Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa
File:                     4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa (raw, json)
Hash identifier:          0rAa2AlFiIxx6aYqSYMH7FVutrqbF1WR/HMPCNRfUFw=
Subject key identifier:   35:FF:A0:14:B8:9A:4E:18:C0:71:E7:78:AE:1B:A6:71:AA:52:1E:30
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3883FA145D946510159278E390AF98ED352FA285
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa
Signing time:             Tue 03 Jun 2025 15:10:28 +0000
ROA not before:           Tue 03 Jun 2025 15:10:28 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.88.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:83:fa:14:5d:94:65:10:15:92:78:e3:90:af:98:ed:35:2f:a2:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 15:10:28 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=23cf1dca46e276832cd1ebc4db8dbf719a0b5965f9c7b9bdb0eb5e59f43bb3c5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3e:23:c0:65:e4:b9:b9:58:b9:d2:0c:03:2a:
                    22:9d:7f:25:df:c7:0f:e2:51:f8:9d:6e:55:b9:2e:
                    ca:42:9b:b5:8d:b9:bc:2b:b1:be:0a:3d:e9:ed:36:
                    e8:dc:66:3e:2c:3f:20:ef:fa:0e:57:50:9a:70:08:
                    00:c6:5a:b6:30:a6:40:46:f4:eb:d4:f6:cd:3a:04:
                    97:cc:49:d7:28:c1:e7:4f:b0:b7:4f:80:ac:3d:10:
                    8b:69:7f:3d:cf:9a:0a:3b:9d:72:60:55:d5:e6:cd:
                    70:b5:84:e7:e7:ef:d3:1a:66:aa:69:80:2f:d7:a1:
                    49:2e:e5:35:03:41:4b:e7:20:a4:41:ac:f8:01:8f:
                    bb:a3:a1:d4:e3:eb:02:f9:f6:d1:11:98:71:db:17:
                    90:f5:11:0b:a6:6d:d7:53:bc:ec:4b:38:81:78:fa:
                    a8:a4:b6:72:7b:68:f3:a6:3d:24:b8:87:6c:05:f1:
                    03:06:26:b7:bc:3d:6c:e8:48:bd:0d:41:b3:4c:73:
                    c8:a1:87:c4:78:e9:42:8a:b3:3c:4e:46:3a:db:c0:
                    69:af:5c:39:c1:26:ec:d8:63:55:85:84:b7:f4:94:
                    b4:bd:70:24:52:fd:3a:4e:1b:d2:09:6f:e8:15:c8:
                    85:5c:3f:61:05:f2:79:5f:25:ee:f0:f6:9e:a8:8e:
                    09:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FF:A0:14:B8:9A:4E:18:C0:71:E7:78:AE:1B:A6:71:AA:52:1E:30
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.88.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         89:90:12:23:85:65:44:f2:cb:7a:8b:9f:fb:08:81:f5:c8:47:
         4e:5e:01:17:ff:14:54:73:72:6f:3b:d1:e6:ea:36:f5:6d:13:
         9e:d4:3a:41:df:03:b2:24:1f:3b:43:24:00:71:70:9f:e5:61:
         54:f4:ec:1d:21:d0:0f:d8:a0:88:58:dc:b5:7a:16:e0:e7:ee:
         07:0b:11:59:b4:f3:c4:04:ab:fc:12:a7:a6:64:8d:b5:c4:8e:
         1f:0c:7d:91:76:0d:34:01:14:1a:5a:4d:2f:0f:a8:65:69:49:
         b1:e0:45:aa:f3:58:55:ed:b1:e5:dd:44:ae:89:93:e4:cc:f9:
         4f:52:18:ad:8b:3e:3e:12:73:61:31:42:66:bc:67:f3:46:2c:
         1e:21:28:e4:55:c0:2c:94:73:d7:30:a2:ce:27:a1:d4:c4:e5:
         23:3f:ca:28:25:00:1a:d6:93:17:7b:8e:99:86:1e:b3:3a:8a:
         dd:e6:97:a6:b6:3b:8e:f9:fa:0b:e0:83:26:fa:fb:57:5f:d4:
         0f:9b:22:33:4a:dc:ed:d8:b3:96:19:14:51:7a:00:7e:9c:e6:
         0d:ed:ba:79:f8:9b:58:39:24:24:d9:60:17:3f:de:30:15:27:
         8e:64:3e:d5:84:36:db:65:00:36:04:d0:21:28:59:e6:bc:f7:
         d9:7d:eb:2c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOIP6FF2UZRAVknjjkK+Y7TUvooUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMTUxMDI4WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2NmMWRjYTQ2ZTI3NjgzMmNkMWViYzRkYjhkYmY3MTlh
MGI1OTY1ZjljN2I5YmRiMGViNWU1OWY0M2JiM2M1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4PiPAZeS5uVi50gwDKiKdfyXfxw/iUfidblW5LspCm7WN
ubwrsb4KPentNujcZj4sPyDv+g5XUJpwCADGWrYwpkBG9OvU9s06BJfMSdcowedP
sLdPgKw9EItpfz3Pmgo7nXJgVdXmzXC1hOfn79MaZqppgC/XoUku5TUDQUvnIKRB
rPgBj7ujodTj6wL59tERmHHbF5D1EQumbddTvOxLOIF4+qiktnJ7aPOmPSS4h2wF
8QMGJre8PWzoSL0NQbNMc8ihh8R46UKKszxORjrbwGmvXDnBJuzYY1WFhLf0lLS9
cCRS/TpOG9IJb+gVyIVcP2EF8nlfJe7w9p6ojgn7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNf+gFLiaThjAced4rhumcapSHjAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRjYWI5MmJjLTlhYTEtNGI0OC04M2JkLTExNTkwYTcxNmZiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESWDANBgkqhkiG9w0BAQsFAAOCAQEAiZASI4VlRPLLeouf+wiB9chHTl4B
F/8UVHNybzvR5uo29W0TntQ6Qd8DsiQfO0MkAHFwn+VhVPTsHSHQD9igiFjctXoW
4OfuBwsRWbTzxASr/BKnpmSNtcSOHwx9kXYNNAEUGlpNLw+oZWlJseBFqvNYVe2x
5d1EromT5Mz5T1IYrYs+PhJzYTFCZrxn80YsHiEo5FXALJRz1zCizieh1MTlIz/K
KCUAGtaTF3uOmYYeszqK3eaXprY7jvn6C+CDJvr7V1/UD5siM0rc7dizlhkUUXoA
fpzmDe26efibWDkkJNlgFz/eMBUnjmQ+1YQ222UANgTQIShZ5rz32X3rLA==
-----END CERTIFICATE-----