Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/085bdc5a-eecc-4b91-96d8-643ad0e0b827.roa
File:                     085bdc5a-eecc-4b91-96d8-643ad0e0b827.roa (raw, json)
Hash identifier:          8fozN4Gue17k2Mv2aFI/Fi7aJF03YIKUzFxr2pqiAvk=
Subject key identifier:   D6:83:0D:FA:B1:EE:42:F7:8E:DE:E0:1D:C0:CA:FF:89:A7:C4:57:8A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6CCE18A745A61F1169C8B0922C17AC8A0FA72F08
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/085bdc5a-eecc-4b91-96d8-643ad0e0b827.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:ce:18:a7:45:a6:1f:11:69:c8:b0:92:2c:17:ac:8a:0f:a7:2f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:14:88:11:86:0e:61:3c:db:16:ec:fe:74:49:
                    24:4c:92:a5:66:7f:1b:c0:43:bf:fd:98:1e:df:51:
                    8a:ec:29:a9:fb:6e:16:fb:2c:0c:d0:10:02:df:ef:
                    46:89:be:b3:68:7a:e5:71:ec:20:81:26:63:cd:0e:
                    40:69:ba:e0:78:8f:1e:19:91:8d:59:3b:86:cf:ce:
                    e7:5e:22:b2:b3:3b:e1:39:8e:7c:86:51:4e:cd:84:
                    b5:9d:ba:be:26:d0:a1:a7:cb:6f:97:13:f8:1c:92:
                    af:c2:49:28:56:2a:45:fc:cd:2c:aa:89:e3:ac:d7:
                    51:af:6f:3c:c2:48:c0:f9:fc:a1:04:02:19:03:1d:
                    c5:73:36:3b:76:c5:df:4d:ab:71:f4:2f:12:b9:49:
                    0c:31:e2:a8:02:cb:f2:ef:a4:a5:05:f8:95:9f:d5:
                    4a:0c:72:3c:27:17:49:46:ad:29:06:a8:2c:59:51:
                    c7:e3:ad:9f:3f:f7:a0:12:30:2d:41:81:49:e0:c7:
                    fd:08:95:13:25:1e:b1:b2:5c:f8:a8:40:30:87:f4:
                    9b:f0:5a:a5:56:06:7c:70:3c:d7:08:6d:4d:80:10:
                    33:1e:fa:25:a8:53:fb:f2:f1:c5:53:af:a9:82:76:
                    f2:ec:ea:a3:66:5a:e3:b6:75:12:02:3f:14:18:8a:
                    9f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:83:0D:FA:B1:EE:42:F7:8E:DE:E0:1D:C0:CA:FF:89:A7:C4:57:8A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/085bdc5a-eecc-4b91-96d8-643ad0e0b827.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         01:df:d7:e5:44:4d:ec:17:03:21:53:2b:db:d8:4e:c0:de:f0:
         6e:ca:df:02:fa:7d:5e:b5:d8:eb:ea:df:27:eb:4b:46:33:37:
         d0:7c:a6:06:bf:1e:96:f9:ba:d3:7a:62:bf:6a:84:fc:d1:17:
         22:57:18:39:ba:f0:7c:1b:52:af:44:c8:42:25:36:a7:45:81:
         9e:e3:25:88:e0:a7:54:a4:40:b1:80:91:63:cf:16:23:45:36:
         ed:5f:0e:05:5c:b8:4f:b6:6a:c9:98:8c:1c:0b:aa:5b:79:a9:
         d2:43:f0:9c:a2:4d:6f:dc:d6:29:d0:0e:05:05:0f:67:28:03:
         f8:a4:ed:0d:3e:ef:12:1c:e6:d0:9d:6a:d8:50:8d:7f:d3:53:
         a8:cb:35:c1:47:4e:d4:3d:19:0b:5e:fa:7c:1f:b7:62:9d:af:
         f8:a2:5b:9c:a9:26:5b:6d:8a:b0:6b:72:11:bc:03:e3:3f:89:
         94:50:48:e8:b0:fb:c3:3e:af:78:b8:8c:9c:d5:8d:ec:1b:81:
         21:5e:05:11:b9:42:8d:00:8f:c9:f8:b0:4b:c6:cf:41:98:23:
         89:81:d1:a2:de:95:6e:90:a2:d7:eb:23:22:33:06:ad:e9:ac:
         1f:77:a8:0a:ef:0e:77:a0:c3:75:d7:d4:75:39:d3:a2:7e:3c:
         1d:03:47:b3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbM4Yp0WmHxFpyLCSLBesig+nLwgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjdjODQwYTc1N2ZlZWQxYzU0NzZmMDc0ZDRhOTE5OTZi
ODdmOWM2YzYwZjU4ZjYxNGM5MDQ2ZGY0M2I1NjI2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsFIgRhg5hPNsW7P50SSRMkqVmfxvAQ7/9mB7fUYrsKan7
bhb7LAzQEALf70aJvrNoeuVx7CCBJmPNDkBpuuB4jx4ZkY1ZO4bPzudeIrKzO+E5
jnyGUU7NhLWdur4m0KGny2+XE/gckq/CSShWKkX8zSyqieOs11GvbzzCSMD5/KEE
AhkDHcVzNjt2xd9Nq3H0LxK5SQwx4qgCy/LvpKUF+JWf1UoMcjwnF0lGrSkGqCxZ
UcfjrZ8/96ASMC1BgUngx/0IlRMlHrGyXPioQDCH9JvwWqVWBnxwPNcIbU2AEDMe
+iWoU/vy8cVTr6mCdvLs6qNmWuO2dRICPxQYip8dAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1oMN+rHuQveO3uAdwMr/iafEV4owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA4NWJkYzVhLWVlY2MtNGI5MS05NmQ4LTY0M2FkMGUwYjgyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISpDANBgkqhkiG9w0BAQsFAAOCAQEAAd/X5URN7BcDIVMr29hOwN7wbsrf
Avp9XrXY6+rfJ+tLRjM30HymBr8elvm603piv2qE/NEXIlcYObrwfBtSr0TIQiU2
p0WBnuMliOCnVKRAsYCRY88WI0U27V8OBVy4T7ZqyZiMHAuqW3mp0kPwnKJNb9zW
KdAOBQUPZygD+KTtDT7vEhzm0J1q2FCNf9NTqMs1wUdO1D0ZC176fB+3Yp2v+KJb
nKkmW22KsGtyEbwD4z+JlFBI6LD7wz6veLiMnNWN7BuBIV4FEblCjQCPyfiwS8bP
QZgjiYHRot6VbpCi1+sjIjMGremsH3eoCu8Od6DDddfUdTnTon48HQNHsw==
-----END CERTIFICATE-----