Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4335d504-f299-4264-911d-2513755043ba.roa
File:                     4335d504-f299-4264-911d-2513755043ba.roa (raw, json)
Hash identifier:          aGp0PL6uB/tbz9XhTq7KUaMLcn9qLsY5t+vvyi7TKlQ=
Subject key identifier:   A9:0E:7E:19:3E:A7:A4:7B:E8:04:58:C2:A5:6E:71:E6:34:51:36:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4D9799E18C86BB3708567E4635009789392EB0ED
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4335d504-f299-4264-911d-2513755043ba.roa
Signing time:             Fri 25 Apr 2025 15:51:43 +0000
ROA not before:           Fri 25 Apr 2025 15:51:43 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.230.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:97:99:e1:8c:86:bb:37:08:56:7e:46:35:00:97:89:39:2e:b0:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 15:51:43 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=77ddb41e81f75c312f307c70de9054ad831b5b0ffe925a495b4b386e88da3173, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0d:78:14:f8:43:92:ad:64:13:bb:72:43:3c:
                    d6:a6:13:8b:3f:e7:19:50:17:ff:e9:ba:12:ee:a9:
                    8e:0b:f4:8d:73:cc:1d:46:b6:a6:1e:e4:3c:f3:98:
                    27:85:f1:45:d0:4d:6d:79:62:5c:cd:91:a1:e6:bb:
                    8e:73:5f:44:a7:05:c5:3c:c7:72:b1:27:9d:0d:13:
                    43:3e:d5:22:0e:54:cf:d6:6a:3a:b4:60:d4:f1:70:
                    61:95:af:c4:38:76:f4:fd:e7:0d:6d:86:f9:82:44:
                    3d:b5:af:dc:d9:2c:8d:00:38:1e:8b:0c:5f:b0:11:
                    73:bb:79:c1:9f:6c:1c:f8:5d:6d:dd:c5:73:8f:ee:
                    9d:2d:e9:21:20:18:cb:fb:c7:a2:e7:2a:38:6a:1e:
                    b7:e5:aa:c4:d3:16:ac:af:cd:23:29:be:0b:a1:b5:
                    5f:66:f9:8c:ca:85:de:ce:91:8f:c0:60:36:eb:be:
                    b3:46:a6:97:0b:f2:2f:da:2e:d4:2d:0b:c9:85:3b:
                    f7:40:e6:8e:75:b9:f9:10:88:c4:b6:b9:b8:fb:a8:
                    45:11:a7:9c:fa:cc:d3:3f:2c:05:25:74:b4:06:f6:
                    b5:76:76:c2:a5:be:3c:de:b8:b6:0e:ca:fd:60:fe:
                    83:43:b5:69:35:8d:44:30:b7:28:fa:5f:82:ac:c7:
                    7d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0E:7E:19:3E:A7:A4:7B:E8:04:58:C2:A5:6E:71:E6:34:51:36:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4335d504-f299-4264-911d-2513755043ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d8:ef:2b:b0:bc:9b:55:37:2c:0d:30:ef:b6:89:67:4b:98:
         05:cf:32:a6:33:13:24:b6:d5:a8:e5:82:50:1e:e4:aa:e9:b7:
         b4:a3:ef:e3:bf:58:cc:46:39:8f:a9:d6:c9:66:97:0d:d0:0b:
         fc:b2:f1:c1:4f:34:d3:0b:ea:b2:4d:86:55:1d:57:de:e4:7e:
         41:0d:41:d5:ce:37:4a:47:ad:b4:91:33:19:62:0b:1d:75:02:
         f0:a9:0b:90:8c:92:13:d5:f5:5b:25:aa:03:f4:f8:b4:75:52:
         e3:69:5f:f9:1d:83:ef:a0:48:46:ca:c7:ac:56:a3:88:9c:2a:
         e6:68:7d:6e:87:13:aa:b1:96:6c:90:2a:71:58:52:41:d8:3c:
         0b:0e:30:df:bc:3f:1a:ad:a2:7d:41:e0:19:37:2f:a3:2f:25:
         da:8d:9c:ac:c5:aa:f6:36:ff:53:c9:f9:74:e9:68:4a:da:22:
         52:79:b1:5d:a0:37:a0:e0:0f:ba:cb:70:93:8b:9c:a7:58:9a:
         9c:c5:ac:ca:b0:be:19:52:c8:71:2b:ec:b1:e4:4e:d2:87:81:
         d1:a1:60:44:4f:95:e1:29:28:50:dc:67:82:fc:a1:85:25:11:
         0c:a0:77:c0:cb:96:f3:9e:6d:be:e7:30:c1:65:5f:fb:6c:2e:
         1e:72:41:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTZeZ4YyGuzcIVn5GNQCXiTkusO0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTU1MTQzWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3N2RkYjQxZTgxZjc1YzMxMmYzMDdjNzBkZTkwNTRhZDgz
MWI1YjBmZmU5MjVhNDk1YjRiMzg2ZTg4ZGEzMTczMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqDXgU+EOSrWQTu3JDPNamE4s/5xlQF//puhLuqY4L9I1z
zB1GtqYe5DzzmCeF8UXQTW15YlzNkaHmu45zX0SnBcU8x3KxJ50NE0M+1SIOVM/W
ajq0YNTxcGGVr8Q4dvT95w1thvmCRD21r9zZLI0AOB6LDF+wEXO7ecGfbBz4XW3d
xXOP7p0t6SEgGMv7x6LnKjhqHrflqsTTFqyvzSMpvguhtV9m+YzKhd7OkY/AYDbr
vrNGppcL8i/aLtQtC8mFO/dA5o51ufkQiMS2ubj7qEURp5z6zNM/LAUldLQG9rV2
dsKlvjzeuLYOyv1g/oNDtWk1jUQwtyj6X4Ksx32hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqQ5+GT6npHvoBFjCpW5x5jRRNtUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQzMzVkNTA0LWYyOTktNDI2NC05MTFkLTI1MTM3NTUwNDNiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5twwDQYJKoZIhvcNAQELBQADggEBAEHY7yuwvJtVNywNMO+2iWdLmAXP
MqYzEyS21ajlglAe5Krpt7Sj7+O/WMxGOY+p1slmlw3QC/yy8cFPNNML6rJNhlUd
V97kfkENQdXON0pHrbSRMxliCx11AvCpC5CMkhPV9VslqgP0+LR1UuNpX/kdg++g
SEbKx6xWo4icKuZofW6HE6qxlmyQKnFYUkHYPAsOMN+8Pxqton1B4Bk3L6MvJdqN
nKzFqvY2/1PJ+XTpaEraIlJ5sV2gN6DgD7rLcJOLnKdYmpzFrMqwvhlSyHEr7LHk
TtKHgdGhYERPleEpKFDcZ4L8oYUlEQygd8DLlvOebb7nMMFlX/tsLh5yQRQ=
-----END CERTIFICATE-----