Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6d380ee2-1b52-4d82-b5a3-ee2fe211eb06.roa
File:                     6d380ee2-1b52-4d82-b5a3-ee2fe211eb06.roa (raw, json)
Hash identifier:          xOAPGbMa6NBAOoOEgaCLSlgfKwKcI3nKQ4pttMDv3VU=
Subject key identifier:   6E:BD:53:1A:5A:A7:91:FC:8A:1E:29:CE:BD:11:AF:C3:30:B8:89:D0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3A0225414FC82B7193569341DC844DE1F153640E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6d380ee2-1b52-4d82-b5a3-ee2fe211eb06.roa
Signing time:             Fri 11 Jul 2025 16:40:27 +0000
ROA not before:           Fri 11 Jul 2025 16:40:27 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.87.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:02:25:41:4f:c8:2b:71:93:56:93:41:dc:84:4d:e1:f1:53:64:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 16:40:27 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=8cec5886419b89fe0db57acd197b9978621c3cb2e45acfceef0cf59f9e5560a9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c5:e8:92:22:01:ff:78:6c:25:5d:64:28:d4:
                    49:08:46:3c:10:2a:3e:72:16:67:f8:d8:7c:fd:2a:
                    f4:99:d7:18:c2:7a:a7:00:5c:26:91:00:9a:aa:ad:
                    88:a6:91:ea:45:9a:95:dc:b1:bb:9e:8d:5d:f7:b5:
                    bc:88:4c:da:e8:1a:23:05:43:5d:1b:3f:f7:de:11:
                    1d:99:61:9f:4a:37:8b:f7:06:5d:b9:76:50:1a:cc:
                    94:ee:33:6a:7b:68:c7:ed:93:6c:83:b6:33:12:95:
                    fb:66:d6:ee:7a:11:ae:29:b6:38:73:81:9b:da:65:
                    10:c2:18:aa:c7:68:c5:d2:38:1b:98:2f:d8:ca:a1:
                    24:8a:2f:da:fd:b8:93:75:55:42:60:5d:40:db:34:
                    82:e3:73:0c:29:ad:85:48:55:1a:61:5c:44:af:7c:
                    0d:a7:8a:c2:fc:ed:5e:a8:6c:d6:8d:47:1d:86:af:
                    4e:40:ac:87:f2:64:83:21:b8:4b:09:05:8e:10:a1:
                    e2:fb:30:bf:73:24:c9:bb:ac:e7:75:f2:55:88:52:
                    88:e2:9c:20:c5:04:3c:cd:cc:75:6a:5a:9c:19:39:
                    de:90:61:87:51:17:14:59:08:62:b8:e5:ac:7c:1b:
                    66:4c:3c:25:aa:2c:19:84:df:c6:fc:f6:ac:45:d2:
                    fd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:BD:53:1A:5A:A7:91:FC:8A:1E:29:CE:BD:11:AF:C3:30:B8:89:D0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6d380ee2-1b52-4d82-b5a3-ee2fe211eb06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.87.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         62:8a:a5:d1:fe:c3:35:38:0c:40:c1:b0:90:6e:d2:2b:ae:c2:
         43:75:7d:5e:46:13:74:93:52:ca:a7:af:b2:66:0e:e5:01:fd:
         46:72:98:bd:61:ba:b6:f6:27:1d:af:ca:9c:e7:60:a5:df:35:
         91:8f:39:94:a2:6e:04:bc:5e:9e:82:3d:5d:4b:5b:26:7f:70:
         78:07:f4:4e:93:6a:00:0d:d7:27:3f:3f:72:e9:23:7f:89:3b:
         33:f9:7a:8b:f3:90:e5:06:18:59:14:76:aa:36:1e:35:c9:25:
         11:4e:ed:c6:d6:78:e7:54:6e:84:42:02:c1:81:db:82:c7:0c:
         5b:19:b4:86:19:90:9e:a7:a9:ff:c3:42:c6:2a:20:a8:5e:75:
         d5:d2:1f:8c:62:f4:d3:f5:88:d3:4f:97:96:67:00:72:16:c4:
         a9:b7:33:96:63:42:c1:f5:00:1d:f0:89:d6:6b:1f:17:93:0f:
         a0:f7:b1:30:40:80:25:de:d6:cb:36:36:d4:c9:34:f8:53:ba:
         9f:26:f1:4c:d8:de:5a:d8:60:73:21:26:a0:e8:a4:d7:a7:9c:
         38:e8:dc:85:c2:2d:32:76:f2:50:87:34:27:1a:fc:16:ad:15:
         f2:6a:91:0a:9b:d7:7a:6f:5f:88:3e:02:03:5d:9e:da:54:1f:
         2d:1f:9b:6b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOgIlQU/IK3GTVpNB3IRN4fFTZA4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTY0MDI3WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2VjNTg4NjQxOWI4OWZlMGRiNTdhY2QxOTdiOTk3ODYy
MWMzY2IyZTQ1YWNmY2VlZjBjZjU5ZjllNTU2MGE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRxeiSIgH/eGwlXWQo1EkIRjwQKj5yFmf42Hz9KvSZ1xjC
eqcAXCaRAJqqrYimkepFmpXcsbuejV33tbyITNroGiMFQ10bP/feER2ZYZ9KN4v3
Bl25dlAazJTuM2p7aMftk2yDtjMSlftm1u56Ea4ptjhzgZvaZRDCGKrHaMXSOBuY
L9jKoSSKL9r9uJN1VUJgXUDbNILjcwwprYVIVRphXESvfA2nisL87V6obNaNRx2G
r05ArIfyZIMhuEsJBY4QoeL7ML9zJMm7rOd18lWIUojinCDFBDzNzHVqWpwZOd6Q
YYdRFxRZCGK45ax8G2ZMPCWqLBmE38b89qxF0v2VAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUbr1TGlqnkfyKHinOvRGvwzC4idAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZkMzgwZWUyLTFiNTItNGQ4Mi1iNWEzLWVlMmZlMjExZWIwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASVzANBgkqhkiG9w0BAQsFAAOCAQEAYoql0f7DNTgMQMGwkG7SK67CQ3V9
XkYTdJNSyqevsmYO5QH9RnKYvWG6tvYnHa/KnOdgpd81kY85lKJuBLxenoI9XUtb
Jn9weAf0TpNqAA3XJz8/cukjf4k7M/l6i/OQ5QYYWRR2qjYeNcklEU7txtZ451Ru
hEICwYHbgscMWxm0hhmQnqep/8NCxiogqF511dIfjGL00/WI00+XlmcAchbEqbcz
lmNCwfUAHfCJ1msfF5MPoPexMECAJd7WyzY21Mk0+FO6nybxTNjeWthgcyEmoOik
16ecOOjchcItMnbyUIc0Jxr8Fq0V8mqRCpvXem9fiD4CA12e2lQfLR+baw==
-----END CERTIFICATE-----