Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa
File:                     9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa (raw, json)
Hash identifier:          6OgLx0IFQfuz0G1e0i4H0i3/etnsnejCYshZUNkNEDA=
Subject key identifier:   B2:14:54:FB:AF:A8:2B:94:31:20:06:9C:66:BE:E6:B7:BB:E6:3B:03
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       766BB8FC0A1E997AC1EA5F861A9A780395994901
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa
Signing time:             Tue 05 Aug 2025 16:41:10 +0000
ROA not before:           Tue 05 Aug 2025 16:41:10 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.56.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:6b:b8:fc:0a:1e:99:7a:c1:ea:5f:86:1a:9a:78:03:95:99:49:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:41:10 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=940e76203e1e0ba75b1e6abec700bb595bf34170f1bbd712ee6bd3bad79fd818, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:16:0f:0b:40:28:4d:3d:a0:8a:89:a0:c5:8b:
                    da:e2:31:03:37:92:e1:96:d3:e4:6a:43:3d:02:3f:
                    ec:f5:5c:cf:63:5a:45:27:be:f4:a9:0c:8a:a9:65:
                    fe:f6:43:34:a8:6b:3b:d3:60:27:3f:ba:f4:68:0f:
                    e1:17:75:db:b0:7d:9b:1f:22:74:d4:15:ac:32:6b:
                    99:a8:11:e6:c1:a0:6f:83:52:c0:39:60:6d:c2:e3:
                    f9:f6:2a:b8:43:4a:4d:25:06:fd:82:92:7c:6b:34:
                    fa:fb:d4:36:77:90:95:d3:e7:18:9a:63:8b:a4:4f:
                    1f:57:99:77:c7:ea:37:05:c9:5b:ad:f5:a6:ad:d9:
                    5a:06:3c:67:2d:e3:d9:95:df:a5:26:23:ff:e5:88:
                    27:91:db:33:f3:a2:af:1f:3f:90:c4:80:01:d7:70:
                    ec:53:3f:2e:9e:1e:bc:5b:d1:6c:58:9f:21:4f:44:
                    68:e8:d9:2c:1e:73:9a:14:bd:b3:f7:97:ba:69:93:
                    d0:5d:ae:79:62:61:af:44:1d:f7:20:e4:46:a4:f1:
                    c0:99:39:97:41:d8:e8:29:a2:4d:51:ca:6c:5a:ea:
                    8c:87:8c:15:63:60:6f:79:b6:98:f5:fd:83:f1:c7:
                    37:57:b1:7b:7f:1d:e0:87:22:33:79:c8:10:b2:3a:
                    ca:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:14:54:FB:AF:A8:2B:94:31:20:06:9C:66:BE:E6:B7:BB:E6:3B:03
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9a:6d:60:49:cf:13:5a:b8:4d:b8:67:b5:35:70:c2:b4:69:2c:
         41:4b:d1:2d:e9:e7:d4:ae:2f:eb:13:77:a1:b9:b5:07:b5:15:
         48:2f:cc:20:81:f6:31:6d:e7:af:13:a9:cd:fc:5d:cc:d4:ad:
         f3:b4:b4:a9:d2:65:ba:4c:d5:58:9c:ea:4a:04:7e:ea:56:ce:
         0a:5d:d5:eb:f2:c7:22:1f:58:fc:84:e2:2f:e5:33:24:90:09:
         ee:2f:51:3a:c7:eb:bc:ab:96:84:71:36:af:b1:75:0e:4d:76:
         c8:68:ef:a2:0e:05:66:a3:1f:1a:bd:51:fa:e7:b1:c9:5c:ba:
         79:db:d4:9c:5f:08:67:88:6c:9b:38:86:cc:62:5b:14:aa:40:
         70:74:9d:2b:09:2d:71:7d:a5:06:9f:0f:e4:c1:02:41:32:fd:
         da:c1:23:a4:95:c8:2d:95:f4:f0:cf:5c:8b:5e:37:58:85:7f:
         a2:bd:9d:06:d1:72:dc:2d:87:0a:a0:2f:5e:50:5b:90:aa:cd:
         e6:d3:05:e8:17:c2:60:8e:6b:20:f8:82:7d:18:e0:c1:d0:23:
         be:69:63:28:59:7a:d1:13:b3:b5:bf:19:c3:30:0d:a0:82:88:
         8a:bd:b0:54:90:22:dc:87:1a:4b:c6:2e:08:e0:5c:83:c9:bb:
         5a:3e:97:36
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdmu4/AoemXrB6l+GGpp4A5WZSQEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTY0MTEwWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDBlNzYyMDNlMWUwYmE3NWIxZTZhYmVjNzAwYmI1OTVi
ZjM0MTcwZjFiYmQ3MTJlZTZiZDNiYWQ3OWZkODE4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxFg8LQChNPaCKiaDFi9riMQM3kuGW0+RqQz0CP+z1XM9j
WkUnvvSpDIqpZf72QzSoazvTYCc/uvRoD+EXdduwfZsfInTUFawya5moEebBoG+D
UsA5YG3C4/n2KrhDSk0lBv2CknxrNPr71DZ3kJXT5xiaY4ukTx9XmXfH6jcFyVut
9aat2VoGPGct49mV36UmI//liCeR2zPzoq8fP5DEgAHXcOxTPy6eHrxb0WxYnyFP
RGjo2Swec5oUvbP3l7ppk9BdrnliYa9EHfcg5Eak8cCZOZdB2Ogpok1Rymxa6oyH
jBVjYG95tpj1/YPxxzdXsXt/HeCHIjN5yBCyOso1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUshRU+6+oK5QxIAacZr7mt7vmOwMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlmMWRhNWY0LTJmNGEtNDg5Zi1hM2FhLWEwYjc0NjE4NWQxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASODANBgkqhkiG9w0BAQsFAAOCAQEAmm1gSc8TWrhNuGe1NXDCtGksQUvR
Lenn1K4v6xN3obm1B7UVSC/MIIH2MW3nrxOpzfxdzNSt87S0qdJlukzVWJzqSgR+
6lbOCl3V6/LHIh9Y/ITiL+UzJJAJ7i9ROsfrvKuWhHE2r7F1Dk12yGjvog4FZqMf
Gr1R+uexyVy6edvUnF8IZ4hsmziGzGJbFKpAcHSdKwktcX2lBp8P5MECQTL92sEj
pJXILZX08M9ci143WIV/or2dBtFy3C2HCqAvXlBbkKrN5tMF6BfCYI5rIPiCfRjg
wdAjvmljKFl60ROztb8ZwzANoIKIir2wVJAi3IcaS8YuCOBcg8m7Wj6XNg==
-----END CERTIFICATE-----