Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa
File:                     db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa (raw, json)
Hash identifier:          6NWGC5qe7rcItAEELZ3DidH5ihOkhcvlj6jPrhyIIFM=
Subject key identifier:   4F:65:2D:D9:92:FD:34:47:C7:34:57:92:69:58:29:6C:2A:89:27:0A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       72E8A24E4977989883DB090EC3B5AA7419B3B0C8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa
Signing time:             Fri 25 Apr 2025 16:40:58 +0000
ROA not before:           Fri 25 Apr 2025 16:40:58 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.35.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:e8:a2:4e:49:77:98:98:83:db:09:0e:c3:b5:aa:74:19:b3:b0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 16:40:58 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=3d83de0085aa64b86dd8351762ba24b9765be52763438c835f6b26c92c8027b7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3a:c7:48:1f:06:9c:26:47:43:16:8b:b5:a1:
                    ef:8a:9f:0f:f7:c9:93:3d:5c:41:51:43:1e:56:d1:
                    28:f6:82:c1:fb:43:37:a0:e8:8a:66:93:dc:2b:2f:
                    9e:42:a3:71:24:5c:aa:8c:70:eb:e6:76:8b:9b:3d:
                    ed:44:71:37:89:3c:77:6d:a4:42:d5:9c:43:fc:57:
                    4a:c1:25:8f:f2:36:d8:78:60:d6:5c:f0:c4:0a:29:
                    2b:b4:25:3f:65:8e:2d:48:26:5a:e5:4e:bf:9f:53:
                    3a:e9:2d:e2:43:80:34:a6:92:5a:b2:b1:0d:44:f4:
                    27:be:2f:f1:cc:89:2e:08:a4:f7:a7:27:db:9e:ec:
                    d7:a0:71:8b:20:e7:09:5e:9e:77:fc:c5:d7:6c:67:
                    99:c8:1e:f1:2d:dd:04:51:f8:af:ea:eb:46:3d:14:
                    d6:3b:25:d2:4f:5d:77:d6:e5:60:93:94:07:1d:35:
                    f8:28:db:4b:13:2b:df:74:d9:fd:29:0f:c4:e2:ea:
                    d9:c7:63:b8:29:52:bb:0f:56:ea:00:7c:ac:31:a2:
                    ca:75:56:3b:ed:79:a8:74:c9:4b:fd:4e:8b:9f:96:
                    b6:e0:02:3d:50:ea:6b:ba:c3:f3:9e:8c:d7:90:a3:
                    f6:cd:b4:9c:b5:73:56:71:51:4d:99:8d:f6:f7:a9:
                    58:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:65:2D:D9:92:FD:34:47:C7:34:57:92:69:58:29:6C:2A:89:27:0A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.35.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:5a:9f:40:ed:f7:17:a7:47:97:24:d3:da:8c:df:a9:f7:1f:
         0b:39:5c:c5:71:ee:cc:a7:07:44:44:db:a7:c9:eb:01:f9:b8:
         db:da:8e:bd:c1:75:dc:bc:61:19:44:05:00:e1:31:d9:e3:99:
         28:66:9b:f0:d6:c0:48:63:bb:68:8f:c4:d6:09:02:9f:08:00:
         af:65:39:9c:74:c2:b1:d5:ed:c3:d9:a3:fc:30:36:ae:98:7f:
         7d:d0:51:f5:a0:bf:49:f5:56:1a:11:29:30:47:29:c0:d8:69:
         3c:92:d5:ae:96:b7:bf:fb:65:40:72:f7:4c:88:3b:9a:d9:6c:
         53:41:c5:74:2c:d3:74:d3:59:81:e8:75:23:98:3b:1f:43:54:
         3e:a2:22:3b:a6:c0:d3:86:c8:5a:0a:88:2a:57:e4:98:b8:62:
         1a:fb:6f:b0:68:b7:f9:4c:07:28:41:2f:3c:96:02:c0:e8:2b:
         d0:41:3e:e3:79:86:1b:e8:49:fa:67:e4:9d:e2:43:53:dd:da:
         dd:08:c9:75:2b:1a:19:bb:c7:cb:41:fd:9c:d5:0f:b7:1e:9e:
         9f:0a:21:26:53:69:e5:c1:b9:4d:8c:fd:d4:be:3c:bd:93:39:
         f9:c5:d5:8d:ef:88:b8:04:07:d9:bd:f9:7c:9e:52:3f:07:81:
         9c:4c:67:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcuiiTkl3mJiD2wkOw7WqdBmzsMgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTY0MDU4WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDgzZGUwMDg1YWE2NGI4NmRkODM1MTc2MmJhMjRiOTc2
NWJlNTI3NjM0MzhjODM1ZjZiMjZjOTJjODAyN2I3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNOsdIHwacJkdDFou1oe+Knw/3yZM9XEFRQx5W0Sj2gsH7
Qzeg6Ipmk9wrL55Co3EkXKqMcOvmdoubPe1EcTeJPHdtpELVnEP8V0rBJY/yNth4
YNZc8MQKKSu0JT9lji1IJlrlTr+fUzrpLeJDgDSmklqysQ1E9Ce+L/HMiS4IpPen
J9ue7NegcYsg5wlennf8xddsZ5nIHvEt3QRR+K/q60Y9FNY7JdJPXXfW5WCTlAcd
Nfgo20sTK9902f0pD8Ti6tnHY7gpUrsPVuoAfKwxosp1Vjvteah0yUv9Touflrbg
Aj1Q6mu6w/OejNeQo/bNtJy1c1ZxUU2Zjfb3qVjbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT2Ut2ZL9NEfHNFeSaVgpbCqJJwowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RiMjRkNmUwLThmMGEtNDQ1Mi1hZjg2LTQ3YzFjYzk5MzFiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSI+gwDQYJKoZIhvcNAQELBQADggEBAGZan0Dt9xenR5ck09qM36n3Hws5
XMVx7synB0RE26fJ6wH5uNvajr3Bddy8YRlEBQDhMdnjmShmm/DWwEhju2iPxNYJ
Ap8IAK9lOZx0wrHV7cPZo/wwNq6Yf33QUfWgv0n1VhoRKTBHKcDYaTyS1a6Wt7/7
ZUBy90yIO5rZbFNBxXQs03TTWYHodSOYOx9DVD6iIjumwNOGyFoKiCpX5Ji4Yhr7
b7Bot/lMByhBLzyWAsDoK9BBPuN5hhvoSfpn5J3iQ1Pd2t0IyXUrGhm7x8tB/ZzV
D7cenp8KISZTaeXBuU2M/dS+PL2TOfnF1Y3viLgEB9m9+XyeUj8HgZxMZ6E=
-----END CERTIFICATE-----