Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422d351c-92b4-456a-9704-2e3f9fc7e256.roa
File:                     422d351c-92b4-456a-9704-2e3f9fc7e256.roa (raw, json)
Hash identifier:          aZML5NWGH/KDcOIRi9h/FMn5+7DmH+KT3yalRgNKMcs=
Subject key identifier:   83:07:4A:CE:D0:F9:26:2E:C4:BE:66:C3:05:40:73:A5:C3:B7:57:2C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       73C333EB414A7E68FB23C31B2E0FD200D3160375
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422d351c-92b4-456a-9704-2e3f9fc7e256.roa
Signing time:             Tue 03 Jun 2025 00:30:29 +0000
ROA not before:           Tue 03 Jun 2025 00:30:29 +0000
ROA not after:            Tue 08 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:c3:33:eb:41:4a:7e:68:fb:23:c3:1b:2e:0f:d2:00:d3:16:03:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  3 00:30:29 2025 GMT
            Not After : Jul  8 23:59:59 2025 GMT
        Subject: serialNumber=d1391b244b64bd54e426ea8e0f6e5f7202254fc0ebce43790b376f4183459113, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:03:14:3c:1d:fd:8b:90:4e:58:92:69:d0:2a:
                    10:8d:0b:81:b1:59:2d:05:11:ae:50:0c:44:b9:15:
                    82:de:a7:12:2e:fb:1d:c9:5e:92:d2:3d:59:f9:c4:
                    96:e7:e5:32:3b:b4:49:7e:96:1e:e4:38:b2:a8:2b:
                    df:5a:be:4d:61:02:e7:16:5f:fc:9e:06:ac:1a:e8:
                    87:2a:ba:bb:54:74:bc:7f:20:f4:42:a1:6c:98:59:
                    ff:37:5d:21:62:54:b6:7c:fd:69:4f:f6:fd:6e:8c:
                    96:d8:61:51:af:15:eb:2c:da:6f:dc:4f:ad:39:53:
                    f3:a1:f2:00:72:8e:ad:d2:5a:91:96:b0:95:a3:2f:
                    9e:a6:9e:70:e5:80:dc:6b:4d:59:76:4a:13:c6:86:
                    92:74:bc:64:34:a9:ef:89:e5:13:d3:6e:3e:7f:74:
                    5b:12:e8:ee:2f:a9:5b:71:0c:e9:9c:4f:3e:e0:47:
                    97:61:8e:df:30:e1:8e:ff:c6:7b:9f:a5:24:b8:72:
                    39:5f:b2:3f:e5:a6:b6:4e:25:81:59:9a:7c:ba:44:
                    4d:68:a2:ff:af:10:da:ca:49:c0:c2:09:fe:59:00:
                    15:a7:86:45:fc:3f:55:53:a6:d0:c0:b3:22:d9:35:
                    59:8e:8c:56:33:fb:10:dc:cd:6b:51:8b:9d:9a:8c:
                    0c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:07:4A:CE:D0:F9:26:2E:C4:BE:66:C3:05:40:73:A5:C3:B7:57:2C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422d351c-92b4-456a-9704-2e3f9fc7e256.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:d9:21:a4:47:be:9f:94:85:da:a0:06:33:77:6e:79:a6:40:
         46:78:21:e7:04:0a:1e:e5:39:a3:3c:1e:b5:9f:50:b0:99:3d:
         52:5b:cc:dd:13:9b:43:1c:41:17:d1:04:c8:5e:17:b8:cf:f8:
         51:bb:76:c7:8c:28:e0:4e:8d:f0:2e:95:52:8a:a9:2d:a6:27:
         c2:03:22:45:75:94:14:a0:ea:25:5f:63:24:89:54:31:af:83:
         f9:c2:13:4b:8d:15:24:41:05:6e:c3:b7:dc:de:6f:eb:5d:4e:
         29:d0:03:db:47:e5:2a:0b:e8:1f:52:30:1d:f3:c1:4f:c7:7a:
         dd:92:ef:a6:a9:da:63:c0:90:d4:b1:fd:28:a7:cc:1b:ec:21:
         f4:98:4c:a5:49:51:20:a4:d9:01:ae:f1:78:84:de:ae:a2:db:
         8e:52:91:8f:37:dd:92:3f:6f:fa:fa:5d:32:2c:2f:6e:58:22:
         8f:d9:31:77:04:e9:ed:26:8a:d8:2c:35:2f:66:14:b0:af:c9:
         26:dd:33:0e:0f:34:5a:e6:e5:81:11:1b:39:77:7d:32:17:86:
         ac:db:7c:d2:52:e9:8b:41:df:8e:a7:2b:d6:a7:c7:f6:6e:df:
         e4:3a:dd:70:07:86:3a:3a:9c:fa:9b:bc:79:e8:ea:83:2c:04:
         4d:3b:9c:e1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc8Mz60FKfmj7I8MbLg/SANMWA3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjAzMDAzMDI5WhcNMjUwNzA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTM5MWIyNDRiNjRiZDU0ZTQyNmVhOGUwZjZlNWY3MjAy
MjU0ZmMwZWJjZTQzNzkwYjM3NmY0MTgzNDU5MTEzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeAxQ8Hf2LkE5YkmnQKhCNC4GxWS0FEa5QDES5FYLepxIu
+x3JXpLSPVn5xJbn5TI7tEl+lh7kOLKoK99avk1hAucWX/yeBqwa6IcqurtUdLx/
IPRCoWyYWf83XSFiVLZ8/WlP9v1ujJbYYVGvFess2m/cT605U/Oh8gByjq3SWpGW
sJWjL56mnnDlgNxrTVl2ShPGhpJ0vGQ0qe+J5RPTbj5/dFsS6O4vqVtxDOmcTz7g
R5dhjt8w4Y7/xnufpSS4cjlfsj/lprZOJYFZmny6RE1oov+vENrKScDCCf5ZABWn
hkX8P1VTptDAsyLZNVmOjFYz+xDczWtRi52ajAw5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgwdKztD5Ji7EvmbDBUBzpcO3VywwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyMmQzNTFjLTkyYjQtNDU2YS05NzA0LTJlM2Y5ZmM3ZTI1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIP3IgwDQYJKoZIhvcNAQELBQADggEBAF3ZIaRHvp+UhdqgBjN3bnmmQEZ4
IecECh7lOaM8HrWfULCZPVJbzN0Tm0McQRfRBMheF7jP+FG7dseMKOBOjfAulVKK
qS2mJ8IDIkV1lBSg6iVfYySJVDGvg/nCE0uNFSRBBW7Dt9zeb+tdTinQA9tH5SoL
6B9SMB3zwU/Het2S76ap2mPAkNSx/SinzBvsIfSYTKVJUSCk2QGu8XiE3q6i245S
kY833ZI/b/r6XTIsL25YIo/ZMXcE6e0mitgsNS9mFLCvySbdMw4PNFrm5YERGzl3
fTIXhqzbfNJS6YtB346nK9anx/Zu3+Q63XAHhjo6nPqbvHno6oMsBE07nOE=
-----END CERTIFICATE-----