Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cec34c2-012a-40bd-b862-8fd84e94fa25.roa
File:                     4cec34c2-012a-40bd-b862-8fd84e94fa25.roa (raw, json)
Hash identifier:          TrHcZJev5WpllETeWDMJou4XG7ck3znhK1BHfrMPIow=
Subject key identifier:   78:9C:C8:E2:92:C6:1B:E8:4C:4E:81:FA:7B:3E:30:A5:5B:15:03:4A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5CF501F6172D81997BC7896D57BB1BAD46FCF9AD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cec34c2-012a-40bd-b862-8fd84e94fa25.roa
Signing time:             Tue 04 Nov 2025 01:41:27 +0000
ROA not before:           Tue 04 Nov 2025 01:41:27 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.181.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:f5:01:f6:17:2d:81:99:7b:c7:89:6d:57:bb:1b:ad:46:fc:f9:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:41:27 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=a90efb99871082dc93945b64b7280ef2231dcd79cfa615d53debbd08a77bd10f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ed:f5:fc:46:e4:4a:a3:cc:7d:66:92:fd:03:
                    de:db:52:68:a5:61:4f:47:69:f0:bf:37:42:19:79:
                    83:51:6b:05:5f:6e:aa:00:80:d0:16:2c:b9:b0:6b:
                    4f:22:bd:ef:65:15:6b:48:cc:44:0a:41:34:d1:66:
                    35:ae:69:37:b7:d7:1b:b8:0e:a0:b3:f8:b6:55:8b:
                    57:36:c0:64:a1:9c:f3:c3:46:fe:09:11:c4:68:48:
                    ce:fb:18:60:f6:cd:ab:05:59:1d:ef:90:7b:11:a9:
                    01:15:4f:3f:f5:ab:10:46:cb:f6:95:46:4b:0f:ea:
                    dd:03:23:b7:a5:a1:fd:09:9e:66:eb:0b:b3:e7:f8:
                    45:e0:16:b8:d4:ba:96:b6:38:7f:a1:58:fb:c1:18:
                    a9:96:f1:a9:74:c8:9d:68:cf:1f:19:16:12:8e:71:
                    2f:19:0a:84:42:a9:95:f0:f1:5e:35:08:9e:e5:e4:
                    11:85:97:37:3c:f1:93:ab:7f:0b:71:37:9b:24:bb:
                    b7:54:c8:38:33:5f:95:3b:fb:52:ae:3d:e9:4a:41:
                    5d:e0:d5:35:f4:d5:1f:51:dc:f6:a5:87:e8:17:ee:
                    65:42:ec:7d:1c:3f:43:c6:c1:73:36:fd:91:00:ae:
                    31:59:52:fe:b8:40:3e:c1:8b:ac:bf:ca:ac:39:32:
                    89:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:9C:C8:E2:92:C6:1B:E8:4C:4E:81:FA:7B:3E:30:A5:5B:15:03:4A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4cec34c2-012a-40bd-b862-8fd84e94fa25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.181.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         76:00:34:1f:f9:34:54:31:5c:52:a6:20:93:c0:2a:ce:d3:1a:
         cd:fc:1f:cd:7a:b5:ce:13:1a:b1:19:92:1e:73:29:45:b3:f2:
         f5:f0:7a:d2:89:93:67:4a:b4:eb:08:ab:ad:18:d8:8f:62:f4:
         9e:80:7d:b7:7d:e8:e1:1c:a7:cb:c5:5e:5b:64:02:08:c8:29:
         bf:6c:f7:36:bb:28:02:37:c1:cc:db:57:01:1d:8a:38:89:d8:
         3e:f1:3b:77:eb:4c:4e:67:ef:5a:7c:1f:3f:f2:0b:e6:81:8f:
         bf:33:eb:07:c1:13:0e:57:4a:99:8b:d5:05:ee:fc:e1:63:39:
         11:6d:94:ec:46:41:ab:1f:92:ec:4c:bc:09:a9:61:d5:e2:41:
         10:d8:8d:5f:d1:f6:d5:eb:11:45:2d:6c:52:3b:d0:c5:c9:4f:
         9c:9e:5e:4d:fe:fd:97:1c:51:e4:40:59:1e:aa:83:2d:5b:30:
         c8:b9:54:28:15:b5:04:f1:d7:e2:51:f8:1f:ce:ab:6c:50:ba:
         05:b9:3b:76:ca:9c:a1:56:ad:ed:b9:19:d9:a3:b9:85:a5:e8:
         8b:74:b8:7e:9c:5a:ec:d7:40:4b:a3:79:14:ba:e4:05:11:de:
         31:8d:a7:98:c5:00:cf:48:a9:f2:96:87:cf:46:b2:b1:60:9a:
         64:4c:48:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXPUB9hctgZl7x4ltV7sbrUb8+a0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDE0MTI3WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTBlZmI5OTg3MTA4MmRjOTM5NDViNjRiNzI4MGVmMjIz
MWRjZDc5Y2ZhNjE1ZDUzZGViYmQwOGE3N2JkMTBmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCT7fX8RuRKo8x9ZpL9A97bUmilYU9HafC/N0IZeYNRawVf
bqoAgNAWLLmwa08ive9lFWtIzEQKQTTRZjWuaTe31xu4DqCz+LZVi1c2wGShnPPD
Rv4JEcRoSM77GGD2zasFWR3vkHsRqQEVTz/1qxBGy/aVRksP6t0DI7elof0Jnmbr
C7Pn+EXgFrjUupa2OH+hWPvBGKmW8al0yJ1ozx8ZFhKOcS8ZCoRCqZXw8V41CJ7l
5BGFlzc88ZOrfwtxN5sku7dUyDgzX5U7+1KuPelKQV3g1TX01R9R3Palh+gX7mVC
7H0cP0PGwXM2/ZEArjFZUv64QD7Bi6y/yqw5MonTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeJzI4pLGG+hMToH6ez4wpVsVA0owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRjZWMzNGMyLTAxMmEtNDBiZC1iODYyLThmZDg0ZTk0ZmEyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQPtUAwDQYJKoZIhvcNAQELBQADggEBAHYANB/5NFQxXFKmIJPAKs7TGs38
H816tc4TGrEZkh5zKUWz8vXwetKJk2dKtOsIq60Y2I9i9J6Afbd96OEcp8vFXltk
AgjIKb9s9za7KAI3wczbVwEdijiJ2D7xO3frTE5n71p8Hz/yC+aBj78z6wfBEw5X
SpmL1QXu/OFjORFtlOxGQasfkuxMvAmpYdXiQRDYjV/R9tXrEUUtbFI70MXJT5ye
Xk3+/ZccUeRAWR6qgy1bMMi5VCgVtQTx1+JR+B/Oq2xQugW5O3bKnKFWre25Gdmj
uYWl6It0uH6cWuzXQEujeRS65AUR3jGNp5jFAM9IqfKWh89GsrFgmmRMSCc=
-----END CERTIFICATE-----