Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
File:                     e4615e61-d476-459e-a1c0-ba780d645b1f.roa (raw, json)
Hash identifier:          cLppNVQM+Ud/1SN9BaE3yKEAi637jECoGNBaoXA26qQ=
Subject key identifier:   35:CE:77:8C:B0:E2:FF:9E:54:FF:E7:48:BA:94:FB:6F:C5:6E:64:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       561402050FC7B76336E86D2175335CCE26CA8EBD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.60.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:14:02:05:0f:c7:b7:63:36:e8:6d:21:75:33:5c:ce:26:ca:8e:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:33:36:21:a0:40:c0:d4:c8:8f:df:87:1e:de:
                    78:84:e5:ad:50:51:f3:46:e1:4f:47:23:af:9e:ca:
                    63:81:23:52:0e:38:53:8a:43:23:35:69:20:8a:86:
                    fb:b1:74:47:8a:fa:74:84:a2:e8:93:17:0d:72:6f:
                    79:62:73:c6:84:ac:48:7f:bb:e2:ff:66:60:49:f2:
                    fa:a4:84:20:6f:66:e3:4b:97:ee:5e:9c:fe:97:e8:
                    c6:e1:3a:7a:d5:7c:ac:0a:7a:99:03:ef:68:9b:08:
                    53:9d:00:f7:56:2b:28:f1:dc:e5:5e:ea:bf:d2:20:
                    6d:0c:5b:b8:f8:9b:81:ff:62:9a:58:e8:51:b2:06:
                    53:c4:69:10:95:9f:e6:d9:81:90:ce:2a:f5:84:2a:
                    e6:16:d1:d6:00:98:65:12:33:89:24:ab:91:97:58:
                    30:cc:2f:98:14:a2:48:b9:09:6f:7c:44:81:84:4a:
                    fa:fe:87:aa:be:55:35:ce:80:58:24:37:dd:f3:4b:
                    91:ef:c6:38:b8:5a:4e:f1:39:b9:56:55:83:bf:0e:
                    75:68:10:15:89:48:ed:7e:0a:c7:67:b2:bd:60:84:
                    01:29:28:1a:75:42:7a:9d:c9:4f:9d:b1:10:70:1c:
                    1b:0b:bd:9b:11:59:07:6e:a4:1b:76:14:94:a8:71:
                    56:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:CE:77:8C:B0:E2:FF:9E:54:FF:E7:48:BA:94:FB:6F:C5:6E:64:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.60.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:17:92:21:4a:aa:f9:70:15:81:a9:be:e3:c7:81:8d:11:37:
         6d:2d:b4:aa:93:bf:f7:02:79:e7:2f:42:59:bc:ba:bb:07:61:
         7a:52:c2:b8:2c:f0:64:73:b2:21:84:bf:7b:75:28:b1:51:81:
         ee:1a:c1:9f:85:df:df:e8:57:e6:cd:d4:ee:88:50:f0:40:87:
         f1:b9:14:3f:bb:cd:e3:53:e2:92:22:ae:e4:95:91:af:de:02:
         0b:e3:2d:4d:c1:1d:fe:7b:9b:76:8f:84:4b:d2:d4:c5:bc:aa:
         54:ef:28:7f:bd:7a:4c:d6:25:5b:85:d3:03:77:fe:85:80:03:
         f4:1d:9c:d4:65:82:fc:a5:7a:0e:6c:6e:88:99:3f:c5:23:4b:
         04:a8:96:20:98:57:29:e8:93:ed:9c:97:1a:98:85:ad:17:85:
         4d:72:83:49:41:6e:e3:66:6f:4a:8c:94:23:83:b7:e2:85:57:
         1b:9f:23:2a:53:a7:83:f9:cd:e5:8d:4f:c3:7f:6e:94:b4:aa:
         9e:09:5e:55:6e:49:1f:1d:04:81:a4:28:f0:ef:f0:35:c3:ef:
         e9:02:1a:02:8a:d2:26:f3:b1:4f:ee:ce:b4:fe:99:87:7c:04:
         f5:08:19:4d:98:1a:8a:f6:ef:c3:c6:c4:3a:5b:2e:2c:ce:18:
         e7:52:ac:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVhQCBQ/Ht2M26G0hdTNczibKjr0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGM4ODk1Nzc5NzAwOGM5NTQzY2MwOWVlN2ZmY2YzZDY4
MWUwOWUwZjMzOTFhMTE1ZjM2ZjE1ZjdhZjAwMmE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDMzYhoEDA1MiP34ce3niE5a1QUfNG4U9HI6+eymOBI1IO
OFOKQyM1aSCKhvuxdEeK+nSEouiTFw1yb3lic8aErEh/u+L/ZmBJ8vqkhCBvZuNL
l+5enP6X6MbhOnrVfKwKepkD72ibCFOdAPdWKyjx3OVe6r/SIG0MW7j4m4H/YppY
6FGyBlPEaRCVn+bZgZDOKvWEKuYW0dYAmGUSM4kkq5GXWDDML5gUoki5CW98RIGE
Svr+h6q+VTXOgFgkN93zS5Hvxji4Wk7xOblWVYO/DnVoEBWJSO1+Csdnsr1ghAEp
KBp1QnqdyU+dsRBwHBsLvZsRWQdupBt2FJSocVZjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNc53jLDi/55U/+dIupT7b8VuZCEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U0NjE1ZTYxLWQ0NzYtNDU5ZS1hMWMwLWJhNzgwZDY0NWIxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESPEwwDQYJKoZIhvcNAQELBQADggEBAKYXkiFKqvlwFYGpvuPHgY0RN20t
tKqTv/cCeecvQlm8ursHYXpSwrgs8GRzsiGEv3t1KLFRge4awZ+F39/oV+bN1O6I
UPBAh/G5FD+7zeNT4pIiruSVka/eAgvjLU3BHf57m3aPhEvS1MW8qlTvKH+9ekzW
JVuF0wN3/oWAA/QdnNRlgvyleg5sboiZP8UjSwSoliCYVynok+2clxqYha0XhU1y
g0lBbuNmb0qMlCODt+KFVxufIypTp4P5zeWNT8N/bpS0qp4JXlVuSR8dBIGkKPDv
8DXD7+kCGgKK0ibzsU/uzrT+mYd8BPUIGU2YGor278PGxDpbLizOGOdSrDk=
-----END CERTIFICATE-----