Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa
File:                     025bca09-86b7-48bd-a586-a44ce744234f.roa (raw, json)
Hash identifier:          h+1usnNZnUvz/jxewSiqqNSP4KGNGB/b/n7aWihMvw4=
Subject key identifier:   0D:59:05:85:12:39:3F:B1:7E:56:0D:54:50:03:12:B7:AC:58:1A:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7E40D48A9BBE9C0A54CC5D96019A998C1CF13326
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa
Signing time:             Fri 06 Jun 2025 00:31:32 +0000
ROA not before:           Fri 06 Jun 2025 00:31:32 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:40:d4:8a:9b:be:9c:0a:54:cc:5d:96:01:9a:99:8c:1c:f1:33:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 00:31:32 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=49cb398ff55489a32f27011f00bc697c188678abdefac8f66845b0cfeb9f82ff, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d6:80:af:ec:e4:8c:9e:62:b2:6a:2c:f5:2c:
                    34:4d:b1:79:e6:88:98:58:51:95:f2:50:9d:df:e7:
                    d1:5a:35:8f:a9:8e:8f:e2:14:e3:ff:eb:96:96:44:
                    a5:68:35:81:06:79:45:8b:ea:44:e2:f9:64:ef:a2:
                    06:24:76:39:73:72:90:aa:ab:f0:b3:ac:3f:5b:12:
                    c5:b1:9a:9b:b9:4a:0b:41:7e:f7:a6:55:c4:0e:ee:
                    7c:a1:55:d3:1f:67:37:e4:29:28:3f:6f:19:24:0d:
                    a1:57:d9:d2:0b:6a:b6:3f:43:c2:d7:a4:72:43:bf:
                    f4:7c:31:e1:9a:17:d5:63:7d:cc:b6:5b:7a:a0:27:
                    83:b1:ca:c5:29:9b:94:a7:65:66:eb:ec:74:2d:11:
                    e5:d3:ef:36:15:ec:fc:6b:a2:07:7c:ed:e6:db:45:
                    52:3e:46:d8:6c:15:98:13:16:25:c7:0c:f1:32:6f:
                    0b:29:b2:fc:30:34:d1:49:58:57:5b:5f:b4:ae:6b:
                    d0:d5:b1:62:c1:90:19:73:49:b4:b4:2f:8c:83:1b:
                    78:88:d8:e0:f6:e7:9c:e8:06:d5:6a:86:51:e9:f6:
                    73:14:53:47:b8:b2:84:d5:71:3f:ec:10:51:7c:bc:
                    a1:8a:8f:0f:62:38:34:26:63:83:16:67:b5:77:87:
                    c8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:59:05:85:12:39:3F:B1:7E:56:0D:54:50:03:12:B7:AC:58:1A:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:e2:f8:a4:e5:b7:e4:a3:87:8e:8c:ca:d7:2f:43:6f:d1:46:
         8c:ce:04:b5:b9:c5:25:fc:b7:fc:71:d2:a4:14:94:53:61:2f:
         25:f3:13:24:e8:18:ec:f7:fa:83:60:d3:b0:d3:d9:23:93:76:
         7a:92:6b:7a:32:51:2b:0e:c6:2a:67:18:23:02:b2:fa:1e:37:
         b4:99:ca:52:89:44:b7:b7:b0:58:1c:93:77:4a:fc:9b:b4:8a:
         bd:a3:60:93:d0:14:e5:5e:76:3d:d7:19:16:8e:f6:b1:1e:d6:
         d4:5b:01:13:0e:65:50:8f:fc:8a:79:c1:dd:50:6a:e2:ed:e2:
         0c:54:29:dd:af:59:e6:5f:c8:90:c0:91:57:c5:52:ad:41:42:
         07:84:f2:4e:46:03:63:8e:85:9b:db:63:40:8f:38:89:fe:75:
         40:21:f4:f3:7b:37:e4:db:fa:03:c7:52:c6:18:58:66:bb:f2:
         73:c9:b8:5b:cf:78:f1:c8:51:70:02:5c:c7:fa:e4:77:54:39:
         d0:75:92:ff:c2:18:f0:a7:48:86:07:10:81:d3:af:3e:09:73:
         0d:cd:61:54:ac:02:a7:a8:22:32:b5:50:61:03:f4:40:82:68:
         10:80:d0:fa:c2:95:49:27:4e:be:74:66:c2:c4:88:19:4e:a3:
         aa:ed:3a:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfkDUipu+nApUzF2WAZqZjBzxMyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MDAzMTMyWhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0OWNiMzk4ZmY1NTQ4OWEzMmYyNzAxMWYwMGJjNjk3YzE4
ODY3OGFiZGVmYWM4ZjY2ODQ1YjBjZmViOWY4MmZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCq1oCv7OSMnmKyaiz1LDRNsXnmiJhYUZXyUJ3f59FaNY+p
jo/iFOP/65aWRKVoNYEGeUWL6kTi+WTvogYkdjlzcpCqq/CzrD9bEsWxmpu5SgtB
fvemVcQO7nyhVdMfZzfkKSg/bxkkDaFX2dILarY/Q8LXpHJDv/R8MeGaF9Vjfcy2
W3qgJ4OxysUpm5SnZWbr7HQtEeXT7zYV7Pxrogd87ebbRVI+RthsFZgTFiXHDPEy
bwspsvwwNNFJWFdbX7Sua9DVsWLBkBlzSbS0L4yDG3iI2OD255zoBtVqhlHp9nMU
U0e4soTVcT/sEFF8vKGKjw9iODQmY4MWZ7V3h8hjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDVkFhRI5P7F+Vg1UUAMSt6xYGnEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAyNWJjYTA5LTg2YjctNDhiZC1hNTg2LWE0NGNlNzQ0MjM0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3KgwDQYJKoZIhvcNAQELBQADggEBAJzi+KTlt+Sjh46MytcvQ2/RRozO
BLW5xSX8t/xx0qQUlFNhLyXzEyToGOz3+oNg07DT2SOTdnqSa3oyUSsOxipnGCMC
svoeN7SZylKJRLe3sFgck3dK/Ju0ir2jYJPQFOVedj3XGRaO9rEe1tRbARMOZVCP
/Ip5wd1QauLt4gxUKd2vWeZfyJDAkVfFUq1BQgeE8k5GA2OOhZvbY0CPOIn+dUAh
9PN7N+Tb+gPHUsYYWGa78nPJuFvPePHIUXACXMf65HdUOdB1kv/CGPCnSIYHEIHT
rz4Jcw3NYVSsAqeoIjK1UGED9ECCaBCA0PrClUknTr50ZsLEiBlOo6rtOl0=
-----END CERTIFICATE-----