Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0d2509de-4358-4f86-95d1-3be3642b159a.roa
File:                     0d2509de-4358-4f86-95d1-3be3642b159a.roa (raw, json)
Hash identifier:          ru/SlQ0Kj9Zh1DG2al0xT9PambyLcc1EnCXpMOL11bY=
Subject key identifier:   37:8E:AB:C4:5F:B0:22:7B:74:5B:71:0E:87:51:08:DA:3C:37:BD:F0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       34E30C12A07F3BE609AABCB79830499A6A2E3C7B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0d2509de-4358-4f86-95d1-3be3642b159a.roa
Signing time:             Mon 14 Apr 2025 16:01:22 +0000
ROA not before:           Mon 14 Apr 2025 16:01:22 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.89.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e3:0c:12:a0:7f:3b:e6:09:aa:bc:b7:98:30:49:9a:6a:2e:3c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:01:22 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=aefb809d22dd33cdadc7617f368269e3c72505498c9e1e3c21b6e2d54c9837c1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c2:9b:f4:c1:37:b2:92:6e:fa:b2:7f:07:5a:
                    c0:35:24:ee:3e:e7:29:85:a6:a2:37:b8:fd:9f:d1:
                    86:32:d4:59:4a:98:4d:a8:22:78:66:73:3f:f0:ce:
                    c3:96:b2:1b:10:87:c0:ef:0b:d2:7d:73:b9:0b:a3:
                    f8:45:7e:45:fa:9c:4e:e2:68:41:f6:a9:1e:ed:06:
                    80:95:10:b9:47:61:ca:3f:97:5e:3f:f4:de:e6:09:
                    f3:36:56:3f:af:c8:59:44:0b:11:86:c0:b8:fe:3a:
                    c6:02:1e:a9:f0:46:3f:3e:89:27:c8:f4:fd:a2:13:
                    69:20:19:c3:d3:32:ee:eb:38:22:34:10:2a:c7:79:
                    63:90:22:ea:ed:c0:06:d8:47:87:c4:59:41:72:19:
                    b0:8e:20:94:f4:31:01:be:06:08:45:f6:53:3d:5a:
                    0f:bc:04:c1:94:84:17:f0:76:75:a0:3e:91:33:11:
                    15:e7:2a:41:1c:6e:20:ca:cd:dc:05:82:d0:12:7f:
                    96:0a:7a:c7:b2:98:c9:0c:c7:ad:fe:0f:6f:0f:35:
                    44:44:90:bf:ee:b3:13:88:8c:cb:0a:53:ad:30:5b:
                    be:78:4c:a5:9c:bd:24:6b:58:bc:d5:35:39:c8:24:
                    98:c3:37:69:55:b3:3e:bd:98:53:03:4c:f6:fe:14:
                    6f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:8E:AB:C4:5F:B0:22:7B:74:5B:71:0E:87:51:08:DA:3C:37:BD:F0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0d2509de-4358-4f86-95d1-3be3642b159a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.89.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         85:78:cf:b3:93:ba:e0:8a:fc:73:32:e9:f0:0f:01:23:9f:a3:
         b2:f4:33:4d:93:ee:55:7f:d8:b3:92:cf:55:ed:2a:06:db:f5:
         51:65:36:74:50:69:9d:66:38:66:2d:37:4e:2a:1f:69:6a:60:
         94:a4:55:87:90:b2:22:6a:4a:a0:69:2e:76:6e:d1:9f:26:5a:
         6b:d8:3c:ac:8f:81:06:c3:20:3c:20:b8:89:61:87:05:72:2d:
         d5:7e:d7:23:87:b8:8e:fb:ca:ec:03:fb:69:79:5e:b9:28:8e:
         83:f8:91:31:eb:84:72:c3:77:33:12:4a:f2:23:a6:db:54:a9:
         4a:4e:79:e1:bc:a0:cc:a7:52:61:c4:44:0c:a7:49:f2:47:c6:
         e9:cc:66:bd:17:65:cf:fb:49:d5:c7:f7:e1:82:a5:4d:18:2e:
         ac:7c:c7:a5:e5:f7:6b:60:d4:39:95:6f:65:e4:5d:35:ab:ac:
         10:af:d5:65:ca:b8:59:09:70:9a:17:d3:31:f9:27:49:89:bf:
         2b:c8:44:24:67:e9:c7:cd:91:fe:ec:0d:ce:1a:c0:5d:df:e9:
         29:be:91:1b:de:aa:89:4a:16:e6:6b:21:8c:59:5d:ba:b3:75:
         6a:47:c1:31:71:2e:6c:f3:1e:ba:4a:d0:9a:11:a8:98:e8:19:
         a5:d0:f1:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNOMMEqB/O+YJqry3mDBJmmouPHswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYwMTIyWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZWZiODA5ZDIyZGQzM2NkYWRjNzYxN2YzNjgyNjllM2M3
MjUwNTQ5OGM5ZTFlM2MyMWI2ZTJkNTRjOTgzN2MxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjwpv0wTeykm76sn8HWsA1JO4+5ymFpqI3uP2f0YYy1FlK
mE2oInhmcz/wzsOWshsQh8DvC9J9c7kLo/hFfkX6nE7iaEH2qR7tBoCVELlHYco/
l14/9N7mCfM2Vj+vyFlECxGGwLj+OsYCHqnwRj8+iSfI9P2iE2kgGcPTMu7rOCI0
ECrHeWOQIurtwAbYR4fEWUFyGbCOIJT0MQG+BghF9lM9Wg+8BMGUhBfwdnWgPpEz
ERXnKkEcbiDKzdwFgtASf5YKeseymMkMx63+D28PNUREkL/usxOIjMsKU60wW754
TKWcvSRrWLzVNTnIJJjDN2lVsz69mFMDTPb+FG8ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN46rxF+wInt0W3EOh1EI2jw3vfAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBkMjUwOWRlLTQzNTgtNGY4Ni05NWQxLTNiZTM2NDJiMTU5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYSWQAwDQYJKoZIhvcNAQELBQADggEBAIV4z7OTuuCK/HMy6fAPASOfo7L0
M02T7lV/2LOSz1XtKgbb9VFlNnRQaZ1mOGYtN04qH2lqYJSkVYeQsiJqSqBpLnZu
0Z8mWmvYPKyPgQbDIDwguIlhhwVyLdV+1yOHuI77yuwD+2l5XrkojoP4kTHrhHLD
dzMSSvIjpttUqUpOeeG8oMynUmHERAynSfJHxunMZr0XZc/7SdXH9+GCpU0YLqx8
x6Xl92tg1DmVb2XkXTWrrBCv1WXKuFkJcJoX0zH5J0mJvyvIRCRn6cfNkf7sDc4a
wF3f6Sm+kRveqolKFuZrIYxZXbqzdWpHwTFxLmzzHrpK0JoRqJjoGaXQ8ZM=
-----END CERTIFICATE-----