Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e289b8b-2eb3-4694-a4fc-e8ce7237fbd6.roa
File:                     3e289b8b-2eb3-4694-a4fc-e8ce7237fbd6.roa (raw, json)
Hash identifier:          RETkAE6FDaEOc4vWKx4LiYTi8/HpV1SJ5qnDqmOXQB0=
Subject key identifier:   57:48:76:A7:99:76:3E:35:9B:76:28:66:30:F8:2F:48:0B:B0:41:4C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7FE57C4215B7D69E400295127940D6C2EFFAF0E9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e289b8b-2eb3-4694-a4fc-e8ce7237fbd6.roa
Signing time:             Tue 20 May 2025 16:31:27 +0000
ROA not before:           Tue 20 May 2025 16:31:27 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.141.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:e5:7c:42:15:b7:d6:9e:40:02:95:12:79:40:d6:c2:ef:fa:f0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 16:31:27 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=4ced904d07ca515e1f7b4d49e797c1da283cace56f29168fe31b1206cda17e4a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8f:5a:16:c8:c4:5d:f1:93:1c:93:29:37:db:
                    97:5a:75:01:03:aa:5c:76:8c:9f:ab:0b:c7:d3:87:
                    aa:ad:df:f5:71:ad:86:87:43:ef:33:83:0d:72:1c:
                    02:5a:f5:bc:d5:4f:31:57:62:3a:3a:c8:55:9a:b1:
                    af:be:de:79:21:24:b6:51:95:e6:ec:d5:25:55:40:
                    ac:96:21:f8:1e:4e:87:fc:20:91:01:c0:00:49:f4:
                    08:41:cd:3e:24:ac:df:60:a0:7e:29:85:8d:e2:30:
                    3f:a9:75:25:20:09:c2:7c:f5:19:47:69:4f:6c:01:
                    88:ff:3b:be:91:ed:2f:04:82:29:04:29:0d:f2:73:
                    f1:2c:d7:df:29:0a:79:c9:9a:4c:9f:46:90:9b:cf:
                    ef:ab:b0:24:96:44:a1:60:d7:6f:c4:68:6c:b3:c6:
                    96:b0:bb:8e:31:7a:2a:d2:02:06:04:dc:d6:6d:28:
                    e7:f5:5b:94:fd:3b:3f:e2:9a:2e:28:64:51:80:4e:
                    79:2d:17:03:a9:67:90:e0:04:dc:27:bb:53:fa:a9:
                    ad:58:8d:ec:05:a7:f5:47:2d:59:bd:33:18:ce:36:
                    89:4b:19:67:a6:74:66:c9:d2:80:98:d8:17:05:62:
                    58:d4:55:fd:ee:b4:10:7c:e9:b8:d3:0c:b9:5f:0f:
                    4a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:48:76:A7:99:76:3E:35:9B:76:28:66:30:F8:2F:48:0B:B0:41:4C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e289b8b-2eb3-4694-a4fc-e8ce7237fbd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.141.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:bb:c3:8b:f5:76:95:e3:32:3e:a4:c8:89:3b:1f:24:3f:ee:
         ee:cc:a5:0b:a1:4d:0b:da:38:60:3b:7d:ed:a8:20:55:c3:f0:
         6a:48:6e:19:6a:d3:c6:6f:45:e3:28:83:4d:dd:23:83:f7:e7:
         73:29:da:83:68:92:d6:0c:43:0f:af:dc:be:fb:73:06:ec:04:
         56:e5:45:a7:5d:54:63:fd:0c:00:4d:90:b6:b2:eb:b5:c6:a2:
         b9:92:74:ad:45:d5:f3:6e:1c:e1:6e:93:73:13:e3:97:8b:32:
         6c:e8:cc:c3:8b:24:58:8b:3a:03:73:4d:8f:77:55:24:e0:24:
         e2:e0:1c:b1:56:02:22:34:a3:ef:79:d2:ee:61:cd:dc:af:3e:
         90:35:7b:90:9d:69:ec:46:70:86:72:2e:16:cc:23:66:57:d8:
         95:24:65:f8:58:be:66:6a:ac:7f:da:7f:40:8f:5a:8b:2a:c0:
         2f:67:36:49:b0:03:f8:ba:c5:88:ed:49:e7:fe:51:77:05:7c:
         5c:5c:7a:cf:6f:e8:6b:eb:b2:cf:40:13:8d:75:ef:45:f5:8f:
         fc:69:36:93:77:2a:56:7d:85:b7:dc:dc:5c:39:0d:d9:83:d4:
         79:66:c4:1d:af:c5:85:2e:82:15:ed:31:c6:de:7a:f5:38:80:
         01:83:7c:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf+V8QhW31p5AApUSeUDWwu/68OkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTYzMTI3WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2VkOTA0ZDA3Y2E1MTVlMWY3YjRkNDllNzk3YzFkYTI4
M2NhY2U1NmYyOTE2OGZlMzFiMTIwNmNkYTE3ZTRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsj1oWyMRd8ZMckyk325dadQEDqlx2jJ+rC8fTh6qt3/Vx
rYaHQ+8zgw1yHAJa9bzVTzFXYjo6yFWasa++3nkhJLZRlebs1SVVQKyWIfgeTof8
IJEBwABJ9AhBzT4krN9goH4phY3iMD+pdSUgCcJ89RlHaU9sAYj/O76R7S8EgikE
KQ3yc/Es198pCnnJmkyfRpCbz++rsCSWRKFg12/EaGyzxpawu44xeirSAgYE3NZt
KOf1W5T9Oz/imi4oZFGATnktFwOpZ5DgBNwnu1P6qa1YjewFp/VHLVm9MxjONolL
GWemdGbJ0oCY2BcFYljUVf3utBB86bjTDLlfD0ojAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV0h2p5l2PjWbdihmMPgvSAuwQUwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNlMjg5YjhiLTJlYjMtNDY5NC1hNGZjLWU4Y2U3MjM3ZmJkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASjaowDQYJKoZIhvcNAQELBQADggEBAGC7w4v1dpXjMj6kyIk7HyQ/7u7M
pQuhTQvaOGA7fe2oIFXD8GpIbhlq08ZvReMog03dI4P353Mp2oNoktYMQw+v3L77
cwbsBFblRaddVGP9DABNkLay67XGormSdK1F1fNuHOFuk3MT45eLMmzozMOLJFiL
OgNzTY93VSTgJOLgHLFWAiI0o+950u5hzdyvPpA1e5CdaexGcIZyLhbMI2ZX2JUk
ZfhYvmZqrH/af0CPWosqwC9nNkmwA/i6xYjtSef+UXcFfFxces9v6Gvrss9AE411
70X1j/xpNpN3KlZ9hbfc3Fw5DdmD1HlmxB2vxYUughXtMcbeevU4gAGDfMw=
-----END CERTIFICATE-----