Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa
File:                     27080014-4498-4888-909d-c1bed4c0abca.roa (raw, json)
Hash identifier:          hmgxfXjYGIuGokgpZb//dZ6eO6saNPDF98lZjlwGhzs=
Subject key identifier:   CC:81:03:31:AB:C3:BE:F8:63:A1:8B:69:41:E5:4D:82:5C:84:5B:33
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       144F1C79800B9B940E762F5A1C7D2A7EB1F3E9B9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa
Signing time:             Wed 21 May 2025 00:31:47 +0000
ROA not before:           Wed 21 May 2025 00:31:47 +0000
ROA not after:            Wed 25 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.43.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:4f:1c:79:80:0b:9b:94:0e:76:2f:5a:1c:7d:2a:7e:b1:f3:e9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 21 00:31:47 2025 GMT
            Not After : Jun 25 23:59:59 2025 GMT
        Subject: serialNumber=955c545d8f85eaf1bc005e38990204e239eae3d9965ad11952af21e08f04ac66, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:13:fa:b5:88:68:1b:05:67:2d:14:71:1e:cd:
                    c4:e6:d8:ce:ac:f4:f8:51:c0:dd:c9:0d:21:20:a9:
                    f6:c4:41:0f:b1:be:56:61:6a:3b:f5:df:26:37:7d:
                    ee:27:f2:c1:23:2f:85:24:c8:73:e5:36:84:79:ad:
                    71:66:6f:38:01:77:2f:87:ea:a5:6e:46:da:35:8f:
                    bb:df:f1:8e:d9:e8:7f:a1:d7:00:4c:5c:5b:7f:f3:
                    39:fe:84:24:94:48:89:20:7d:a0:cf:19:77:be:6f:
                    a0:1b:5f:ed:85:aa:e8:c3:ae:76:7b:34:7f:61:9e:
                    af:ec:2b:fd:32:c3:8d:08:dc:4b:12:44:8d:e6:6b:
                    37:3c:1b:84:7a:b9:54:db:e2:56:f0:b6:05:a5:13:
                    6d:da:de:53:aa:38:4c:3a:81:e7:f3:4e:28:81:bf:
                    f8:7e:da:a5:93:21:34:8f:8e:c8:9c:ca:a1:3e:9b:
                    d6:a1:3a:e3:c3:9f:0e:ac:44:e8:8c:56:2f:73:d2:
                    2a:92:34:0b:c1:eb:16:d5:31:a2:2d:04:86:2b:b6:
                    ce:58:c2:c6:3e:29:b3:c6:39:a9:ab:b7:dd:c9:5a:
                    31:81:99:eb:4b:54:7e:78:3c:37:5e:6b:77:ee:7e:
                    3e:02:47:c4:f7:5b:eb:06:63:ba:c2:c0:64:bd:f2:
                    7c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:81:03:31:AB:C3:BE:F8:63:A1:8B:69:41:E5:4D:82:5C:84:5B:33
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         82:be:1d:d3:29:3d:e6:4f:fb:be:79:7c:72:6d:52:9a:fb:4c:
         b3:a9:cf:07:74:a6:0e:47:b4:11:74:08:b6:0c:11:57:e5:92:
         1a:9b:d2:13:d3:40:30:2f:80:d3:c7:ce:32:e1:3c:c4:47:7a:
         93:e4:ec:dd:8c:18:06:24:a7:db:b3:82:5b:09:43:65:c7:10:
         f7:0b:9a:3d:5c:22:dd:3b:22:a2:7d:c8:db:a4:97:ba:6f:64:
         81:66:d7:2c:54:c9:13:2d:4f:20:98:07:40:10:24:1f:07:77:
         75:98:24:39:fd:a4:59:01:57:c5:ed:d6:92:2d:fb:5c:2e:b4:
         b9:b7:16:b3:e1:25:34:63:f8:5c:35:47:40:74:98:24:2f:0b:
         eb:93:25:f4:2f:47:3b:fe:5f:ba:ce:02:e7:5d:7e:53:0d:ec:
         78:24:88:80:4f:cc:1a:65:53:b4:46:a2:d1:3c:ae:2f:e5:28:
         c3:c1:33:9a:cb:81:08:bf:cd:71:36:0b:13:8b:eb:a5:b2:4b:
         09:8c:a0:17:bf:30:40:1d:69:60:42:94:f3:59:ab:0a:cb:67:
         63:dc:7b:e0:35:4d:00:f8:ed:7d:13:43:55:01:c8:4e:69:b8:
         4e:01:50:5b:04:14:61:19:a4:d5:a5:c0:55:7e:98:4b:43:a4:
         52:6b:6f:b6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFE8ceYALm5QOdi9aHH0qfrHz6bkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIxMDAzMTQ3WhcNMjUwNjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTVjNTQ1ZDhmODVlYWYxYmMwMDVlMzg5OTAyMDRlMjM5
ZWFlM2Q5OTY1YWQxMTk1MmFmMjFlMDhmMDRhYzY2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgE/q1iGgbBWctFHEezcTm2M6s9PhRwN3JDSEgqfbEQQ+x
vlZhajv13yY3fe4n8sEjL4UkyHPlNoR5rXFmbzgBdy+H6qVuRto1j7vf8Y7Z6H+h
1wBMXFt/8zn+hCSUSIkgfaDPGXe+b6AbX+2FqujDrnZ7NH9hnq/sK/0yw40I3EsS
RI3mazc8G4R6uVTb4lbwtgWlE23a3lOqOEw6gefzTiiBv/h+2qWTITSPjsicyqE+
m9ahOuPDnw6sROiMVi9z0iqSNAvB6xbVMaItBIYrts5YwsY+KbPGOamrt93JWjGB
metLVH54PDdea3fufj4CR8T3W+sGY7rCwGS98nzxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzIEDMavDvvhjoYtpQeVNglyEWzMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI3MDgwMDE0LTQ0OTgtNDg4OC05MDlkLWMxYmVkNGMwYWJjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASKzANBgkqhkiG9w0BAQsFAAOCAQEAgr4d0yk95k/7vnl8cm1SmvtMs6nP
B3SmDke0EXQItgwRV+WSGpvSE9NAMC+A08fOMuE8xEd6k+Ts3YwYBiSn27OCWwlD
ZccQ9wuaPVwi3Tsion3I26SXum9kgWbXLFTJEy1PIJgHQBAkHwd3dZgkOf2kWQFX
xe3Wki37XC60ubcWs+ElNGP4XDVHQHSYJC8L65Ml9C9HO/5fus4C511+Uw3seCSI
gE/MGmVTtEai0TyuL+Uow8EzmsuBCL/NcTYLE4vrpbJLCYygF78wQB1pYEKU81mr
CstnY9x74DVNAPjtfRNDVQHITmm4TgFQWwQUYRmk1aXAVX6YS0OkUmtvtg==
-----END CERTIFICATE-----