
         95:fe:d4:27:a0:cf:e1:20:9c:38:85:59:b0:99:21:a5:13:b7:
         28:47:38:dc:c4:7e:4b:9e:8f:d5:04:3b:a7:86:81:21:b6:d2:
         9b:2d:24:07:0e:9b:ff:56:15:98:24:e0:3e:15:8a:ab:18:ee:
         ad:d1:82:e7:ec:0b:10:3b:4d:57:1b:17:ca:88:08:3f:ed:5c:
         79:db:f4:d2:d6:c4:a4:e0:fa:21:4c:ee:64:09:b5:6b:94:e0:
         f6:f4:3f:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbBcvqCd31sKHFzldufzU5+c5jF4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQwNDI5MDAwMDAwWhcNMjQwNjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNzVjZTc4Zjg1Y2ZhYzBhNjI3NTE2YmZiY2E1MDNlYWU2
YTE1OWNiNDcyM2Y3ZDFjMTczNTYyYmJiYzIzY2JjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/+6bUkAbSi/tYuRHGsqA1D6H8XJN85ZOnktxoL55QGqjc
sDNtTzmHbuVrgLgIM2QNATYa0xCoQZK/r4BOkAvn3L8HLoUQX2A3RkHYw7lptoO8
qm7DLDxeThPeisJszHPHMxEyYfHHnFiClXf+0cD/mBjzxsdZuAjmYIW3RJWSRBc5
AkMKBu5mY+eCuBTJ/SZPBMxv5/f5nAw/Z2ygBYonqcmYmi6M8LO+oLuuJwXrPn96
Uf3BLm5UVW885K/A1f6GXzsMVKx5AWmKDQP04eQjQXqYGYc9XF17FWSMk/PfDqyc
tRCCrPckqy4QR7kyQRGtys6dXK72+Rd3b0aAKEztAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYBiI7q+tGLnoZ8cRoL8GVrgegkwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1MjhkYzRiLTMxMmUtNDVjZS05M2QzLWQxZWExNWJmMmU5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwES7DANBgkqhkiG9w0BAQsFAAOCAQEAfovGjIcNo+SygWt7mwqwf3tLqiK6
vqoYs10QJ5t9gR4ZFG7bMP6g8rnkl9Lq97DytI4QuOv7y2I6YPMUCahk+TiJ5ptX
ftPG50RtH/SxSmi+dLqC0dsgdc01buUsF1ZCZMClGntRmPSkUdg0YHEh20YBrNM4
sVu3w74zn85tiWoS5rqipGg9nHJ6yu562Jhu6ys8ugAnFl1rYdsX/fjZ8A1Nlf7U
J6DP4SCcOIVZsJkhpRO3KEc43MR+S56P1QQ7p4aBIbbSmy0kBw6b/1YVmCTgPhWK
qxjurdGC5+wLEDtNVxsXyogIP+1cedv00tbEpOD6IUzuZAm1a5Tg9vQ/pw==
-----END CERTIFICATE-----