Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a57f9d8b-6b3c-4ec9-845a-81cab3a69ef2.roa
File:                     a57f9d8b-6b3c-4ec9-845a-81cab3a69ef2.roa (raw, json)
Hash identifier:          3obh58s/H6v8VfDN2FjwpgLv8o3rihX6HXXjv1B03T4=
Subject key identifier:   2A:DB:8E:9C:0D:F3:F4:8B:0B:7F:21:6D:89:96:C3:8A:F5:44:F2:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21DBBE8B73984B8B11D4480546C38CF1426CD82F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a57f9d8b-6b3c-4ec9-845a-81cab3a69ef2.roa
Signing time:             Fri 25 Apr 2025 16:40:07 +0000
ROA not before:           Fri 25 Apr 2025 16:40:07 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.53.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:db:be:8b:73:98:4b:8b:11:d4:48:05:46:c3:8c:f1:42:6c:d8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 16:40:07 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=6873b7819e36a5addc5dffa17a0ad6dc92d2bd5d5ad6fa736f4e0cc900d48345, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:77:dd:47:33:a7:ed:bd:d4:a9:5c:50:8b:54:
                    a5:ea:6e:a2:bc:92:cd:7d:08:4a:a6:8f:29:fb:7f:
                    3b:df:61:3c:ab:93:b7:f0:c5:0a:62:ef:17:1f:68:
                    fb:b0:f8:f4:9a:ca:2a:30:f0:96:75:ba:57:d6:aa:
                    27:ac:6f:73:47:2e:7a:94:93:f6:30:f7:5d:f9:a2:
                    92:7a:2d:8c:5e:f2:43:da:93:3d:15:ce:33:61:c8:
                    06:fd:f3:28:92:9c:42:41:0d:72:f9:a8:de:34:16:
                    6d:b4:35:14:e0:6f:bc:bc:e8:1f:f2:5a:a3:9e:bc:
                    41:fe:77:6f:fd:09:7e:c0:0d:ff:24:d4:f2:b8:62:
                    d7:48:12:5e:90:a9:aa:61:c1:ad:4c:79:17:c6:6b:
                    91:44:95:f2:dd:67:11:8f:91:c7:7d:b6:e0:bb:4f:
                    77:8d:7e:45:bc:ed:c6:3d:37:fd:ac:32:44:3d:27:
                    d6:99:50:9a:46:44:00:5a:c2:ce:05:9d:51:4d:78:
                    0c:08:1c:1f:51:af:1e:24:94:34:da:a3:87:9d:27:
                    b9:eb:f5:6a:84:81:2e:ab:16:f1:b3:c1:87:07:b4:
                    b9:96:2a:13:56:20:0f:43:e8:0b:c5:e0:ee:a7:80:
                    73:40:ea:f1:e7:cb:b8:61:13:42:aa:79:a1:e1:d3:
                    5e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DB:8E:9C:0D:F3:F4:8B:0B:7F:21:6D:89:96:C3:8A:F5:44:F2:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a57f9d8b-6b3c-4ec9-845a-81cab3a69ef2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:91:3c:05:bb:1a:fc:06:36:17:64:86:e2:85:24:68:c6:0f:
         29:5e:00:4c:34:6e:af:8f:76:71:38:09:8f:25:af:3f:1b:e0:
         0d:13:ad:16:ea:40:3e:de:67:93:b1:5a:f7:41:4c:a1:87:f5:
         5b:cd:bb:2b:09:dc:f8:01:ec:74:99:14:ba:db:27:d0:03:d2:
         49:d0:3f:b2:56:8c:bf:83:57:4e:d3:a0:cd:d5:32:fc:e9:e4:
         a6:ac:c4:11:9d:0d:6b:77:84:b9:3a:21:32:c6:aa:23:87:80:
         d8:38:54:f9:4a:77:6f:ae:0b:fd:a4:e6:0d:18:8b:15:eb:62:
         9f:43:f6:0b:c8:45:e4:aa:04:da:46:96:59:a5:ef:df:42:f2:
         58:34:f3:f6:da:17:e3:21:17:53:95:5d:ce:61:6c:88:af:b7:
         a5:8b:3c:a3:58:ea:2d:b3:43:e3:6f:5c:c5:45:12:54:3f:d4:
         a5:5d:a7:c1:ef:6d:af:fa:bc:5d:60:42:5b:4b:b7:6b:68:ec:
         de:a5:0c:df:f6:a4:8f:36:bb:3a:27:56:b2:22:6c:f7:37:b8:
         8d:8a:12:73:80:b5:48:dc:b7:24:d4:1b:72:9c:d4:80:3a:fd:
         91:4c:ce:f3:14:c1:63:90:03:1f:0e:a2:6a:f4:97:d1:50:4b:
         3a:65:81:1a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIdu+i3OYS4sR1EgFRsOM8UJs2C8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTY0MDA3WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ODczYjc4MTllMzZhNWFkZGM1ZGZmYTE3YTBhZDZkYzky
ZDJiZDVkNWFkNmZhNzM2ZjRlMGNjOTAwZDQ4MzQ1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6d91HM6ftvdSpXFCLVKXqbqK8ks19CEqmjyn7fzvfYTyr
k7fwxQpi7xcfaPuw+PSayiow8JZ1ulfWqiesb3NHLnqUk/Yw9135opJ6LYxe8kPa
kz0VzjNhyAb98yiSnEJBDXL5qN40Fm20NRTgb7y86B/yWqOevEH+d2/9CX7ADf8k
1PK4YtdIEl6Qqaphwa1MeRfGa5FElfLdZxGPkcd9tuC7T3eNfkW87cY9N/2sMkQ9
J9aZUJpGRABaws4FnVFNeAwIHB9Rrx4klDTao4edJ7nr9WqEgS6rFvGzwYcHtLmW
KhNWIA9D6AvF4O6ngHNA6vHny7hhE0KqeaHh017TAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKtuOnA3z9IsLfyFtiZbDivVE8iEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E1N2Y5ZDhiLTZiM2MtNGVjOS04NDVhLTgxY2FiM2E2OWVmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASNTANBgkqhkiG9w0BAQsFAAOCAQEAVJE8Bbsa/AY2F2SG4oUkaMYPKV4A
TDRur492cTgJjyWvPxvgDROtFupAPt5nk7Fa90FMoYf1W827Kwnc+AHsdJkUutsn
0APSSdA/slaMv4NXTtOgzdUy/OnkpqzEEZ0Na3eEuTohMsaqI4eA2DhU+Up3b64L
/aTmDRiLFetin0P2C8hF5KoE2kaWWaXv30LyWDTz9toX4yEXU5VdzmFsiK+3pYs8
o1jqLbND429cxUUSVD/UpV2nwe9tr/q8XWBCW0u3a2js3qUM3/akjza7OidWsiJs
9ze4jYoSc4C1SNy3JNQbcpzUgDr9kUzO8xTBY5ADHw6iavSX0VBLOmWBGg==
-----END CERTIFICATE-----