Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f0772d8-f455-463e-9417-4ddc13856c48.roa
File:                     5f0772d8-f455-463e-9417-4ddc13856c48.roa (raw, json)
Hash identifier:          4F7pNcArRWbwrbKLtUDA25+K6w8XWRFlRSZByhli1VI=
Subject key identifier:   0F:4C:42:BE:74:34:00:E9:19:A4:F1:01:AC:DB:9B:58:80:06:CD:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       655DFE1CE4758AE44BC53578629246727E58B6A1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f0772d8-f455-463e-9417-4ddc13856c48.roa
Signing time:             Tue 05 Aug 2025 16:11:15 +0000
ROA not before:           Tue 05 Aug 2025 16:11:15 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.148.0.0/14 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:5d:fe:1c:e4:75:8a:e4:4b:c5:35:78:62:92:46:72:7e:58:b6:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:11:15 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=9ba9602c62e6acefa3aeb3e7d02b183b2e7b343ada668b9aae7e82c65a511cd8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:04:a0:53:6d:20:cb:91:45:97:07:91:24:
                    d2:af:94:e6:9d:83:dc:65:3a:50:5a:9d:ca:47:ac:
                    10:11:7d:2d:43:8a:22:2f:2b:e3:12:15:bd:38:47:
                    95:a2:33:ca:47:85:d5:fe:e2:75:75:ed:b7:19:48:
                    c3:f7:65:4f:e8:17:e8:0a:75:31:53:71:1c:d9:59:
                    5b:42:f7:9a:20:76:02:9b:38:ca:95:5d:42:3d:f9:
                    31:5c:0e:38:fb:31:9c:57:52:f4:c1:b3:86:f6:d8:
                    b3:30:94:84:3e:ef:84:4a:d3:76:ca:b9:42:63:64:
                    2f:ed:77:1b:4c:52:cc:ae:39:36:9d:17:4d:50:5f:
                    a3:f4:81:d5:f7:88:00:95:7f:71:ed:42:a7:ec:94:
                    84:aa:df:be:95:5a:2f:99:1b:79:05:2c:1b:24:91:
                    b8:7e:43:04:ae:81:fc:a9:cf:e7:36:fb:b6:41:68:
                    ff:87:45:7f:eb:5d:89:eb:79:e0:e2:24:3e:8d:cb:
                    a9:97:f4:4a:66:24:b4:d0:4d:5f:3c:bd:bf:e3:83:
                    34:f8:b7:86:07:c1:ca:c9:b6:a2:b3:1b:df:36:25:
                    ea:27:43:ca:ab:47:13:1d:5c:40:17:c9:eb:e0:8a:
                    ed:08:54:33:00:5f:0e:f9:21:9a:3c:d6:42:87:e2:
                    ca:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:4C:42:BE:74:34:00:E9:19:A4:F1:01:AC:DB:9B:58:80:06:CD:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f0772d8-f455-463e-9417-4ddc13856c48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.148.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         2c:50:b1:73:d1:63:a2:d6:d9:f4:60:c3:f8:20:09:13:f2:42:
         cd:54:09:a0:29:ca:0d:b9:da:4a:7a:d1:3a:ad:74:42:81:2b:
         c1:ad:7d:80:8b:a8:56:e9:db:8e:c8:53:91:cb:48:94:34:a2:
         5e:30:59:0c:a1:ba:45:33:0b:9a:48:5a:57:0d:8c:b8:75:46:
         08:b5:a4:55:a7:33:fe:6f:19:d3:c0:4c:88:df:5b:48:ec:3c:
         c9:12:37:df:a2:10:80:55:4e:69:93:07:cc:c4:f9:e0:3d:45:
         fc:4b:1d:43:a4:2b:13:50:b9:70:ef:51:35:ef:6f:96:e1:cd:
         bd:5d:79:a1:60:96:10:f6:7b:e3:3a:89:63:0e:da:2a:b7:9a:
         32:22:44:02:95:ef:50:75:d4:8c:e2:d4:81:05:bf:b9:99:40:
         40:2c:2d:8a:33:98:04:3e:38:bb:af:3a:4b:24:a9:37:67:13:
         45:0e:c6:b8:31:fc:4d:7a:95:7a:f6:b7:0b:c7:3f:54:ca:84:
         a8:c6:0e:88:34:10:fc:4f:76:63:eb:50:0b:ad:dc:04:b9:88:
         6c:60:06:a7:fa:66:03:99:9d:a2:86:53:10:fb:81:6f:93:f6:
         39:79:24:2d:58:f6:ab:ed:67:fe:4f:c0:a7:66:ae:8b:92:e9:
         b4:87:a7:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZV3+HOR1iuRLxTV4YpJGcn5YtqEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTYxMTE1WhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YmE5NjAyYzYyZTZhY2VmYTNhZWIzZTdkMDJiMTgzYjJl
N2IzNDNhZGE2NjhiOWFhZTdlODJjNjVhNTExY2Q4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOKgSgU20gy5FFlweRJNKvlOadg9xlOlBancpHrBARfS1D
iiIvK+MSFb04R5WiM8pHhdX+4nV17bcZSMP3ZU/oF+gKdTFTcRzZWVtC95ogdgKb
OMqVXUI9+TFcDjj7MZxXUvTBs4b22LMwlIQ+74RK03bKuUJjZC/tdxtMUsyuOTad
F01QX6P0gdX3iACVf3HtQqfslISq376VWi+ZG3kFLBskkbh+QwSugfypz+c2+7ZB
aP+HRX/rXYnreeDiJD6Ny6mX9EpmJLTQTV88vb/jgzT4t4YHwcrJtqKzG982Jeon
Q8qrRxMdXEAXyevgiu0IVDMAXw75IZo81kKH4srLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUD0xCvnQ0AOkZpPEBrNubWIAGzcowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVmMDc3MmQ4LWY0NTUtNDYzZS05NDE3LTRkZGMxMzg1NmM0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwISlDANBgkqhkiG9w0BAQsFAAOCAQEALFCxc9FjotbZ9GDD+CAJE/JCzVQJ
oCnKDbnaSnrROq10QoErwa19gIuoVunbjshTkctIlDSiXjBZDKG6RTMLmkhaVw2M
uHVGCLWkVacz/m8Z08BMiN9bSOw8yRI336IQgFVOaZMHzMT54D1F/EsdQ6QrE1C5
cO9RNe9vluHNvV15oWCWEPZ74zqJYw7aKreaMiJEApXvUHXUjOLUgQW/uZlAQCwt
ijOYBD44u686SySpN2cTRQ7GuDH8TXqVeva3C8c/VMqEqMYOiDQQ/E92Y+tQC63c
BLmIbGAGp/pmA5mdooZTEPuBb5P2OXkkLVj2q+1n/k/Ap2aui5LptIenfQ==
-----END CERTIFICATE-----