Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/28c7b9fb-0490-468d-9f07-c34e9e84d5f2.roa
File:                     28c7b9fb-0490-468d-9f07-c34e9e84d5f2.roa (raw, json)
Hash identifier:          2egjc45s+Erb85Qt3XouXsmo/Njw/66czTxk8nIbpo8=
Subject key identifier:   44:C1:B1:C6:43:5E:4D:04:52:93:A7:B7:D9:D0:48:E8:82:67:5D:37
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1E41BE14D9CCAD8E092D511727EAEC2A24CFF85A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/28c7b9fb-0490-468d-9f07-c34e9e84d5f2.roa
Signing time:             Fri 09 May 2025 15:01:08 +0000
ROA not before:           Fri 09 May 2025 15:01:08 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.89.0.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:41:be:14:d9:cc:ad:8e:09:2d:51:17:27:ea:ec:2a:24:cf:f8:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 15:01:08 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=ae95b8f2db27829d3922a88c2714a03a46c856111952310af392a9797fa085a6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:8c:e8:91:af:9d:10:34:ab:85:b7:d3:a1:d9:
                    6b:fe:02:9d:b1:81:7c:f0:14:45:36:1d:9a:8e:77:
                    57:4c:1d:39:54:2c:b1:0b:c5:aa:d9:4f:3e:28:bb:
                    57:eb:72:7b:6d:7e:95:ec:0e:5e:c0:dd:7b:3e:ba:
                    8a:38:97:84:48:3e:cd:6b:eb:2e:4e:1c:6a:4b:f4:
                    bb:b5:ed:9b:6f:ef:b1:0e:b7:ae:bb:03:be:c3:b3:
                    3f:1f:9c:77:f8:cc:83:36:85:16:69:60:48:3c:60:
                    e6:74:f9:df:21:21:1d:7a:6a:6c:53:90:2d:3d:13:
                    24:9e:55:8c:e9:0d:70:9d:6b:dc:fe:16:f4:e8:ac:
                    69:c2:0f:ba:ef:90:97:e2:45:8b:11:f9:32:c0:dd:
                    a5:1c:d0:1f:76:e8:29:41:67:78:6c:a8:8d:54:86:
                    32:b9:46:c1:19:2e:79:98:f5:eb:b4:3e:88:0a:7b:
                    c6:3a:78:6d:44:9e:d6:c5:73:ea:03:a2:50:b0:c8:
                    66:9c:b2:d5:bc:e4:00:4f:7d:99:3d:9a:df:50:8d:
                    fd:1b:d9:78:30:1a:e3:29:70:b5:d7:f2:eb:c1:7c:
                    cc:93:92:df:d4:cc:d8:99:ce:93:84:8a:fd:59:f1:
                    2f:3b:55:bf:c1:4b:06:c0:4f:61:47:c8:4e:bc:45:
                    53:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C1:B1:C6:43:5E:4D:04:52:93:A7:B7:D9:D0:48:E8:82:67:5D:37
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/28c7b9fb-0490-468d-9f07-c34e9e84d5f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.89.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         90:cf:4c:24:e3:41:f4:9d:45:c4:7a:57:95:62:97:d4:bb:2b:
         a8:c3:82:af:da:03:1b:7d:5d:3e:20:be:97:59:b9:6e:b2:9d:
         74:36:cb:bf:98:61:ed:c7:2c:d8:37:0b:22:8e:d6:a2:ab:5a:
         7e:29:ce:52:db:7f:ca:fc:b7:2c:2f:31:7a:b4:39:d1:db:bc:
         9d:67:04:5a:ff:37:85:25:fa:8d:af:7b:80:db:ef:a8:91:2c:
         21:87:10:a3:3c:94:dd:c9:99:25:ea:50:80:1a:53:1d:de:9c:
         ce:a3:b8:52:67:d9:a8:16:be:f9:16:35:09:19:7b:5e:4d:a7:
         00:e9:6b:1b:1c:bb:71:50:3c:10:11:1b:15:61:d8:a8:91:5a:
         b4:27:5e:ac:97:33:06:49:3f:1a:ec:45:e6:7b:bd:80:35:a7:
         83:bb:17:15:de:dd:27:71:b8:72:bb:d3:f8:d6:ab:28:44:6c:
         6d:42:58:76:80:d6:fd:3e:fa:b0:fe:15:4a:40:68:aa:ff:8e:
         32:ae:32:82:ac:91:dc:97:02:bc:d3:17:5e:7a:ba:5d:5f:e7:
         3b:ba:99:04:eb:7f:45:82:a2:e5:54:f6:42:c9:6e:39:7a:4d:
         08:53:95:d7:f3:14:58:11:3d:e9:9e:e7:d9:c5:27:a8:7c:ca:
         ab:5f:bc:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHkG+FNnMrY4JLVEXJ+rsKiTP+FowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MTUwMTA4WhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTk1YjhmMmRiMjc4MjlkMzkyMmE4OGMyNzE0YTAzYTQ2
Yzg1NjExMTk1MjMxMGFmMzkyYTk3OTdmYTA4NWE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGjOiRr50QNKuFt9Oh2Wv+Ap2xgXzwFEU2HZqOd1dMHTlU
LLELxarZTz4ou1frcnttfpXsDl7A3Xs+uoo4l4RIPs1r6y5OHGpL9Lu17Ztv77EO
t667A77Dsz8fnHf4zIM2hRZpYEg8YOZ0+d8hIR16amxTkC09EySeVYzpDXCda9z+
FvTorGnCD7rvkJfiRYsR+TLA3aUc0B926ClBZ3hsqI1UhjK5RsEZLnmY9eu0PogK
e8Y6eG1EntbFc+oDolCwyGacstW85ABPfZk9mt9Qjf0b2XgwGuMpcLXX8uvBfMyT
kt/UzNiZzpOEiv1Z8S87Vb/BSwbAT2FHyE68RVOHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURMGxxkNeTQRSk6e32dBI6IJnXTcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI4YzdiOWZiLTA0OTAtNDY4ZC05ZjA3LWMzNGU5ZTg0ZDVmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUSWQAwDQYJKoZIhvcNAQELBQADggEBAJDPTCTjQfSdRcR6V5Vil9S7K6jD
gq/aAxt9XT4gvpdZuW6ynXQ2y7+YYe3HLNg3CyKO1qKrWn4pzlLbf8r8tywvMXq0
OdHbvJ1nBFr/N4Ul+o2ve4Db76iRLCGHEKM8lN3JmSXqUIAaUx3enM6juFJn2agW
vvkWNQkZe15NpwDpaxscu3FQPBARGxVh2KiRWrQnXqyXMwZJPxrsReZ7vYA1p4O7
FxXe3SdxuHK70/jWqyhEbG1CWHaA1v0++rD+FUpAaKr/jjKuMoKskdyXArzTF156
ul1f5zu6mQTrf0WCouVU9kLJbjl6TQhTldfzFFgRPeme59nFJ6h8yqtfvJ0=
-----END CERTIFICATE-----