Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa
File:                     db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa (raw, json)
Hash identifier:          MpVAFDNHDED/NmH3R7pcGZqNm3kPP8NOMhQ7IOQ4Dbo=
Subject key identifier:   A5:79:97:F3:ED:17:BC:7D:6F:D1:22:22:70:DD:70:1F:5D:A4:A3:B8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       45A48E1583BB38FB7741C73E66D6EF0FA5837332
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa
Signing time:             Tue 20 May 2025 16:51:12 +0000
ROA not before:           Tue 20 May 2025 16:51:12 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.35.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a4:8e:15:83:bb:38:fb:77:41:c7:3e:66:d6:ef:0f:a5:83:73:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 16:51:12 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=2e6df5174683903f39839ecf0c1ec8352d9cd0e8a307328ad88eadb6adfec40d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:5d:f6:a1:80:ac:20:c9:a2:14:f2:51:9d:a5:
                    39:c3:65:c5:b0:b0:d8:df:b5:82:7e:0b:71:40:ee:
                    e2:b8:1e:2d:d5:d1:a8:65:91:68:28:f7:8d:16:be:
                    f7:53:1a:13:4f:a8:ce:41:60:55:fa:3a:a6:60:36:
                    5b:6a:14:a6:97:76:10:08:f8:0f:db:5f:83:b7:00:
                    71:5a:84:2f:9c:43:5f:a1:39:c6:45:c5:48:fd:f4:
                    25:9c:d2:58:4c:79:14:86:bc:62:f7:26:06:ad:2e:
                    e6:f7:62:58:bb:b8:41:b8:21:71:fc:97:f3:56:fc:
                    3e:d8:c5:34:72:a2:cd:24:45:c5:76:bc:09:a5:e6:
                    0f:27:52:e2:c1:73:91:b3:13:7a:e1:56:06:c0:1d:
                    16:03:f7:39:52:47:5d:e8:2c:95:06:2d:81:74:b5:
                    33:82:89:a4:0d:3f:d1:fe:2c:a3:5f:b6:84:38:0e:
                    09:b4:b2:67:25:f3:d1:07:3a:55:df:46:b9:e5:a3:
                    55:2e:19:a1:72:c4:6c:b4:c9:e7:0c:16:3a:51:a0:
                    8c:2f:6c:a4:1e:5b:30:aa:00:0f:9c:40:eb:d7:10:
                    64:ce:7b:90:de:3e:b5:c5:86:0c:0e:86:2e:ea:23:
                    f5:52:fb:3d:86:0e:a9:21:29:22:dd:ac:9a:28:02:
                    fe:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:79:97:F3:ED:17:BC:7D:6F:D1:22:22:70:DD:70:1F:5D:A4:A3:B8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/db24d6e0-8f0a-4452-af86-47c1cc9931b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.35.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         43:24:33:a8:b7:a3:b9:3e:bb:bd:2a:ea:b9:61:d8:b7:97:ff:
         02:ca:0b:63:1d:de:e7:30:46:24:a1:d3:33:f1:8b:e4:18:42:
         9e:3a:be:94:91:ab:d4:25:61:49:0e:9d:96:99:24:18:68:77:
         9c:40:19:e8:a8:ee:c4:1f:77:a6:0d:c8:7d:ae:1b:35:4b:ba:
         ad:0b:73:89:88:d3:35:94:38:d8:f4:0d:0f:0b:55:b0:ab:6c:
         92:41:6a:d8:81:f0:eb:45:dd:09:c3:b2:0a:0a:d4:8a:39:c5:
         bc:9a:93:10:45:3c:8f:4b:f3:d1:9a:dc:7f:70:93:8a:16:25:
         06:6c:a0:bd:8a:7a:63:86:5e:a8:6f:ec:04:bb:22:43:43:75:
         c5:36:53:43:1b:13:90:b4:d0:2b:5a:9b:43:a4:f4:1d:7f:c9:
         9d:52:b9:cc:7a:4f:12:e8:05:cd:b7:ad:4d:66:bd:e3:81:de:
         bb:4d:ab:fb:11:8f:a6:26:6e:af:77:d6:e1:8a:38:e1:42:06:
         a5:9c:79:3c:30:83:57:b6:10:ea:da:4c:8c:01:63:fe:f9:95:
         dd:10:fc:73:17:5b:05:2c:29:95:70:64:f2:e9:89:a6:2c:2b:
         0c:9c:d3:12:25:fd:b0:2b:1f:1d:cf:60:94:b8:cb:99:b7:4a:
         ab:74:55:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURaSOFYO7OPt3Qcc+ZtbvD6WDczIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTY1MTEyWhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZTZkZjUxNzQ2ODM5MDNmMzk4MzllY2YwYzFlYzgzNTJk
OWNkMGU4YTMwNzMyOGFkODhlYWRiNmFkZmVjNDBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkXfahgKwgyaIU8lGdpTnDZcWwsNjftYJ+C3FA7uK4Hi3V
0ahlkWgo940WvvdTGhNPqM5BYFX6OqZgNltqFKaXdhAI+A/bX4O3AHFahC+cQ1+h
OcZFxUj99CWc0lhMeRSGvGL3JgatLub3Yli7uEG4IXH8l/NW/D7YxTRyos0kRcV2
vAml5g8nUuLBc5GzE3rhVgbAHRYD9zlSR13oLJUGLYF0tTOCiaQNP9H+LKNftoQ4
Dgm0smcl89EHOlXfRrnlo1UuGaFyxGy0yecMFjpRoIwvbKQeWzCqAA+cQOvXEGTO
e5DePrXFhgwOhi7qI/VS+z2GDqkhKSLdrJooAv4BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpXmX8+0XvH1v0SIicN1wH12ko7gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RiMjRkNmUwLThmMGEtNDQ1Mi1hZjg2LTQ3YzFjYzk5MzFiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSI+gwDQYJKoZIhvcNAQELBQADggEBAEMkM6i3o7k+u70q6rlh2LeX/wLK
C2Md3ucwRiSh0zPxi+QYQp46vpSRq9QlYUkOnZaZJBhod5xAGeio7sQfd6YNyH2u
GzVLuq0Lc4mI0zWUONj0DQ8LVbCrbJJBatiB8OtF3QnDsgoK1Io5xbyakxBFPI9L
89Ga3H9wk4oWJQZsoL2KemOGXqhv7AS7IkNDdcU2U0MbE5C00Ctam0Ok9B1/yZ1S
ucx6TxLoBc23rU1mveOB3rtNq/sRj6Ymbq931uGKOOFCBqWceTwwg1e2EOraTIwB
Y/75ld0Q/HMXWwUsKZVwZPLpiaYsKwyc0xIl/bArHx3PYJS4y5m3Sqt0VaM=
-----END CERTIFICATE-----