Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478d6452-7f3d-4b30-8946-9237c1b66731.roa
File:                     478d6452-7f3d-4b30-8946-9237c1b66731.roa (raw, json)
Hash identifier:          N6ja+xn5OimDnTMbuWcqXrLCw+ov+VmG2Va4gd4qeM4=
Subject key identifier:   5C:11:DB:C3:96:5E:62:DC:F3:3E:CD:46:20:D7:28:A9:47:6A:2B:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       52DBA26E34A1D80B5E1BEF1D787D0B010131D52B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478d6452-7f3d-4b30-8946-9237c1b66731.roa
Signing time:             Fri 11 Jul 2025 16:41:11 +0000
ROA not before:           Fri 11 Jul 2025 16:41:11 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.100.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:db:a2:6e:34:a1:d8:0b:5e:1b:ef:1d:78:7d:0b:01:01:31:d5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 16:41:11 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=b0be3e639cf5bf74dbe4ef5a6cd94d8a70b34ea5fdeefaac81075f7a5708830d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b9:29:1e:81:e7:2e:0f:d5:c8:f0:1a:ab:36:
                    c1:b5:c9:6f:30:8a:48:4c:33:0e:54:76:7f:a3:35:
                    6e:b7:1c:bb:51:1b:e2:0d:10:91:9a:6b:d0:70:56:
                    38:0a:24:2b:db:73:84:b3:3a:14:a0:89:82:e5:44:
                    db:e5:b2:0d:20:13:40:75:d4:58:68:d5:ad:0a:d2:
                    3d:3b:65:3e:fd:66:e9:8c:15:f8:2d:88:d2:92:34:
                    f4:91:ba:0c:8f:a4:18:7e:e1:c1:29:48:1a:20:51:
                    a3:18:8e:97:b8:b3:ab:58:3a:5f:dc:1b:84:02:52:
                    08:fe:6a:ff:49:1e:a3:5e:f0:a0:05:05:48:7b:21:
                    49:10:d0:b0:27:4b:58:05:b2:da:f9:5f:ed:ea:cd:
                    bd:2c:c8:8a:0a:73:bc:c5:3d:13:ce:d4:f5:10:de:
                    b6:26:69:fd:f9:19:15:33:93:39:82:9f:51:d0:e1:
                    1d:7b:38:fd:09:7e:b8:49:43:0b:21:62:4e:bc:5e:
                    be:75:f0:ce:85:ee:a4:92:19:26:af:c2:5b:11:67:
                    06:75:41:74:c6:69:12:41:3a:9c:5b:56:e4:9a:5a:
                    14:9e:20:c7:4a:27:32:94:68:68:27:ab:23:b3:ed:
                    ea:3b:96:23:bf:1d:62:9f:d0:8a:38:2e:be:31:81:
                    ea:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:11:DB:C3:96:5E:62:DC:F3:3E:CD:46:20:D7:28:A9:47:6A:2B:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478d6452-7f3d-4b30-8946-9237c1b66731.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.100.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:e9:85:d8:b5:29:18:3e:b4:73:83:60:72:09:b2:53:f4:0c:
         66:cd:83:66:21:1e:66:05:bd:2c:8f:94:f3:ce:9e:5b:0c:78:
         30:8a:49:46:17:a3:1e:71:27:f9:8a:fb:77:0d:d5:15:35:10:
         6d:87:c3:2f:c2:e3:8a:1b:01:12:b9:6b:cd:97:c7:94:e7:7f:
         1b:6f:b9:c4:b8:2e:bb:33:a1:de:ca:1b:df:a4:b3:0f:42:79:
         cc:a8:e3:40:a7:64:d5:dd:f3:5d:3a:30:4c:f9:3f:30:df:9d:
         38:62:b6:e4:91:1b:ec:fe:48:46:d7:cb:60:15:0b:96:75:d6:
         ab:ee:04:74:2e:92:da:14:1e:15:3b:df:d3:c2:54:3e:dc:a7:
         56:8e:9d:a3:bf:7e:a1:3d:72:cf:83:d6:bf:0a:84:c8:a3:3b:
         21:a5:7b:6c:58:f6:50:d0:aa:f9:6c:0a:38:0e:2e:fe:da:72:
         12:af:cb:0d:8a:1d:43:94:8e:fb:61:ee:0c:db:c7:49:6b:ee:
         43:34:fc:36:bd:7c:bd:7d:ea:bd:7f:b7:0e:32:0f:d9:9c:b7:
         ba:6e:6f:fe:bd:a6:7f:c5:50:17:38:7c:1b:d3:7d:21:63:60:
         b9:94:bb:d6:90:32:53:e6:67:9c:2a:d9:db:23:33:82:7e:20:
         c0:b0:5c:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUtuibjSh2AteG+8deH0LAQEx1SswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTY0MTExWhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGJlM2U2MzljZjViZjc0ZGJlNGVmNWE2Y2Q5NGQ4YTcw
YjM0ZWE1ZmRlZWZhYWM4MTA3NWY3YTU3MDg4MzBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2uSkegecuD9XI8BqrNsG1yW8wikhMMw5Udn+jNW63HLtR
G+INEJGaa9BwVjgKJCvbc4SzOhSgiYLlRNvlsg0gE0B11Fho1a0K0j07ZT79ZumM
FfgtiNKSNPSRugyPpBh+4cEpSBogUaMYjpe4s6tYOl/cG4QCUgj+av9JHqNe8KAF
BUh7IUkQ0LAnS1gFstr5X+3qzb0syIoKc7zFPRPO1PUQ3rYmaf35GRUzkzmCn1HQ
4R17OP0JfrhJQwshYk68Xr518M6F7qSSGSavwlsRZwZ1QXTGaRJBOpxbVuSaWhSe
IMdKJzKUaGgnqyOz7eo7liO/HWKf0Io4Lr4xgeqnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXBHbw5ZeYtzzPs1GINcoqUdqKz8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3OGQ2NDUyLTdmM2QtNGIzMC04OTQ2LTkyMzdjMWI2NjczMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESZEowDQYJKoZIhvcNAQELBQADggEBAA7phdi1KRg+tHODYHIJslP0DGbN
g2YhHmYFvSyPlPPOnlsMeDCKSUYXox5xJ/mK+3cN1RU1EG2Hwy/C44obARK5a82X
x5TnfxtvucS4Lrszod7KG9+ksw9Cecyo40CnZNXd8106MEz5PzDfnThituSRG+z+
SEbXy2AVC5Z11qvuBHQuktoUHhU739PCVD7cp1aOnaO/fqE9cs+D1r8KhMijOyGl
e2xY9lDQqvlsCjgOLv7achKvyw2KHUOUjvth7gzbx0lr7kM0/Da9fL196r1/tw4y
D9mct7pub/69pn/FUBc4fBvTfSFjYLmUu9aQMlPmZ5wq2dsjM4J+IMCwXD8=
-----END CERTIFICATE-----