Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e62e9815-3225-4311-82d0-bc16ef255830.roa
File:                     e62e9815-3225-4311-82d0-bc16ef255830.roa (raw, json)
Hash identifier:          IzdBvoUP66en63T/hB0zIX2tpNEfoi8/2NCBvTgHx3M=
Subject key identifier:   62:A4:10:B6:73:12:02:CE:E9:96:8D:00:52:71:36:69:ED:B7:CD:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       23AAA0464C93A7016050C9DA43BD049EAACF6ACD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e62e9815-3225-4311-82d0-bc16ef255830.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.35.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:aa:a0:46:4c:93:a7:01:60:50:c9:da:43:bd:04:9e:aa:cf:6a:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:52:2f:a1:8d:50:9e:b1:c4:32:f5:a7:06:56:
                    9a:54:80:36:f4:0c:22:1e:98:cf:ba:ff:c8:0d:af:
                    35:be:2f:1d:fe:ee:71:9a:b0:e5:34:0e:32:3f:13:
                    e7:05:6a:94:5a:eb:45:45:d0:b0:d2:2e:70:9b:b6:
                    10:9f:40:19:a1:72:4d:72:2d:fc:df:a1:f7:9b:de:
                    16:6a:de:cc:61:9f:c8:ea:39:64:ff:db:72:0a:ec:
                    7f:d5:b3:7b:fd:8e:3e:6a:06:5d:c4:fe:7f:c5:6e:
                    f1:1b:c7:ce:7e:9f:a0:2b:79:71:68:dc:fb:cc:36:
                    45:f5:68:a0:d2:d9:bc:0c:bf:1e:20:4c:8d:6c:0d:
                    7e:3f:fc:46:c8:48:f8:f8:e6:07:fd:e0:68:b5:50:
                    e8:6d:42:e2:a1:f0:6e:ca:a9:98:62:a5:60:c2:b5:
                    53:e7:2c:73:c7:8a:55:27:93:bd:e5:70:ea:49:d5:
                    e1:0d:3e:32:9c:de:b0:f2:fa:cc:da:70:72:94:66:
                    1c:ec:b5:3c:b5:76:9b:92:d8:88:63:69:8a:31:31:
                    a7:bd:3f:85:55:3e:ef:ac:7b:6b:33:5e:5b:3b:c6:
                    5b:22:7a:1e:85:5f:83:8f:87:cf:47:cc:04:88:86:
                    e0:0c:e9:ee:03:5e:e0:da:db:95:c3:43:2c:7d:6b:
                    87:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A4:10:B6:73:12:02:CE:E9:96:8D:00:52:71:36:69:ED:B7:CD:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e62e9815-3225-4311-82d0-bc16ef255830.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.35.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         92:8b:c0:27:ae:01:9d:3a:4a:b5:03:e6:21:07:7d:dd:c3:f7:
         c6:ed:ad:db:a5:a7:c4:1c:76:0f:01:30:8e:50:ef:c4:e8:42:
         33:eb:0c:93:a2:e1:97:26:79:5b:3c:9a:58:37:9c:65:98:7c:
         18:61:56:9f:cd:df:ed:b9:34:9f:a8:bf:c5:7e:0e:61:6d:d1:
         eb:f5:b1:46:65:63:8b:1c:86:9f:55:48:f4:2f:9a:31:16:14:
         f2:c9:0b:79:3f:5a:99:2a:69:9c:ee:3f:63:d9:34:87:e3:6e:
         a6:3c:62:2f:92:45:a1:40:d5:20:ca:92:a2:29:25:3f:17:96:
         26:ca:0a:68:bc:2a:a2:57:1f:43:08:31:1c:87:8c:6e:01:c0:
         e0:f1:6f:69:9c:67:a6:b2:1a:32:72:d6:4c:78:f2:ee:f8:1c:
         7a:72:b9:61:c0:55:d4:e9:55:cc:00:1a:0c:38:e3:8b:92:46:
         97:a8:9f:94:b8:1b:f8:3d:f0:f0:3a:5d:88:66:b0:00:33:08:
         5b:ee:ae:4d:ae:b2:43:8f:79:92:34:de:97:41:79:fa:e5:fb:
         cc:5c:be:21:ff:8e:39:9e:9f:90:37:b4:20:3f:d2:90:07:fc:
         05:64:05:e0:14:bf:21:aa:f7:45:4b:d8:76:ff:0f:b6:0f:14:
         d7:69:ae:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI6qgRkyTpwFgUMnaQ70EnqrPas0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjFmZmYzMjViMjFhOWUxZjZiZGFjNjNmZGZhODYyMmVm
MGQxYmQ4ZDQ0MTIzNjQ5ZmM2ZDIwZGI4MDc0ZTA0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6Ui+hjVCescQy9acGVppUgDb0DCIemM+6/8gNrzW+Lx3+
7nGasOU0DjI/E+cFapRa60VF0LDSLnCbthCfQBmhck1yLfzfofeb3hZq3sxhn8jq
OWT/23IK7H/Vs3v9jj5qBl3E/n/FbvEbx85+n6AreXFo3PvMNkX1aKDS2bwMvx4g
TI1sDX4//EbISPj45gf94Gi1UOhtQuKh8G7KqZhipWDCtVPnLHPHilUnk73lcOpJ
1eENPjKc3rDy+szacHKUZhzstTy1dpuS2IhjaYoxMae9P4VVPu+se2szXls7xlsi
eh6FX4OPh89HzASIhuAM6e4DXuDa25XDQyx9a4exAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYqQQtnMSAs7plo0AUnE2ae23zYUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U2MmU5ODE1LTMyMjUtNDMxMS04MmQwLWJjMTZlZjI1NTgzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUSIwAwDQYJKoZIhvcNAQELBQADggEBAJKLwCeuAZ06SrUD5iEHfd3D98bt
rdulp8Qcdg8BMI5Q78ToQjPrDJOi4ZcmeVs8mlg3nGWYfBhhVp/N3+25NJ+ov8V+
DmFt0ev1sUZlY4schp9VSPQvmjEWFPLJC3k/WpkqaZzuP2PZNIfjbqY8Yi+SRaFA
1SDKkqIpJT8XlibKCmi8KqJXH0MIMRyHjG4BwODxb2mcZ6ayGjJy1kx48u74HHpy
uWHAVdTpVcwAGgw444uSRpeon5S4G/g98PA6XYhmsAAzCFvurk2uskOPeZI03pdB
efrl+8xcviH/jjmen5A3tCA/0pAH/AVkBeAUvyGq90VL2Hb/D7YPFNdprmo=
-----END CERTIFICATE-----