Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6886b238-5980-463b-b119-e9a682f0a65f.roa
File:                     6886b238-5980-463b-b119-e9a682f0a65f.roa (raw, json)
Hash identifier:          vVj+n37EDJKs2H280KO5MrwVV3qvvhuKcRkQ5dr60mQ=
Subject key identifier:   63:DC:C9:19:8F:E7:D4:3E:06:06:62:39:C9:2C:1D:33:A4:D7:37:23
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5824FFE3CBAC730AFA9BEE34704738E8225FBE5A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6886b238-5980-463b-b119-e9a682f0a65f.roa
Signing time:             Fri 09 May 2025 00:41:54 +0000
ROA not before:           Fri 09 May 2025 00:41:54 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.89.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 12 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:24:ff:e3:cb:ac:73:0a:fa:9b:ee:34:70:47:38:e8:22:5f:be:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  9 00:41:54 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=1a53bd162194914746a805db98bb1356b25b65017ec97e7d095e40f3d504b5fd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:33:ff:2f:e3:e0:57:81:2d:25:e1:10:55:fc:
                    4b:f2:96:ab:b4:4a:55:a6:03:83:cd:ba:bc:21:c6:
                    83:b7:8c:a2:3e:9c:d3:8c:db:eb:04:81:05:00:0a:
                    a0:f9:dc:91:ba:26:79:e0:80:f4:ec:b6:84:1d:e7:
                    82:27:03:e9:4a:6f:4f:53:cc:d7:14:2e:c4:3f:a1:
                    40:f4:b4:d8:60:6f:f7:f0:82:83:9b:1e:8e:ed:00:
                    25:b9:39:dd:b9:c7:72:b9:f5:b3:7e:c9:07:f2:c8:
                    36:79:8e:77:4d:a2:e8:e2:c5:da:dc:cd:78:db:24:
                    ad:37:2b:bd:3e:de:c2:4a:b9:a0:27:fc:a7:12:31:
                    1a:0b:16:7a:64:0f:2f:b2:54:81:fe:32:19:91:1d:
                    70:bc:d3:4b:2e:d3:9f:6a:e2:39:81:fa:82:8b:27:
                    65:c9:74:02:3b:7a:f5:50:04:8f:6d:4b:ad:cc:50:
                    e1:c2:1e:f2:43:00:04:53:40:23:52:b5:ae:30:f2:
                    40:c2:f2:36:d2:5b:41:a4:ed:72:b9:4c:97:26:a3:
                    a4:97:49:25:a1:10:5c:dc:de:db:29:ee:6b:f7:45:
                    e9:6d:04:3d:e0:a9:b5:58:8c:fa:ff:a6:66:7b:52:
                    95:f0:4f:7f:72:18:4a:98:35:cc:7e:21:6c:bb:aa:
                    8e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:DC:C9:19:8F:E7:D4:3E:06:06:62:39:C9:2C:1D:33:A4:D7:37:23
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6886b238-5980-463b-b119-e9a682f0a65f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.89.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6b:38:27:0f:70:5a:db:97:48:af:44:7c:1c:5b:3a:ac:96:ba:
         b9:65:f3:79:59:3a:38:42:45:c3:2b:a0:5e:fa:e4:8f:32:f1:
         ba:9e:98:f1:d1:4a:5f:2e:24:12:36:27:4e:d0:c3:c8:93:3d:
         3f:3a:6d:af:b6:74:d3:ab:87:68:37:49:c7:cd:39:6a:77:7c:
         ae:8a:7a:ad:3a:33:2c:c9:fb:55:e1:9f:00:04:82:98:a7:50:
         80:4e:08:f4:0d:88:3e:bf:7e:e9:1b:0a:b2:35:d3:73:ab:d3:
         da:f3:86:60:6b:3e:52:09:b5:9b:c9:24:03:69:4a:da:32:a2:
         da:69:4b:f1:db:90:eb:e9:7f:c9:30:18:91:48:48:42:ca:0b:
         b3:29:cd:ab:8b:18:74:2f:da:41:c6:22:9d:0b:71:42:2d:78:
         39:e3:9d:b1:c6:34:c0:cd:26:cf:a7:7a:23:33:1d:fe:38:89:
         97:a0:d4:ad:3f:a2:41:f4:46:d2:3e:83:a9:b8:88:30:70:a9:
         22:4e:f1:55:3a:93:71:af:7d:74:70:77:da:e3:2c:e4:f2:9f:
         f3:84:43:71:2e:0c:23:da:b1:7e:76:9c:61:5a:1a:e4:26:17:
         94:85:b7:9a:e0:4c:61:93:ee:3d:89:22:49:bb:9c:a4:9e:29:
         fd:ac:32:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWCT/48uscwr6m+40cEc46CJfvlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA5MDA0MTU0WhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYTUzYmQxNjIxOTQ5MTQ3NDZhODA1ZGI5OGJiMTM1NmIy
NWI2NTAxN2VjOTdlN2QwOTVlNDBmM2Q1MDRiNWZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTM/8v4+BXgS0l4RBV/Evylqu0SlWmA4PNurwhxoO3jKI+
nNOM2+sEgQUACqD53JG6JnnggPTstoQd54InA+lKb09TzNcULsQ/oUD0tNhgb/fw
goObHo7tACW5Od25x3K59bN+yQfyyDZ5jndNoujixdrczXjbJK03K70+3sJKuaAn
/KcSMRoLFnpkDy+yVIH+MhmRHXC800su059q4jmB+oKLJ2XJdAI7evVQBI9tS63M
UOHCHvJDAARTQCNSta4w8kDC8jbSW0Gk7XK5TJcmo6SXSSWhEFzc3tsp7mv3Relt
BD3gqbVYjPr/pmZ7UpXwT39yGEqYNcx+IWy7qo4ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY9zJGY/n1D4GBmI5ySwdM6TXNyMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4ODZiMjM4LTU5ODAtNDYzYi1iMTE5LWU5YTY4MmYwYTY1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYSWYAwDQYJKoZIhvcNAQELBQADggEBAGs4Jw9wWtuXSK9EfBxbOqyWurll
83lZOjhCRcMroF765I8y8bqemPHRSl8uJBI2J07Qw8iTPT86ba+2dNOrh2g3ScfN
OWp3fK6Keq06MyzJ+1XhnwAEgpinUIBOCPQNiD6/fukbCrI103Or09rzhmBrPlIJ
tZvJJANpStoyotppS/HbkOvpf8kwGJFISELKC7MpzauLGHQv2kHGIp0LcUIteDnj
nbHGNMDNJs+neiMzHf44iZeg1K0/okH0RtI+g6m4iDBwqSJO8VU6k3GvfXRwd9rj
LOTyn/OEQ3EuDCPasX52nGFaGuQmF5SFt5rgTGGT7j2JIkm7nKSeKf2sMkU=
-----END CERTIFICATE-----