Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422d351c-92b4-456a-9704-2e3f9fc7e256.roa
File:                     422d351c-92b4-456a-9704-2e3f9fc7e256.roa (raw, json)
Hash identifier:          p/sytiam/9Lf4Cl4ywcrwgZqT/4/d/byU2w5k6Yvvko=
Subject key identifier:   46:D2:6C:58:74:7E:61:DA:4E:71:7E:01:53:53:8F:39:74:CF:50:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       31DCC2946B3EB8A75338F192B0B37E1507C559FD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422d351c-92b4-456a-9704-2e3f9fc7e256.roa
Signing time:             Wed 23 Jul 2025 00:50:26 +0000
ROA not before:           Wed 23 Jul 2025 00:50:26 +0000
ROA not after:            Wed 27 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:dc:c2:94:6b:3e:b8:a7:53:38:f1:92:b0:b3:7e:15:07:c5:59:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 23 00:50:26 2025 GMT
            Not After : Aug 27 23:59:59 2025 GMT
        Subject: serialNumber=c15c2b844ad62de03ae132e44b0db9f590f24b9b4a3b3bfa9c99a4956e786a08, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7c:b8:ce:3a:d5:e6:4d:79:ee:4d:7c:37:03:
                    ac:74:66:5e:75:94:69:11:c0:ee:68:0f:5b:6d:3d:
                    5c:40:a9:fa:37:6f:a2:82:40:e7:d7:fb:44:09:72:
                    5d:00:29:df:c5:9d:de:23:98:60:29:be:44:50:c6:
                    66:a6:47:39:b8:eb:bd:18:26:13:d3:7e:3f:fe:a1:
                    04:c5:51:7e:0c:b6:a1:27:52:74:23:ac:74:52:58:
                    9b:4c:8c:39:18:4b:5a:ae:6d:50:ed:08:c0:d7:d7:
                    5f:2b:33:0b:f9:7e:b7:6e:0f:95:8a:c5:e4:b8:1e:
                    8f:5c:4b:2d:52:87:66:75:ea:61:1f:38:5d:c3:c0:
                    bd:20:9c:f6:45:bc:b8:da:74:74:54:88:92:10:d7:
                    61:ea:f4:81:8f:13:3e:c2:71:e1:22:5f:b9:bd:2d:
                    a4:6d:89:82:d5:aa:01:33:78:d3:25:52:25:20:0d:
                    e9:45:6b:31:82:32:c0:95:76:6d:09:c2:91:59:1e:
                    8e:cd:28:23:01:c0:9d:a6:4d:96:80:99:c4:ca:6c:
                    c2:5d:a3:9c:18:56:2c:04:59:70:7e:e2:12:0b:0f:
                    8c:60:ad:75:bf:0a:72:aa:bf:d7:5b:17:01:3d:c6:
                    2e:8e:08:74:94:b3:fe:cc:80:e0:b3:ba:05:d4:10:
                    d9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:D2:6C:58:74:7E:61:DA:4E:71:7E:01:53:53:8F:39:74:CF:50:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/422d351c-92b4-456a-9704-2e3f9fc7e256.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:db:51:6d:a4:d0:b5:31:43:34:b8:64:b6:f9:ee:c9:be:e9:
         4e:20:b8:18:18:ec:7b:74:ae:c6:86:47:6f:9c:67:97:f8:d5:
         9c:ae:1c:82:b7:bd:cc:d5:cd:37:d8:b6:d1:1d:44:6d:fa:78:
         08:5c:45:8b:ee:a3:d4:2a:3a:28:ac:c2:da:5d:d3:ed:42:8f:
         a6:f5:3c:8f:c4:1d:e2:ed:6f:b5:a1:eb:1b:52:b8:56:72:07:
         1b:76:8d:e5:ea:49:df:01:6f:0f:c3:12:93:fc:cf:87:2e:26:
         3f:0a:0c:50:bf:d4:6a:64:6d:aa:73:31:b4:8d:79:6f:35:79:
         f0:b2:91:5a:16:06:ee:73:c2:7b:56:f2:fb:22:75:ee:4f:ed:
         1f:22:3b:bc:53:72:6c:ad:99:b8:4a:78:a0:74:b4:27:48:5e:
         40:c5:12:a3:75:c4:6b:05:81:2c:42:26:f1:6f:47:64:ae:a6:
         94:b1:6b:74:0d:70:24:3c:3c:94:17:ac:a2:6f:50:e2:fd:3f:
         92:b1:58:8b:99:86:47:b9:c6:41:2c:b4:1d:86:81:84:c1:7e:
         c8:32:54:17:61:57:92:20:3b:cf:4a:20:6a:26:a1:60:1d:25:
         5b:c4:0a:74:9e:8f:3b:81:54:a3:0d:9b:78:3f:ee:73:5d:33:
         f3:e0:58:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMdzClGs+uKdTOPGSsLN+FQfFWf0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzIzMDA1MDI2WhcNMjUwODI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTVjMmI4NDRhZDYyZGUwM2FlMTMyZTQ0YjBkYjlmNTkw
ZjI0YjliNGEzYjNiZmE5Yzk5YTQ5NTZlNzg2YTA4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGfLjOOtXmTXnuTXw3A6x0Zl51lGkRwO5oD1ttPVxAqfo3
b6KCQOfX+0QJcl0AKd/Fnd4jmGApvkRQxmamRzm4670YJhPTfj/+oQTFUX4MtqEn
UnQjrHRSWJtMjDkYS1qubVDtCMDX118rMwv5frduD5WKxeS4Ho9cSy1Sh2Z16mEf
OF3DwL0gnPZFvLjadHRUiJIQ12Hq9IGPEz7CceEiX7m9LaRtiYLVqgEzeNMlUiUg
DelFazGCMsCVdm0JwpFZHo7NKCMBwJ2mTZaAmcTKbMJdo5wYViwEWXB+4hILD4xg
rXW/CnKqv9dbFwE9xi6OCHSUs/7MgOCzugXUENlRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURtJsWHR+YdpOcX4BU1OPOXTPUNUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyMmQzNTFjLTkyYjQtNDU2YS05NzA0LTJlM2Y5ZmM3ZTI1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIP3IgwDQYJKoZIhvcNAQELBQADggEBAKrbUW2k0LUxQzS4ZLb57sm+6U4g
uBgY7Ht0rsaGR2+cZ5f41ZyuHIK3vczVzTfYttEdRG36eAhcRYvuo9QqOiiswtpd
0+1Cj6b1PI/EHeLtb7Wh6xtSuFZyBxt2jeXqSd8Bbw/DEpP8z4cuJj8KDFC/1Gpk
bapzMbSNeW81efCykVoWBu5zwntW8vside5P7R8iO7xTcmytmbhKeKB0tCdIXkDF
EqN1xGsFgSxCJvFvR2SuppSxa3QNcCQ8PJQXrKJvUOL9P5KxWIuZhke5xkEstB2G
gYTBfsgyVBdhV5IgO89KIGomoWAdJVvECnSejzuBVKMNm3g/7nNdM/PgWHs=
-----END CERTIFICATE-----