Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa
File:                     f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa (raw, json)
Hash identifier:          pjfgxOtbRyg74Zhivo7DILbBeNERb1QqUK9qKt5f9Ms=
Subject key identifier:   25:9E:5C:02:0F:D9:2C:02:8A:44:61:62:3E:6E:62:96:78:47:D1:18
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6E9B99B2B181D7CC5EC3CE9E6A9037B45BB6AAEF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa
Signing time:             Sat 26 Apr 2025 00:30:10 +0000
ROA not before:           Sat 26 Apr 2025 00:30:10 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.45.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:9b:99:b2:b1:81:d7:cc:5e:c3:ce:9e:6a:90:37:b4:5b:b6:aa:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 26 00:30:10 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=035e36162696ddc0795a2a3d537076edc667e94610ae36dab1b95f6666a2744e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:4d:d3:f7:22:77:7d:05:e0:c2:77:3b:3e:34:
                    c1:19:2a:a7:62:e5:42:2e:07:61:61:5c:e4:05:54:
                    01:d5:8e:f1:49:26:32:7c:d0:e9:52:c3:4d:ee:54:
                    1a:68:ad:0a:e9:48:7a:14:0f:4b:72:1f:57:23:fa:
                    7c:eb:d7:6b:ff:c5:0e:7d:42:92:42:7a:11:c5:32:
                    03:f6:09:d2:05:d0:79:9d:15:ef:3a:04:51:ae:25:
                    c8:50:ab:2a:10:eb:07:1e:31:8d:48:8e:06:8d:77:
                    f9:f8:d0:c1:6d:ce:e9:e5:df:1d:cd:bc:de:4e:87:
                    2c:6c:e3:e5:f0:16:63:c7:4c:6d:4a:ae:20:99:74:
                    21:ca:4d:c0:bb:47:3d:3c:aa:30:94:f0:0a:61:98:
                    ea:13:dc:64:4b:be:81:67:09:6e:14:55:b7:bf:32:
                    20:a4:28:7b:85:7c:9e:ac:d1:81:ad:45:f4:ce:30:
                    c4:97:99:da:4c:3f:ec:88:8c:3c:42:ea:85:a0:b5:
                    1b:80:ee:e2:00:3e:0d:1a:02:26:21:26:30:d9:06:
                    2e:12:d2:ae:70:99:19:1a:96:1a:fe:b8:b2:ef:a1:
                    6f:97:12:a8:72:33:a5:88:24:9f:d2:fd:25:c9:7f:
                    37:61:95:9a:01:aa:04:63:02:31:b9:52:4b:5b:03:
                    c1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:9E:5C:02:0F:D9:2C:02:8A:44:61:62:3E:6E:62:96:78:47:D1:18
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.45.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1e:19:d0:64:be:71:87:ac:08:50:f9:ab:e3:3e:ef:a7:83:51:
         eb:6b:84:db:f4:6c:a9:08:4f:95:72:75:0a:c6:d9:49:cd:5b:
         3b:e6:53:2c:56:68:11:11:8d:42:fd:e6:3a:5a:78:11:91:0a:
         26:8c:2e:a2:f6:dc:ac:08:09:44:66:82:4f:db:1e:7c:54:53:
         99:9f:c3:55:ae:24:47:a0:88:b3:77:9d:86:f3:b7:46:42:bf:
         75:98:45:c0:5b:50:f8:41:54:b5:86:ac:dc:f1:f4:3b:d0:53:
         df:35:0f:bd:1b:06:c8:b4:ca:99:33:de:9e:46:c9:59:0b:79:
         de:f7:f2:30:21:20:5c:fd:69:44:64:28:66:29:b5:e0:8f:a2:
         4f:bf:9d:b0:9f:bd:70:05:75:8c:c8:49:97:79:fe:af:5c:15:
         5c:5f:d8:5e:41:0a:1e:c8:99:33:a8:bb:bb:f2:03:f6:7c:5a:
         1f:9d:95:2f:65:af:e5:cf:db:d8:af:ae:06:87:91:96:a3:92:
         9e:b6:45:f7:05:e0:ab:2f:8c:af:92:b2:b8:d4:a4:e6:d3:d4:
         44:b8:71:a8:0e:87:f4:5a:7e:df:7d:f3:0c:d4:37:50:72:f4:
         9f:4b:90:d5:bc:34:df:0a:d4:5c:66:f2:0a:86:26:8f:bf:3d:
         0e:9d:a0:e8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbpuZsrGB18xew86eapA3tFu2qu8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI2MDAzMDEwWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzVlMzYxNjI2OTZkZGMwNzk1YTJhM2Q1MzcwNzZlZGM2
NjdlOTQ2MTBhZTM2ZGFiMWI5NWY2NjY2YTI3NDRlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNTdP3Ind9BeDCdzs+NMEZKqdi5UIuB2FhXOQFVAHVjvFJ
JjJ80OlSw03uVBporQrpSHoUD0tyH1cj+nzr12v/xQ59QpJCehHFMgP2CdIF0Hmd
Fe86BFGuJchQqyoQ6wceMY1IjgaNd/n40MFtzunl3x3NvN5Ohyxs4+XwFmPHTG1K
riCZdCHKTcC7Rz08qjCU8AphmOoT3GRLvoFnCW4UVbe/MiCkKHuFfJ6s0YGtRfTO
MMSXmdpMP+yIjDxC6oWgtRuA7uIAPg0aAiYhJjDZBi4S0q5wmRkalhr+uLLvoW+X
EqhyM6WIJJ/S/SXJfzdhlZoBqgRjAjG5UktbA8FXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJZ5cAg/ZLAKKRGFiPm5ilnhH0RgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y1MjVhMGIyLTdjYTItNDNmMS05NTFjLTdlZmYyNDI2NWRjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASLTANBgkqhkiG9w0BAQsFAAOCAQEAHhnQZL5xh6wIUPmr4z7vp4NR62uE
2/RsqQhPlXJ1CsbZSc1bO+ZTLFZoERGNQv3mOlp4EZEKJowuovbcrAgJRGaCT9se
fFRTmZ/DVa4kR6CIs3edhvO3RkK/dZhFwFtQ+EFUtYas3PH0O9BT3zUPvRsGyLTK
mTPenkbJWQt53vfyMCEgXP1pRGQoZim14I+iT7+dsJ+9cAV1jMhJl3n+r1wVXF/Y
XkEKHsiZM6i7u/ID9nxaH52VL2Wv5c/b2K+uBoeRlqOSnrZF9wXgqy+Mr5KyuNSk
5tPURLhxqA6H9Fp+333zDNQ3UHL0n0uQ1bw03wrUXGbyCoYmj789Dp2g6A==
-----END CERTIFICATE-----