Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa
File:                     4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa (raw, json)
Hash identifier:          428ll6LAf1cVHUW2zdDVWvfdVIXUg2GLY7ZORnNBYfo=
Subject key identifier:   F0:09:2D:B2:AD:6D:7D:DC:42:3B:E4:DD:7B:AF:68:3C:7A:58:73:51
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C45BB332FFE43D0587244A73B6723A3C67EC7E2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa
Signing time:             Mon 14 Apr 2025 16:11:51 +0000
ROA not before:           Mon 14 Apr 2025 16:11:51 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.88.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:45:bb:33:2f:fe:43:d0:58:72:44:a7:3b:67:23:a3:c6:7e:c7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 16:11:51 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=7f86db9da026079bd3fdc85e223b16f2face8ebf62bb6e8915b1e3f57949ab9b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:39:d6:e5:03:79:20:b9:e9:11:6d:75:9e:1b:
                    08:07:6b:08:50:15:c2:33:78:a1:eb:a8:eb:71:a9:
                    ba:cf:c7:3a:da:96:54:b3:0f:3d:7f:e3:ed:34:c2:
                    b0:97:64:13:97:ab:64:bb:45:0a:7c:62:e4:8c:3d:
                    57:3f:52:b6:0a:14:e2:03:86:29:51:11:56:b5:e9:
                    fb:ca:58:06:65:0f:b4:cc:a3:8c:d4:d5:8e:d7:72:
                    44:73:af:53:41:dd:63:01:46:e1:96:79:f5:f0:ee:
                    39:a0:10:f7:43:11:b1:68:b1:95:ed:ab:a4:c6:6c:
                    ec:87:cb:ba:cf:0a:9c:c9:87:64:f2:74:fc:30:67:
                    69:29:80:e7:93:ca:54:42:4d:b5:03:12:f1:22:00:
                    b0:bd:ad:f4:f9:8d:7a:8e:17:d3:34:e4:e0:b7:09:
                    7b:fc:4f:1b:c7:15:fa:ce:4f:b0:26:33:3b:70:17:
                    22:e4:a4:cd:2c:97:3f:50:e0:e7:b0:f4:5d:6c:2e:
                    ed:87:c4:0f:15:d9:14:6c:14:d6:5c:c0:83:96:53:
                    e3:cd:34:10:2c:e8:2f:6f:34:a4:0b:0c:ae:0a:1f:
                    b8:e2:cb:db:b4:9d:3b:85:42:55:9b:f9:5e:dc:65:
                    46:37:94:2c:6c:4d:f3:84:7b:ed:4d:0b:10:00:7b:
                    da:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:09:2D:B2:AD:6D:7D:DC:42:3B:E4:DD:7B:AF:68:3C:7A:58:73:51
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cab92bc-9aa1-4b48-83bd-11590a716fb1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.88.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         63:13:48:7d:65:be:7e:ad:8f:bd:2d:d1:6b:aa:42:3d:29:00:
         3d:c9:dc:96:3b:43:28:b5:91:d5:33:df:c9:42:75:04:cb:4b:
         1e:4c:90:7d:34:11:4c:60:02:99:6b:d1:84:19:d3:d4:0b:d2:
         b0:b0:40:c9:aa:7f:1d:df:2f:3c:fb:08:46:1b:76:32:6c:8a:
         0a:3a:28:ae:84:9b:73:2d:d5:2a:47:9f:27:94:45:f0:24:02:
         07:7e:af:2f:bf:55:65:4d:ff:37:3c:52:8d:40:08:c5:c3:23:
         9a:06:58:e2:0e:5b:76:34:ac:ff:f7:c7:47:9a:60:e5:23:3e:
         4f:37:df:5b:54:fa:5d:59:df:2e:da:da:b4:28:e0:ee:5f:5b:
         db:bc:9d:7a:76:d6:8a:28:5b:77:15:85:a6:24:7c:03:80:37:
         0d:dc:e5:7f:25:ad:0d:be:b6:e7:19:73:9e:fb:fe:ac:75:a0:
         a3:79:77:1e:39:46:03:51:0c:e4:27:cd:09:d1:60:4b:b8:04:
         32:31:bb:00:d7:94:c2:02:50:9a:8b:b3:a8:43:4f:30:98:78:
         7b:cd:0b:9b:59:b8:91:66:40:b2:f0:d8:47:2d:02:57:cc:d5:
         c3:ea:23:e4:88:e4:fa:c3:e7:2a:98:23:ae:f7:e3:8a:6d:72:
         3f:cb:24:1f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfEW7My/+Q9BYckSnO2cjo8Z+x+IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTYxMTUxWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Zjg2ZGI5ZGEwMjYwNzliZDNmZGM4NWUyMjNiMTZmMmZh
Y2U4ZWJmNjJiYjZlODkxNWIxZTNmNTc5NDlhYjliMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDOdblA3kguekRbXWeGwgHawhQFcIzeKHrqOtxqbrPxzra
llSzDz1/4+00wrCXZBOXq2S7RQp8YuSMPVc/UrYKFOIDhilREVa16fvKWAZlD7TM
o4zU1Y7XckRzr1NB3WMBRuGWefXw7jmgEPdDEbFosZXtq6TGbOyHy7rPCpzJh2Ty
dPwwZ2kpgOeTylRCTbUDEvEiALC9rfT5jXqOF9M05OC3CXv8TxvHFfrOT7AmMztw
FyLkpM0slz9Q4Oew9F1sLu2HxA8V2RRsFNZcwIOWU+PNNBAs6C9vNKQLDK4KH7ji
y9u0nTuFQlWb+V7cZUY3lCxsTfOEe+1NCxAAe9rxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8Aktsq1tfdxCO+Tde69oPHpYc1EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRjYWI5MmJjLTlhYTEtNGI0OC04M2JkLTExNTkwYTcxNmZiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESWDANBgkqhkiG9w0BAQsFAAOCAQEAYxNIfWW+fq2PvS3Ra6pCPSkAPcnc
ljtDKLWR1TPfyUJ1BMtLHkyQfTQRTGACmWvRhBnT1AvSsLBAyap/Hd8vPPsIRht2
MmyKCjooroSbcy3VKkefJ5RF8CQCB36vL79VZU3/NzxSjUAIxcMjmgZY4g5bdjSs
//fHR5pg5SM+TzffW1T6XVnfLtratCjg7l9b27ydenbWiihbdxWFpiR8A4A3Ddzl
fyWtDb625xlznvv+rHWgo3l3HjlGA1EM5CfNCdFgS7gEMjG7ANeUwgJQmouzqENP
MJh4e80Lm1m4kWZAsvDYRy0CV8zVw+oj5Ijk+sPnKpgjrvfjim1yP8skHw==
-----END CERTIFICATE-----