Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25eb671c-8744-467e-9d84-fb2d40042737.roa
File:                     25eb671c-8744-467e-9d84-fb2d40042737.roa (raw, json)
Hash identifier:          4dyO2dw875DsmVdd92u/KqcAdcRtNLt9wEotKFiHVno=
Subject key identifier:   CB:2C:2E:E3:6B:B2:D2:97:1F:E3:05:36:A7:F7:CB:95:26:3E:D0:52
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       492746380E2819C7C4117F41F0B260460CAC18B8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25eb671c-8744-467e-9d84-fb2d40042737.roa
Signing time:             Tue 28 Jan 2025 00:00:00 +0000
ROA not before:           Tue 28 Jan 2025 00:00:00 +0000
ROA not after:            Tue 04 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.96.0.0/14 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:27:46:38:0e:28:19:c7:c4:11:7f:41:f0:b2:60:46:0c:ac:18:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 28 00:00:00 2025 GMT
            Not After : Mar  4 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:45:9f:ef:c4:27:85:33:0f:1c:f5:2e:72:16:
                    64:0e:12:0a:40:fb:7a:7a:1b:c1:ab:1b:1b:b4:2c:
                    c8:b0:2e:0c:85:ac:05:a1:e3:48:6d:11:50:eb:e6:
                    1c:0c:46:6e:67:f5:ae:ca:0a:bd:ae:3c:62:a5:38:
                    f2:4f:49:9b:28:c0:b1:f9:ec:c7:9e:56:05:dc:2e:
                    33:68:6e:00:f2:95:c8:78:21:69:03:09:0f:09:8a:
                    c3:19:0f:3b:ae:46:55:eb:73:22:76:30:ba:f0:35:
                    04:c1:b0:52:96:55:3e:e9:5f:7a:70:07:f6:ed:1c:
                    7f:01:22:2e:86:cb:2d:39:2d:49:46:e9:18:31:80:
                    06:28:d0:06:9c:2b:f6:f6:19:5f:eb:31:7b:64:65:
                    1d:87:38:12:39:e8:8f:c5:9d:d5:27:a9:5b:55:ff:
                    9e:c4:09:19:f8:06:7c:ba:bf:1a:de:23:a5:5d:60:
                    0d:04:b9:6f:50:5d:47:b0:3c:a2:7c:45:50:23:d8:
                    d3:92:34:69:79:1e:11:14:6d:1a:1d:79:69:86:58:
                    44:60:d1:a1:36:b2:f0:f2:17:c4:89:69:87:26:24:
                    a0:f5:e9:a6:c3:cc:e3:04:95:68:a3:98:8f:ae:43:
                    e1:09:5b:ca:d3:43:05:ab:0a:eb:3c:56:68:86:e5:
                    5f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:2C:2E:E3:6B:B2:D2:97:1F:E3:05:36:A7:F7:CB:95:26:3E:D0:52
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25eb671c-8744-467e-9d84-fb2d40042737.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.96.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         16:cf:83:ee:f5:ba:d2:9f:c8:b6:d5:2d:b6:ab:f6:02:80:af:
         1c:1b:3a:90:85:69:f8:18:32:59:04:0a:e3:7c:61:dd:2b:18:
         ba:0b:05:7d:84:fc:b3:12:63:3f:7c:6e:e1:a6:95:89:74:d7:
         ab:5f:c9:65:f8:b7:f4:5c:b0:cd:cd:4b:1f:ac:34:14:e1:36:
         e7:b2:60:86:7b:94:75:5c:16:7a:8b:03:9a:0f:8c:52:eb:8d:
         54:20:0f:1b:ad:78:55:6f:ad:8d:1a:82:61:b0:3c:95:8e:1d:
         9f:f3:08:56:92:7e:dc:59:08:7b:e9:c0:d4:f9:ce:ce:b3:f8:
         37:b2:f1:f3:54:4d:3e:43:87:42:3b:b4:4e:a5:9b:cf:a7:36:
         b1:97:90:52:4f:b3:5a:0f:26:30:cc:03:55:92:1a:58:d8:69:
         f2:c5:78:49:aa:67:0c:e9:c1:d7:56:51:8e:ff:72:eb:f6:b4:
         d7:1e:24:24:80:dc:5d:80:79:ae:46:6c:48:cd:e0:3c:56:bf:
         65:44:79:c3:07:a7:b6:94:be:20:8d:66:21:80:67:15:dd:0a:
         f9:22:e9:67:aa:c4:48:cc:77:20:37:e3:ca:88:4a:16:1f:6e:
         c6:34:b9:94:00:ce:1d:cb:b6:ff:b7:89:3e:fd:0f:59:c1:18:
         5c:71:70:42
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSSdGOA4oGcfEEX9B8LJgRgysGLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI4MDAwMDAwWhcNMjUwMzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZmI1NGI4NTZjZWQ1MGJlNmE0ZDUwOTM1YTQzMmRjZmIw
YTRlYWY1Y2JmZjk5ODdlMDNhOGU1NWRlZDdkNmIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/RZ/vxCeFMw8c9S5yFmQOEgpA+3p6G8GrGxu0LMiwLgyF
rAWh40htEVDr5hwMRm5n9a7KCr2uPGKlOPJPSZsowLH57MeeVgXcLjNobgDylch4
IWkDCQ8JisMZDzuuRlXrcyJ2MLrwNQTBsFKWVT7pX3pwB/btHH8BIi6Gyy05LUlG
6RgxgAYo0AacK/b2GV/rMXtkZR2HOBI56I/FndUnqVtV/57ECRn4Bny6vxreI6Vd
YA0EuW9QXUewPKJ8RVAj2NOSNGl5HhEUbRodeWmGWERg0aE2svDyF8SJaYcmJKD1
6abDzOMElWijmI+uQ+EJW8rTQwWrCus8VmiG5V/XAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyywu42uy0pcf4wU2p/fLlSY+0FIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI1ZWI2NzFjLTg3NDQtNDY3ZS05ZDg0LWZiMmQ0MDA0MjczNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISYDANBgkqhkiG9w0BAQsFAAOCAQEAFs+D7vW60p/IttUttqv2AoCvHBs6
kIVp+BgyWQQK43xh3SsYugsFfYT8sxJjP3xu4aaViXTXq1/JZfi39Fywzc1LH6w0
FOE257JghnuUdVwWeosDmg+MUuuNVCAPG614VW+tjRqCYbA8lY4dn/MIVpJ+3FkI
e+nA1PnOzrP4N7Lx81RNPkOHQju0TqWbz6c2sZeQUk+zWg8mMMwDVZIaWNhp8sV4
SapnDOnB11ZRjv9y6/a01x4kJIDcXYB5rkZsSM3gPFa/ZUR5wwentpS+II1mIYBn
Fd0K+SLpZ6rESMx3IDfjyohKFh9uxjS5lADOHcu2/7eJPv0PWcEYXHFwQg==
-----END CERTIFICATE-----