Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/13e17e85-3dd5-4261-9fa5-c3299b4396d3.roa
File:                     13e17e85-3dd5-4261-9fa5-c3299b4396d3.roa (raw, json)
Hash identifier:          Mrtfh9E352+xcsts0gxdZEajwqRoU6T6YpoYLTHOW2c=
Subject key identifier:   01:84:4C:08:56:32:D5:6D:91:3E:FC:56:51:52:3F:3D:0A:1B:AB:87
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       66373C8CC43DC9186CFBBC7CF6F387CD33688A49
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/13e17e85-3dd5-4261-9fa5-c3299b4396d3.roa
Signing time:             Fri 13 Jun 2025 18:00:26 +0000
ROA not before:           Fri 13 Jun 2025 18:00:26 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.57.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:37:3c:8c:c4:3d:c9:18:6c:fb:bc:7c:f6:f3:87:cd:33:68:8a:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 13 18:00:26 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=1aea2a9bf7214d5f935b6a6e6fd7b752cba5f6195d84c20e21d8b36b9dd37a8f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ad:a1:c3:30:66:ea:e9:42:ae:2e:08:21:fa:
                    1c:77:86:bc:49:7b:b8:1b:c7:34:86:e5:e1:5d:8f:
                    69:a8:04:61:c9:2d:05:e6:a1:22:00:3a:5d:d1:96:
                    dd:73:fd:c1:3e:28:e9:36:0f:8f:cf:95:94:a7:b4:
                    77:06:83:74:75:6f:5e:b3:aa:80:94:68:78:5e:2c:
                    4b:13:49:34:3e:59:05:c0:50:58:4b:e2:6c:02:c3:
                    84:09:20:21:8e:76:47:6b:74:4d:7a:94:ca:3e:bd:
                    8b:ce:ac:4c:8e:a8:58:5c:3a:78:ec:86:c6:70:4a:
                    dc:d6:ed:41:14:44:ea:2a:8a:dc:63:ed:2a:e0:94:
                    68:37:d8:63:1f:f2:ac:6b:90:0a:05:a7:b9:9f:27:
                    6b:8e:84:a3:52:9a:19:46:18:cc:b5:19:bf:e5:79:
                    13:46:0c:b3:88:25:dc:db:66:76:f2:3a:78:db:16:
                    76:68:be:15:26:73:65:20:63:ad:2e:56:e8:6f:f8:
                    8d:35:d8:28:40:6c:09:4d:83:fc:1e:6d:7e:34:93:
                    8a:24:49:91:86:20:3e:e4:15:99:9c:5c:ce:62:c0:
                    95:c8:44:c3:4d:80:e9:92:c6:5e:c3:c9:ee:2f:08:
                    a7:24:dc:27:23:db:d8:07:26:91:b7:7d:d1:17:7e:
                    b4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:84:4C:08:56:32:D5:6D:91:3E:FC:56:51:52:3F:3D:0A:1B:AB:87
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/13e17e85-3dd5-4261-9fa5-c3299b4396d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.57.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3f:15:5b:29:70:8d:12:0c:d5:df:66:80:24:94:1c:e1:4e:57:
         ed:04:6b:8c:93:15:d0:72:e5:14:d5:11:ad:cf:ef:7c:05:93:
         d8:54:da:7c:94:ae:44:69:24:c7:de:da:69:c6:0a:bd:25:0a:
         4c:4f:a4:49:a8:41:42:63:51:bf:25:93:fc:56:1a:3a:91:dc:
         8c:11:33:8b:f8:e9:9c:89:c0:60:0e:a3:13:cd:de:15:e4:73:
         12:61:5d:1f:4d:55:44:69:ff:f2:07:7f:88:2e:25:43:6c:34:
         bb:3b:04:d1:2f:4f:6a:14:85:ac:9a:05:57:dc:0b:e7:85:7a:
         2b:fc:a0:f1:a5:fa:10:f6:9c:55:9d:62:6e:dd:43:58:83:bc:
         90:a7:c2:df:6e:ba:87:82:24:e6:17:22:c5:fe:db:92:23:ec:
         bc:f3:bf:4d:89:70:fb:0e:7a:48:89:f4:78:57:15:a1:b9:ae:
         c7:d7:50:73:41:a0:c7:a3:20:10:e9:08:a4:89:f5:52:f9:c9:
         6a:c9:d8:4e:30:c5:cd:9d:be:2d:70:bb:74:56:fb:e8:64:ae:
         7d:00:f6:01:44:e2:f8:95:44:25:ea:c1:72:f3:5b:f0:8f:76:
         8a:66:03:8a:71:b2:e7:91:65:2d:be:41:61:65:72:c1:24:9d:
         d4:1a:fc:ff
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZjc8jMQ9yRhs+7x89vOHzTNoikkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjEzMTgwMDI2WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYWVhMmE5YmY3MjE0ZDVmOTM1YjZhNmU2ZmQ3Yjc1MmNi
YTVmNjE5NWQ4NGMyMGUyMWQ4YjM2YjlkZDM3YThmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCraHDMGbq6UKuLggh+hx3hrxJe7gbxzSG5eFdj2moBGHJ
LQXmoSIAOl3Rlt1z/cE+KOk2D4/PlZSntHcGg3R1b16zqoCUaHheLEsTSTQ+WQXA
UFhL4mwCw4QJICGOdkdrdE16lMo+vYvOrEyOqFhcOnjshsZwStzW7UEUROoqitxj
7SrglGg32GMf8qxrkAoFp7mfJ2uOhKNSmhlGGMy1Gb/leRNGDLOIJdzbZnbyOnjb
FnZovhUmc2UgY60uVuhv+I012ChAbAlNg/webX40k4okSZGGID7kFZmcXM5iwJXI
RMNNgOmSxl7Dye4vCKck3Ccj29gHJpG3fdEXfrSXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUAYRMCFYy1W2RPvxWUVI/PQobq4cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEzZTE3ZTg1LTNkZDUtNDI2MS05ZmE1LWMzMjk5YjQzOTZkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASOTANBgkqhkiG9w0BAQsFAAOCAQEAPxVbKXCNEgzV32aAJJQc4U5X7QRr
jJMV0HLlFNURrc/vfAWT2FTafJSuRGkkx97aacYKvSUKTE+kSahBQmNRvyWT/FYa
OpHcjBEzi/jpnInAYA6jE83eFeRzEmFdH01VRGn/8gd/iC4lQ2w0uzsE0S9PahSF
rJoFV9wL54V6K/yg8aX6EPacVZ1ibt1DWIO8kKfC3266h4Ik5hcixf7bkiPsvPO/
TYlw+w56SIn0eFcVobmux9dQc0Ggx6MgEOkIpIn1UvnJasnYTjDFzZ2+LXC7dFb7
6GSufQD2AUTi+JVEJerBcvNb8I92imYDinGy55FlLb5BYWVywSSd1Br8/w==
-----END CERTIFICATE-----