Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/998d5f0e-e0d0-45cb-96fd-9e8b1ff02524.roa
File:                     998d5f0e-e0d0-45cb-96fd-9e8b1ff02524.roa (raw, json)
Hash identifier:          asZzdkVsZ4EjFODzuWdadWvqcMUdGQMirFwGBbsC7Zk=
Subject key identifier:   DE:15:C8:C0:4D:E4:11:3E:BF:99:1C:95:71:1A:DB:B7:81:18:98:B7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       26BE2EDDBC0B9772B151AAD484AC39E165EC1062
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/998d5f0e-e0d0-45cb-96fd-9e8b1ff02524.roa
Signing time:             Fri 11 Jul 2025 16:41:51 +0000
ROA not before:           Fri 11 Jul 2025 16:41:51 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.34.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:be:2e:dd:bc:0b:97:72:b1:51:aa:d4:84:ac:39:e1:65:ec:10:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 16:41:51 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=8e50ca68c31fe4a8b9a9254dd0b864ee482382d5b9b03e467c3e6600abc7ce7f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:19:57:06:58:7b:a2:d3:f6:3d:16:af:d4:b3:
                    f8:74:8c:21:4d:98:13:be:ab:b6:dd:60:a9:32:1a:
                    80:8f:84:a3:6e:e5:ff:7e:56:49:35:e1:7d:f5:31:
                    58:d1:1f:bc:ed:19:fb:50:58:cf:7d:80:b5:c2:05:
                    e3:7b:1d:02:c7:72:cf:33:55:7a:4b:74:f2:eb:88:
                    22:43:32:56:6b:17:ac:11:62:46:8b:ec:dc:b8:c2:
                    12:55:33:2a:e6:77:e8:b2:68:a7:e8:b2:b6:ec:6d:
                    4a:c4:d2:2a:ca:c8:c2:6f:b9:aa:07:6b:d8:e5:e4:
                    6d:63:cc:19:f2:63:20:53:ad:2c:4f:39:25:9e:a1:
                    a8:70:a2:10:94:e1:fc:81:a0:16:7c:94:cb:b8:13:
                    cd:7b:cf:76:dd:b1:56:4e:74:c6:08:80:e8:f2:58:
                    5b:17:39:6d:93:9e:38:41:0a:9b:54:f2:cc:12:cd:
                    5a:1c:f9:3d:75:4e:67:a0:16:09:04:76:82:ba:83:
                    02:3c:88:26:4c:7f:f5:2a:28:96:9c:0d:1c:88:f4:
                    7f:eb:2e:1c:3d:21:1f:6a:45:de:2d:36:c0:93:47:
                    39:30:76:d9:25:7a:b7:1e:81:b6:41:19:fb:fb:6c:
                    94:6c:17:a1:d5:b1:0c:43:55:81:2e:c3:82:37:c0:
                    66:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:15:C8:C0:4D:E4:11:3E:BF:99:1C:95:71:1A:DB:B7:81:18:98:B7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/998d5f0e-e0d0-45cb-96fd-9e8b1ff02524.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.34.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         46:19:92:5b:0e:c2:d5:89:d4:2a:cc:c7:4b:b3:03:90:fe:53:
         cc:7b:23:11:01:0b:78:19:30:62:98:87:37:d7:81:c6:e0:b9:
         e3:ad:dc:25:e1:43:01:c0:8e:bf:9d:a2:70:29:88:b9:fc:86:
         d2:61:3f:a5:83:52:22:2f:4b:5d:f9:06:1f:07:c4:78:92:c0:
         fb:8a:6f:95:a9:88:ac:5b:95:c8:20:e4:83:fb:bc:3f:f2:c7:
         5d:76:ab:f6:c3:67:e4:54:09:27:07:cf:fd:d9:71:1f:6b:30:
         ca:77:75:be:0b:55:89:e6:51:d8:62:82:a6:7c:68:02:46:2f:
         eb:12:60:ec:28:75:6b:7b:fb:fb:2b:81:68:7f:5f:82:d5:ac:
         7a:57:13:ef:05:95:6e:da:d9:bb:ac:2c:3b:0d:f5:83:b7:75:
         61:00:7e:e5:a2:41:17:88:9f:06:f1:d4:a0:5a:a1:5c:b8:9c:
         e1:f3:ed:68:1d:01:13:11:13:ee:c4:9a:cb:45:86:16:ec:a4:
         65:31:ed:e1:77:fb:32:0d:ad:55:d5:9e:de:e2:c8:3f:58:5a:
         21:cd:64:69:31:a9:c3:9a:39:5c:1e:fe:c4:3d:95:42:76:5e:
         94:b2:88:be:a5:10:73:67:2a:fc:8c:a6:ba:97:57:60:d7:ff:
         ac:94:9d:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJr4u3bwLl3KxUarUhKw54WXsEGIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTY0MTUxWhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTUwY2E2OGMzMWZlNGE4YjlhOTI1NGRkMGI4NjRlZTQ4
MjM4MmQ1YjliMDNlNDY3YzNlNjYwMGFiYzdjZTdmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDGVcGWHui0/Y9Fq/Us/h0jCFNmBO+q7bdYKkyGoCPhKNu
5f9+Vkk14X31MVjRH7ztGftQWM99gLXCBeN7HQLHcs8zVXpLdPLriCJDMlZrF6wR
YkaL7Ny4whJVMyrmd+iyaKfosrbsbUrE0irKyMJvuaoHa9jl5G1jzBnyYyBTrSxP
OSWeoahwohCU4fyBoBZ8lMu4E817z3bdsVZOdMYIgOjyWFsXOW2TnjhBCptU8swS
zVoc+T11TmegFgkEdoK6gwI8iCZMf/UqKJacDRyI9H/rLhw9IR9qRd4tNsCTRzkw
dtklercegbZBGfv7bJRsF6HVsQxDVYEuw4I3wGaXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3hXIwE3kET6/mRyVcRrbt4EYmLcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5OGQ1ZjBlLWUwZDAtNDVjYi05NmZkLTllOGIxZmYwMjUyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSIugwDQYJKoZIhvcNAQELBQADggEBAEYZklsOwtWJ1CrMx0uzA5D+U8x7
IxEBC3gZMGKYhzfXgcbgueOt3CXhQwHAjr+donApiLn8htJhP6WDUiIvS135Bh8H
xHiSwPuKb5WpiKxblcgg5IP7vD/yx112q/bDZ+RUCScHz/3ZcR9rMMp3db4LVYnm
UdhigqZ8aAJGL+sSYOwodWt7+/srgWh/X4LVrHpXE+8FlW7a2busLDsN9YO3dWEA
fuWiQReInwbx1KBaoVy4nOHz7WgdARMRE+7EmstFhhbspGUx7eF3+zINrVXVnt7i
yD9YWiHNZGkxqcOaOVwe/sQ9lUJ2XpSyiL6lEHNnKvyMprqXV2DX/6yUnYM=
-----END CERTIFICATE-----