Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24380034-e10c-4d59-ac88-4ced5057129c.roa
File:                     24380034-e10c-4d59-ac88-4ced5057129c.roa (raw, json)
Hash identifier:          GOJyoXsFoMNbPGjDaahR2FkvRMDrHKTidgBrPJ04EPg=
Subject key identifier:   56:F0:8E:C1:71:2F:EF:F4:6A:C7:54:DB:9E:BE:D7:22:A8:C7:F4:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       341959EB89873F755A9ED4EE91C535B5DA420AA8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24380034-e10c-4d59-ac88-4ced5057129c.roa
Signing time:             Fri 11 Jul 2025 15:31:59 +0000
ROA not before:           Fri 11 Jul 2025 15:31:59 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.248.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:19:59:eb:89:87:3f:75:5a:9e:d4:ee:91:c5:35:b5:da:42:0a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 15:31:59 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=821cac5a7ff6ed9aaa331f2b0353c9809a39b8152936ea9c39be9e1e35daf2c4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3f:d5:c1:9f:15:ff:af:df:86:7f:ca:68:97:
                    26:e5:d9:57:6b:62:3a:ae:f9:7c:94:c6:cc:c8:ca:
                    49:db:fd:55:87:f1:fd:e4:4e:c1:54:02:8d:ad:41:
                    90:d4:34:4c:e4:c7:96:99:54:dc:17:60:dc:40:c3:
                    e3:d6:95:a5:0f:fd:64:80:2a:0b:77:dd:d4:be:70:
                    d1:73:26:e4:ab:f9:0c:67:18:1c:27:27:a4:fc:91:
                    41:f7:f7:58:71:85:aa:e5:27:fc:33:be:d6:9f:72:
                    45:d6:96:9d:f2:f2:2f:62:39:91:a6:f7:c0:2c:98:
                    fe:4c:28:60:c1:79:d3:fd:af:d3:87:ab:f4:1b:1e:
                    fe:98:35:ee:b5:9f:2e:9b:0e:d0:fd:7c:c5:fb:d3:
                    f5:bd:6f:97:5d:e1:f7:83:26:f6:c8:c9:a3:18:4b:
                    5e:dd:23:27:e1:3f:e4:a4:4c:5e:65:37:d8:24:09:
                    16:94:49:78:5d:2f:1e:60:6f:6d:39:2e:35:f7:47:
                    25:d1:66:00:bf:9f:22:2b:81:6f:d9:69:16:97:93:
                    7a:fe:8c:a7:ae:ea:49:3f:1a:2c:28:f1:9b:b4:f1:
                    1f:df:cd:7e:48:21:fc:23:b5:a7:1b:87:8b:ae:29:
                    b2:ce:1f:77:f9:6c:3c:03:b3:a5:fe:bc:9f:a6:fc:
                    74:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:F0:8E:C1:71:2F:EF:F4:6A:C7:54:DB:9E:BE:D7:22:A8:C7:F4:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24380034-e10c-4d59-ac88-4ced5057129c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:f4:5a:7b:8f:a3:f7:5d:61:23:24:db:9f:2b:44:49:1e:af:
         68:58:af:ae:9e:e9:5f:e1:79:35:fb:df:c3:e4:a3:3f:ae:15:
         12:2c:3f:2b:85:9f:4d:d6:89:85:ed:af:e7:3c:08:2a:d9:c2:
         39:f0:a8:01:66:1b:87:13:d0:c2:f3:7d:e2:2f:c8:4a:68:ed:
         5a:08:8e:c4:61:26:ef:63:9b:6b:3e:1d:b9:79:fa:c7:c2:03:
         23:53:83:17:c4:7f:73:3f:4d:b9:86:ea:e8:16:0d:c5:6e:0e:
         a2:86:13:77:90:99:66:d7:38:ef:4f:90:57:22:8c:93:35:ab:
         45:58:99:53:b5:e0:ba:41:51:29:87:3e:3f:fe:11:e2:51:53:
         f1:8f:8b:eb:c8:9e:07:ab:b7:43:ab:6d:d7:7e:f2:ed:a4:fc:
         7d:66:33:99:3c:f4:c1:5b:bb:ce:6b:0c:1b:e2:7d:7e:58:57:
         e1:da:ff:f4:86:ab:85:48:75:d7:1f:bd:e2:e7:c1:76:b6:3a:
         02:e4:91:6b:7d:a0:e7:fe:a7:fd:d2:42:7f:b8:6b:3a:91:30:
         15:bd:0a:e2:8d:09:4b:cd:e8:7a:4e:c6:27:4f:f7:db:96:a9:
         44:0f:31:b9:f3:1b:e2:df:cc:85:f4:18:db:82:96:c5:31:db:
         61:44:44:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNBlZ64mHP3VantTukcU1tdpCCqgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTUzMTU5WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjFjYWM1YTdmZjZlZDlhYWEzMzFmMmIwMzUzYzk4MDlh
MzliODE1MjkzNmVhOWMzOWJlOWUxZTM1ZGFmMmM0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsP9XBnxX/r9+Gf8polybl2VdrYjqu+XyUxszIyknb/VWH
8f3kTsFUAo2tQZDUNEzkx5aZVNwXYNxAw+PWlaUP/WSAKgt33dS+cNFzJuSr+Qxn
GBwnJ6T8kUH391hxharlJ/wzvtafckXWlp3y8i9iOZGm98AsmP5MKGDBedP9r9OH
q/QbHv6YNe61ny6bDtD9fMX70/W9b5dd4feDJvbIyaMYS17dIyfhP+SkTF5lN9gk
CRaUSXhdLx5gb205LjX3RyXRZgC/nyIrgW/ZaRaXk3r+jKeu6kk/Giwo8Zu08R/f
zX5IIfwjtacbh4uuKbLOH3f5bDwDs6X+vJ+m/HRrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVvCOwXEv7/Rqx1Tbnr7XIqjH9NUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI0MzgwMDM0LWUxMGMtNGQ1OS1hYzg4LTRjZWQ1MDU3MTI5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP+HswDQYJKoZIhvcNAQELBQADggEBAJn0WnuPo/ddYSMk258rREker2hY
r66e6V/heTX738Pkoz+uFRIsPyuFn03WiYXtr+c8CCrZwjnwqAFmG4cT0MLzfeIv
yEpo7VoIjsRhJu9jm2s+Hbl5+sfCAyNTgxfEf3M/TbmG6ugWDcVuDqKGE3eQmWbX
OO9PkFcijJM1q0VYmVO14LpBUSmHPj/+EeJRU/GPi+vIngert0Orbdd+8u2k/H1m
M5k89MFbu85rDBvifX5YV+Ha//SGq4VIddcfveLnwXa2OgLkkWt9oOf+p/3SQn+4
azqRMBW9CuKNCUvN6HpOxidP99uWqUQPMbnzG+LfzIX0GNuClsUx22FERC4=
-----END CERTIFICATE-----