Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa
File:                     44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa (raw, json)
Hash identifier:          xFbVD5VZJXsWrLfRT0GhvZcm0ngZUBP4fvvU3WIpOGU=
Subject key identifier:   F8:D4:65:7F:38:EE:C6:48:9B:28:D4:54:2A:BC:2E:90:33:17:12:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       033933D12A1495301247644B3F1F0DDB42D69606
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa
Signing time:             Fri 13 Jun 2025 18:00:07 +0000
ROA not before:           Fri 13 Jun 2025 18:00:07 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.127.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:39:33:d1:2a:14:95:30:12:47:64:4b:3f:1f:0d:db:42:d6:96:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 13 18:00:07 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=93c19e64db3c49e695de85d7ee0b2a4b64c9b313709014817d751823a90f2e2e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e0:f2:02:df:8d:05:10:ba:26:33:85:78:fe:
                    55:8b:22:48:64:76:33:bb:82:28:68:4d:e4:c4:c7:
                    4d:9b:54:ba:0c:db:0d:16:ef:89:c8:92:0f:91:1c:
                    1b:9c:fa:58:9f:58:d3:48:7f:6d:32:a8:ae:68:e6:
                    fb:19:c5:54:4d:24:78:6b:96:9f:aa:d6:42:58:bc:
                    7d:b7:d1:52:f3:c2:57:da:ed:6b:c9:1c:c6:86:54:
                    5f:75:e0:09:a4:03:11:42:be:f7:8f:c6:4f:27:52:
                    9f:86:d0:55:b2:2b:71:75:76:01:6c:86:93:7c:87:
                    9e:38:87:fb:1d:5a:97:c8:e7:e1:57:b5:22:f7:b8:
                    73:d6:bc:7f:33:35:d0:15:49:89:e6:ae:7f:f9:0d:
                    4a:04:b0:d8:a8:d0:65:70:14:f7:38:f2:22:e2:b2:
                    d5:83:a6:bd:93:e0:26:de:1d:01:0b:ff:17:c0:21:
                    de:9a:8f:40:cd:eb:1b:81:d9:78:73:77:6d:0f:80:
                    dc:8c:ac:17:3a:ee:d5:3c:17:da:d4:25:aa:0b:3e:
                    71:74:cb:bb:e0:a1:34:dc:06:9b:fe:7b:66:e2:b3:
                    8b:7c:85:b9:6e:30:5b:5c:88:9f:a1:3c:43:99:0b:
                    f9:53:6f:9a:21:7a:b0:82:32:c6:b6:5e:df:77:ed:
                    e9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D4:65:7F:38:EE:C6:48:9B:28:D4:54:2A:BC:2E:90:33:17:12:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/44e9d4a5-5666-43ad-8f96-0ca44bc1a87b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2e:46:79:b4:89:95:a8:33:ed:e5:57:2d:b7:5e:5e:06:0b:06:
         0f:50:e0:6b:7a:33:92:b3:7c:9c:97:8c:d7:af:87:d4:4e:34:
         32:67:79:5b:c9:f8:1b:04:7e:eb:52:10:82:6e:8a:1f:96:bc:
         7c:8e:a3:17:9b:4c:62:1e:09:6f:88:d7:65:35:94:86:f8:ff:
         8c:cf:91:3d:d4:36:d8:b4:45:dd:e8:bf:07:2b:23:30:34:b6:
         2a:e1:cf:7e:54:0c:8e:e2:e1:7c:1f:58:49:cc:2b:14:41:6d:
         4d:96:e7:09:cb:ae:d5:fa:af:07:02:d2:ac:f2:21:6e:a4:a1:
         80:65:a1:ab:9e:82:94:07:a0:9e:24:96:b4:d8:1e:73:37:68:
         52:29:13:17:f0:f9:e4:07:e4:0e:f0:14:99:fb:25:e7:46:a9:
         a0:83:2d:f2:d7:db:e8:9b:3f:40:de:47:3d:40:c3:31:9b:29:
         be:98:f4:98:25:23:1f:91:58:c1:5a:f5:2f:d9:73:cf:24:4f:
         92:2c:77:a9:eb:a0:c6:68:1c:76:5d:91:b2:49:d3:bf:15:36:
         b0:5e:f9:76:c6:ed:7c:b0:ae:e9:c5:7f:5c:63:17:9f:9b:2a:
         cf:e6:55:09:dd:b2:d4:d3:3c:20:61:bc:10:82:67:1a:63:de:
         a9:6a:f2:c2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAzkz0SoUlTASR2RLPx8N20LWlgYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjEzMTgwMDA3WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2MxOWU2NGRiM2M0OWU2OTVkZTg1ZDdlZTBiMmE0YjY0
YzliMzEzNzA5MDE0ODE3ZDc1MTgyM2E5MGYyZTJlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQ4PIC340FELomM4V4/lWLIkhkdjO7gihoTeTEx02bVLoM
2w0W74nIkg+RHBuc+lifWNNIf20yqK5o5vsZxVRNJHhrlp+q1kJYvH230VLzwlfa
7WvJHMaGVF914AmkAxFCvvePxk8nUp+G0FWyK3F1dgFshpN8h544h/sdWpfI5+FX
tSL3uHPWvH8zNdAVSYnmrn/5DUoEsNio0GVwFPc48iListWDpr2T4CbeHQEL/xfA
Id6aj0DN6xuB2Xhzd20PgNyMrBc67tU8F9rUJaoLPnF0y7vgoTTcBpv+e2bis4t8
hbluMFtciJ+hPEOZC/lTb5oherCCMsa2Xt937en3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+NRlfzjuxkibKNRUKrwukDMXEncwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ0ZTlkNGE1LTU2NjYtNDNhZC04Zjk2LTBjYTQ0YmMxYTg3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASfzANBgkqhkiG9w0BAQsFAAOCAQEALkZ5tImVqDPt5Vctt15eBgsGD1Dg
a3ozkrN8nJeM16+H1E40Mmd5W8n4GwR+61IQgm6KH5a8fI6jF5tMYh4Jb4jXZTWU
hvj/jM+RPdQ22LRF3ei/BysjMDS2KuHPflQMjuLhfB9YScwrFEFtTZbnCcuu1fqv
BwLSrPIhbqShgGWhq56ClAegniSWtNgeczdoUikTF/D55AfkDvAUmfsl50apoIMt
8tfb6Js/QN5HPUDDMZspvpj0mCUjH5FYwVr1L9lzzyRPkix3qeugxmgcdl2RsknT
vxU2sF75dsbtfLCu6cV/XGMXn5sqz+ZVCd2y1NM8IGG8EIJnGmPeqWrywg==
-----END CERTIFICATE-----