Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
File:                     e4615e61-d476-459e-a1c0-ba780d645b1f.roa (raw, json)
Hash identifier:          tsUxVQlm13oe3obyWFxh19nf9D0jeXfNNBVi1OzB3dU=
Subject key identifier:   62:39:80:B4:AC:04:2B:68:DF:1C:6C:BA:33:E3:4D:70:51:E2:08:70
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       03687FEB22868DC77EAEA0156A6477D7D52C73C9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa
Signing time:             Tue 03 Jun 2025 00:40:23 +0000
ROA not before:           Tue 03 Jun 2025 00:40:23 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.60.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:68:7f:eb:22:86:8d:c7:7e:ae:a0:15:6a:64:77:d7:d5:2c:73:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 00:40:23 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=2a97b67fe5016fc869f1586e4e721ab3ccb5390d57553d9150ecea4133ebd9a1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cb:e9:e9:99:af:dd:29:42:52:ae:e0:36:6e:
                    cb:0a:05:16:77:d5:4f:1e:07:9d:85:14:8d:75:6f:
                    d3:83:15:57:79:1e:1d:39:7d:4f:c9:bb:ce:c3:6b:
                    85:43:18:cb:be:94:a2:b4:86:59:5c:60:03:c8:6b:
                    3d:20:0c:43:26:a1:29:04:40:c7:39:39:66:14:83:
                    7d:fa:aa:3b:d3:4a:11:bc:5c:dd:22:44:c8:5d:0f:
                    45:59:7b:fa:f8:fd:bc:76:6b:02:3d:4e:f1:03:d0:
                    d4:1b:4c:4d:d5:57:10:39:67:eb:db:e5:9f:46:d1:
                    e4:9c:50:37:4e:ed:3a:94:da:be:de:a7:e3:69:1e:
                    d8:18:7d:b8:ba:90:09:89:88:03:3f:ec:1c:7d:14:
                    3e:24:68:c1:64:0d:43:81:6a:44:01:b8:9e:55:b2:
                    c9:b0:e7:b8:da:8e:5a:16:8b:ad:40:73:1e:72:d2:
                    dd:23:f9:60:16:f4:f9:85:75:b5:52:70:02:83:fc:
                    f1:76:03:e5:97:87:c7:77:ce:10:02:fe:c8:ce:ab:
                    8e:32:ff:42:a8:13:ba:ef:01:48:f4:ea:14:9a:61:
                    61:33:9d:24:d1:9b:60:c2:d8:5a:10:58:e8:eb:0d:
                    e2:91:c8:7c:cb:f3:0c:54:9b:08:95:0d:f3:ef:26:
                    63:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:39:80:B4:AC:04:2B:68:DF:1C:6C:BA:33:E3:4D:70:51:E2:08:70
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e4615e61-d476-459e-a1c0-ba780d645b1f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.60.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         18:dd:79:82:77:ad:a1:9d:27:10:40:70:88:59:21:2b:20:e3:
         17:76:1a:7c:b1:79:1f:45:fa:1c:95:cb:b1:a1:ea:59:6e:bf:
         e9:55:cd:91:ea:ad:e5:6a:18:f8:62:c1:07:33:dc:a5:62:37:
         a8:13:57:33:89:86:2a:55:15:e0:9a:77:eb:36:66:10:17:e2:
         44:af:d5:bf:c4:04:b3:a5:a6:43:20:94:bd:32:8b:e4:c1:fb:
         ab:86:0b:30:df:3b:c6:df:70:17:06:83:e7:48:e1:15:2a:22:
         a3:cd:c6:a6:8d:df:34:86:9d:8e:ce:6f:ef:a2:2c:23:3b:0e:
         45:3a:37:55:0f:b7:ea:40:3f:d9:e6:19:11:ec:ae:db:04:bd:
         9e:80:8f:fd:01:18:43:de:9b:2b:4a:76:c1:1d:d4:59:6f:2b:
         49:45:c1:80:d1:05:f6:59:b1:3e:ee:12:a0:cc:bd:43:58:18:
         2f:67:16:60:16:21:48:a6:1e:da:cc:c1:b7:35:7c:05:53:b1:
         31:fe:20:d7:b5:f3:03:c4:54:73:e5:1d:b0:7b:a7:43:6c:e2:
         d0:02:35:b5:57:76:01:4e:9d:b0:e1:78:2c:57:7f:10:15:ba:
         66:54:45:89:e4:b0:e3:15:8d:6a:32:04:dd:3b:78:92:78:3a:
         e4:3e:2a:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA2h/6yKGjcd+rqAVamR319Usc8kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMDA0MDIzWhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTk3YjY3ZmU1MDE2ZmM4NjlmMTU4NmU0ZTcyMWFiM2Nj
YjUzOTBkNTc1NTNkOTE1MGVjZWE0MTMzZWJkOWExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3y+npma/dKUJSruA2bssKBRZ31U8eB52FFI11b9ODFVd5
Hh05fU/Ju87Da4VDGMu+lKK0hllcYAPIaz0gDEMmoSkEQMc5OWYUg336qjvTShG8
XN0iRMhdD0VZe/r4/bx2awI9TvED0NQbTE3VVxA5Z+vb5Z9G0eScUDdO7TqU2r7e
p+NpHtgYfbi6kAmJiAM/7Bx9FD4kaMFkDUOBakQBuJ5Vssmw57jajloWi61Acx5y
0t0j+WAW9PmFdbVScAKD/PF2A+WXh8d3zhAC/sjOq44y/0KoE7rvAUj06hSaYWEz
nSTRm2DC2FoQWOjrDeKRyHzL8wxUmwiVDfPvJmNfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYjmAtKwEK2jfHGy6M+NNcFHiCHAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U0NjE1ZTYxLWQ0NzYtNDU5ZS1hMWMwLWJhNzgwZDY0NWIxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESPEwwDQYJKoZIhvcNAQELBQADggEBABjdeYJ3raGdJxBAcIhZISsg4xd2
GnyxeR9F+hyVy7Gh6lluv+lVzZHqreVqGPhiwQcz3KViN6gTVzOJhipVFeCad+s2
ZhAX4kSv1b/EBLOlpkMglL0yi+TB+6uGCzDfO8bfcBcGg+dI4RUqIqPNxqaN3zSG
nY7Ob++iLCM7DkU6N1UPt+pAP9nmGRHsrtsEvZ6Aj/0BGEPemytKdsEd1FlvK0lF
wYDRBfZZsT7uEqDMvUNYGC9nFmAWIUimHtrMwbc1fAVTsTH+INe18wPEVHPlHbB7
p0Ns4tACNbVXdgFOnbDheCxXfxAVumZURYnksOMVjWoyBN07eJJ4OuQ+Ko4=
-----END CERTIFICATE-----