Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa
File:                     44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa (raw, json)
Hash identifier:          0DFGj4TGmtAYLS1WaTwM+Snfy/5W82bdB5D5NpHKRgQ=
Subject key identifier:   A8:06:46:95:46:B7:0D:C1:36:14:2C:75:61:16:8B:38:58:AF:76:C4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       22BDBBEC130DCD8CCD0289A4548C164094044423
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa
Signing time:             Mon 04 Aug 2025 18:00:49 +0000
ROA not before:           Mon 04 Aug 2025 18:00:49 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.127.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:bd:bb:ec:13:0d:cd:8c:cd:02:89:a4:54:8c:16:40:94:04:44:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  4 18:00:49 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=30dbbba2a53f90146e54ec4b5656ee3fc8be1ccc33f2813dbcbad0686dfbeeaa, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fb:ef:51:f1:46:99:bd:e5:01:f9:ce:ec:4d:
                    44:48:bd:27:45:f9:39:09:dc:62:cd:a0:5d:3e:38:
                    a3:dd:1a:6d:f3:c8:e6:81:1e:f0:7a:6f:4d:e8:8b:
                    8a:15:8e:96:bb:a3:84:91:1d:e6:95:40:89:c3:d6:
                    07:e0:d2:87:ce:ec:72:1d:d5:56:37:5f:73:3b:fe:
                    22:08:34:68:c6:5f:13:a9:d9:e8:aa:47:7d:3f:04:
                    3e:ce:93:af:2c:96:14:e0:ef:ab:32:ba:33:3c:77:
                    b3:7d:83:8e:41:19:69:55:66:16:a8:7d:96:a8:d0:
                    c6:c2:68:f6:78:13:7f:9e:fe:5b:bc:69:a0:5b:78:
                    8d:ba:c8:30:d7:11:72:1c:50:eb:2a:0f:80:29:67:
                    27:93:81:05:41:ae:37:7d:70:d1:1c:fd:03:c9:4a:
                    35:99:fa:b7:26:d0:91:d9:0a:f2:48:f6:4f:ba:ac:
                    2f:2d:2e:c5:09:3d:77:b7:a4:98:2b:c7:93:b3:3b:
                    11:11:34:1a:d2:f0:d4:2b:c0:61:9e:1e:75:3e:59:
                    3f:54:6a:42:37:41:34:3b:57:65:cd:cc:0f:f6:ea:
                    4b:bc:07:89:7f:18:95:22:2e:1f:24:dc:39:4f:0d:
                    da:07:6c:51:25:e8:01:60:f3:20:2d:e5:6e:e7:25:
                    95:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:06:46:95:46:B7:0D:C1:36:14:2C:75:61:16:8B:38:58:AF:76:C4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:71:55:1a:82:55:87:a5:f6:69:63:48:ac:2b:bc:f6:6e:cd:
         64:88:64:32:a8:fe:7d:7e:8c:71:50:47:46:bb:4b:ca:2c:72:
         51:06:ab:70:e8:60:8d:ce:f2:6f:de:ab:50:70:60:18:11:53:
         fd:af:5b:7b:f6:90:02:f5:59:0d:c7:e5:06:06:60:7b:a1:53:
         1f:f6:d8:60:18:87:3b:2b:ad:a4:2f:76:90:70:eb:3d:32:4d:
         1c:dc:d3:1a:f5:67:ef:19:1e:3e:52:60:18:90:44:48:04:71:
         28:1f:da:c7:7b:0a:28:60:20:2b:71:62:92:67:32:46:8e:76:
         4d:6c:b8:10:b3:96:74:47:7a:2e:09:a1:62:b2:5a:49:02:50:
         b4:fa:4e:54:59:4a:b0:a8:fa:cf:ad:20:e8:67:26:aa:d6:24:
         f6:57:15:ae:d4:a4:89:2c:4b:94:63:f8:bb:17:1f:8e:99:48:
         86:3e:6a:1a:54:56:fc:5e:45:64:db:92:85:d4:b5:54:23:e5:
         85:d0:9c:18:33:08:70:87:e9:0c:1b:88:d7:9b:07:f4:c4:e5:
         c8:91:22:14:fb:90:3f:5a:04:b8:4f:49:ee:23:6c:9a:4f:2e:
         d3:3d:b9:c8:0b:03:01:10:54:00:15:39:12:58:a1:60:76:c4:
         7e:c3:3b:6b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIr277BMNzYzNAomkVIwWQJQERCMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA0MTgwMDQ5WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGRiYmJhMmE1M2Y5MDE0NmU1NGVjNGI1NjU2ZWUzZmM4
YmUxY2NjMzNmMjgxM2RiY2JhZDA2ODZkZmJlZWFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9++9R8UaZveUB+c7sTURIvSdF+TkJ3GLNoF0+OKPdGm3z
yOaBHvB6b03oi4oVjpa7o4SRHeaVQInD1gfg0ofO7HId1VY3X3M7/iIINGjGXxOp
2eiqR30/BD7Ok68slhTg76syujM8d7N9g45BGWlVZhaofZao0MbCaPZ4E3+e/lu8
aaBbeI26yDDXEXIcUOsqD4ApZyeTgQVBrjd9cNEc/QPJSjWZ+rcm0JHZCvJI9k+6
rC8tLsUJPXe3pJgrx5OzOxERNBrS8NQrwGGeHnU+WT9UakI3QTQ7V2XNzA/26ku8
B4l/GJUiLh8k3DlPDdoHbFEl6AFg8yAt5W7nJZW/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqAZGlUa3DcE2FCx1YRaLOFivdsQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ0ZTlkNGE1LTU2NjYtNDNhZC04Zjk2LTBjYTQ0YmMxYTg3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASfzANBgkqhkiG9w0BAQsFAAOCAQEAr3FVGoJVh6X2aWNIrCu89m7NZIhk
Mqj+fX6McVBHRrtLyixyUQarcOhgjc7yb96rUHBgGBFT/a9be/aQAvVZDcflBgZg
e6FTH/bYYBiHOyutpC92kHDrPTJNHNzTGvVn7xkePlJgGJBESARxKB/ax3sKKGAg
K3FikmcyRo52TWy4ELOWdEd6LgmhYrJaSQJQtPpOVFlKsKj6z60g6GcmqtYk9lcV
rtSkiSxLlGP4uxcfjplIhj5qGlRW/F5FZNuShdS1VCPlhdCcGDMIcIfpDBuI15sH
9MTlyJEiFPuQP1oEuE9J7iNsmk8u0z25yAsDARBUABU5ElihYHbEfsM7aw==
-----END CERTIFICATE-----