Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa
File:                     9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa (raw, json)
Hash identifier:          n3WK8FgcOnJIHrl2Buij2EYJfqEYzxTN7HQiyvKYDUA=
Subject key identifier:   40:17:C6:D7:12:9B:1A:DE:44:CE:C7:25:5A:AC:B9:7D:B4:2D:F9:D7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       15186314526E2A36999ED140DC9F0943ABE78EE3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa
Signing time:             Fri 07 Mar 2025 00:30:27 +0000
ROA not before:           Fri 07 Mar 2025 00:30:27 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.56.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:18:63:14:52:6e:2a:36:99:9e:d1:40:dc:9f:09:43:ab:e7:8e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  7 00:30:27 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fa:ce:88:a4:21:d5:2f:22:1d:9f:9e:ed:e0:
                    b1:bc:2d:d7:59:40:24:12:db:fb:82:59:9a:cd:c2:
                    13:16:f0:c9:e1:f2:17:5e:6f:82:69:dd:53:c3:cf:
                    16:e2:f5:74:38:a9:6a:61:36:04:47:de:b3:b8:86:
                    db:2b:fd:9f:fe:2e:7a:0a:df:af:0c:04:3a:09:4c:
                    96:b4:01:78:1a:99:fe:22:bc:07:19:f7:ca:03:42:
                    dd:11:e9:e3:37:f3:96:51:35:2d:e2:17:5a:a3:f7:
                    a7:4a:16:47:41:e1:fb:98:ce:fc:93:36:95:d9:04:
                    1d:ef:82:db:ae:4a:b6:71:af:c0:7f:af:46:b6:4a:
                    9c:87:e6:70:3f:e9:7a:52:cc:fc:0f:e3:5e:08:f1:
                    6d:4a:4e:b7:79:04:23:94:84:79:1b:dc:c0:99:59:
                    af:4a:f7:da:d7:c8:53:3e:a8:d7:d3:06:85:b8:75:
                    fa:b5:77:8a:f8:46:a9:05:ca:cf:2e:90:27:1a:69:
                    37:db:38:6d:a9:9a:75:6f:dd:9f:a6:06:a5:c0:ae:
                    58:85:0b:66:a7:10:95:52:6e:92:91:3c:e1:37:f5:
                    5c:bc:96:df:88:80:f6:33:a0:8a:d5:3a:93:73:68:
                    5a:c6:5f:f5:1e:85:fa:7f:5a:58:b5:46:94:f3:28:
                    94:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:17:C6:D7:12:9B:1A:DE:44:CE:C7:25:5A:AC:B9:7D:B4:2D:F9:D7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9f1da5f4-2f4a-489f-a3aa-a0b746185d1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:0a:12:11:44:5d:4d:76:5c:7f:fb:33:91:17:89:04:dc:f4:
         e1:a7:c6:bf:d0:65:27:72:f3:94:7e:87:12:7f:66:4b:43:11:
         3e:13:28:20:e8:ea:c8:9b:40:49:ce:d0:3e:df:dd:1b:07:71:
         08:57:a1:23:36:1e:43:e0:c2:18:58:bd:30:bc:6f:0a:6b:8d:
         11:91:27:a9:6b:ea:74:f9:f8:45:21:5f:47:54:16:33:3f:bd:
         ee:6c:55:a2:0c:a2:61:0f:78:85:2f:14:3e:ef:29:33:f0:eb:
         73:a2:d6:82:c2:fa:d9:7d:27:82:d0:30:8d:e3:39:3a:d6:90:
         1f:72:2c:d5:16:8d:38:9d:58:12:c5:a9:7a:31:2a:56:f8:64:
         d1:43:84:24:b3:1a:3c:27:23:63:27:66:9c:6b:fa:a1:89:b1:
         13:33:f9:5e:b4:88:16:9f:4c:09:a5:cf:66:d7:7f:de:a5:4c:
         a3:4d:e6:83:c9:50:e9:0f:f7:93:27:d2:6e:91:8d:40:98:62:
         72:e8:f3:be:7a:24:72:a9:16:a2:76:2e:e8:b7:2e:64:28:d0:
         41:de:c2:03:5a:84:5a:25:6a:18:44:84:7d:4b:db:13:1e:43:
         e5:6a:87:72:fa:0a:ae:30:fe:7e:63:92:8f:22:93:02:06:f7:
         ab:4c:b9:c6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFRhjFFJuKjaZntFA3J8JQ6vnjuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMzA3MDAzMDI3WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDM2YzIxYjRmMTk0MmQxMGRmNTVjNGZhNTA4ZjczOTll
ODAyYmM0NmYzMGNiZDRhYzNiODhkMWM1NWVmZTZiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm+s6IpCHVLyIdn57t4LG8LddZQCQS2/uCWZrNwhMW8Mnh
8hdeb4Jp3VPDzxbi9XQ4qWphNgRH3rO4htsr/Z/+LnoK368MBDoJTJa0AXgamf4i
vAcZ98oDQt0R6eM385ZRNS3iF1qj96dKFkdB4fuYzvyTNpXZBB3vgtuuSrZxr8B/
r0a2SpyH5nA/6XpSzPwP414I8W1KTrd5BCOUhHkb3MCZWa9K99rXyFM+qNfTBoW4
dfq1d4r4RqkFys8ukCcaaTfbOG2pmnVv3Z+mBqXArliFC2anEJVSbpKRPOE39Vy8
lt+IgPYzoIrVOpNzaFrGX/Uehfp/Wli1RpTzKJTVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQBfG1xKbGt5EzsclWqy5fbQt+dcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlmMWRhNWY0LTJmNGEtNDg5Zi1hM2FhLWEwYjc0NjE4NWQxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASODANBgkqhkiG9w0BAQsFAAOCAQEAJgoSEURdTXZcf/szkReJBNz04afG
v9BlJ3LzlH6HEn9mS0MRPhMoIOjqyJtASc7QPt/dGwdxCFehIzYeQ+DCGFi9MLxv
CmuNEZEnqWvqdPn4RSFfR1QWMz+97mxVogyiYQ94hS8UPu8pM/Drc6LWgsL62X0n
gtAwjeM5OtaQH3Is1RaNOJ1YEsWpejEqVvhk0UOEJLMaPCcjYydmnGv6oYmxEzP5
XrSIFp9MCaXPZtd/3qVMo03mg8lQ6Q/3kyfSbpGNQJhicujzvnokcqkWonYu6Lcu
ZCjQQd7CA1qEWiVqGESEfUvbEx5D5WqHcvoKrjD+fmOSjyKTAgb3q0y5xg==
-----END CERTIFICATE-----