Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa
File:                     6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa (raw, json)
Hash identifier:          SaDOs2bigVCOhoAMNYCWC4yKsR/uHWEFg4T7+O7UbWM=
Subject key identifier:   A5:36:60:5F:35:8C:73:CE:68:22:F2:BF:F3:70:03:C7:AC:C2:68:3B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       065502002D872D2DF5307B49D5B86633FF4E0FC3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa
Signing time:             Wed 16 Apr 2025 00:31:46 +0000
ROA not before:           Wed 16 Apr 2025 00:31:46 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:55:02:00:2d:87:2d:2d:f5:30:7b:49:d5:b8:66:33:ff:4e:0f:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 16 00:31:46 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=cf7584687bfc24598698726250e2598037f57fffbc317074957d39a658d2e737, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:04:ae:ea:67:7e:01:fc:07:60:fe:f5:e6:e7:
                    5f:f0:a7:72:ff:13:2a:3a:1e:5f:ba:69:0c:d3:7d:
                    56:01:79:e3:da:25:b3:e8:31:2a:57:09:2a:c7:ab:
                    9c:09:75:8d:f8:b6:17:bf:d6:b7:a5:8e:25:df:f3:
                    3d:98:94:02:32:3e:b9:7b:b3:0e:a6:a4:68:1f:a1:
                    09:68:2d:98:98:31:07:7b:04:2a:22:59:ec:63:05:
                    7a:73:f0:79:31:18:85:84:ea:11:57:ff:64:be:ce:
                    18:b3:a3:ba:dd:69:7b:2f:da:df:da:cd:e0:0e:10:
                    75:26:00:20:41:21:2f:23:de:b1:2a:34:11:1f:80:
                    75:41:b3:3f:47:ae:b4:7a:8b:b9:04:99:0b:00:36:
                    c4:27:0a:66:00:92:c1:af:4a:84:e8:01:01:19:ab:
                    c8:1f:d2:4d:0e:df:d4:47:a2:7f:26:38:ce:fb:1c:
                    16:c3:db:32:5d:cb:8a:41:a0:a5:bc:07:9e:6d:5b:
                    13:76:2a:53:1d:35:9d:42:58:5a:77:65:37:f0:b3:
                    2d:4a:03:7f:e2:80:15:eb:a6:3f:03:f6:b9:47:c2:
                    58:56:da:b5:78:26:50:5a:6d:69:a8:f4:94:d7:bf:
                    5e:06:22:34:74:c8:2c:c8:84:21:8b:a0:16:51:2a:
                    16:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:36:60:5F:35:8C:73:CE:68:22:F2:BF:F3:70:03:C7:AC:C2:68:3B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:47:3c:e3:2b:3b:e0:ea:9c:eb:0c:f2:a0:e3:4a:8d:88:cc:
         db:2f:b4:54:4f:b9:72:cb:3f:9f:c5:ca:55:ca:09:3a:49:a8:
         f2:4f:f0:d2:2a:85:6f:61:b7:63:cb:3d:53:ff:88:02:74:79:
         ac:09:2a:23:24:b0:f0:7a:05:f4:13:cd:e1:ab:95:23:64:81:
         42:00:d1:eb:70:a2:39:c5:19:97:07:b1:4c:a7:04:1e:bd:c9:
         2c:2c:80:0d:76:0d:45:85:55:9f:cc:9c:66:0d:0c:d9:09:02:
         d4:8e:42:20:a1:00:cb:11:63:5c:bd:56:16:79:06:f5:56:d0:
         b0:1a:b3:69:39:3d:79:35:73:a5:94:64:28:53:ab:9d:d4:b8:
         84:2e:05:07:49:ad:ec:19:8f:ec:c3:aa:c0:bf:0f:d2:8d:70:
         f8:78:96:5f:ef:41:9b:88:c1:62:56:f9:c7:3f:a7:aa:ff:aa:
         a7:0c:4b:45:d0:6e:29:aa:ae:69:00:5e:21:ff:b1:86:e7:46:
         2f:c9:8d:98:df:67:7c:e0:4a:21:b1:fd:29:3f:e9:bc:6e:aa:
         ca:3f:b6:48:c4:58:71:42:ce:f6:c2:58:76:ea:6e:37:93:c5:
         6f:5d:bb:57:08:a9:3e:60:5a:55:e7:42:3d:6f:54:67:6c:79:
         f4:0c:5a:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBlUCAC2HLS31MHtJ1bhmM/9OD8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE2MDAzMTQ2WhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjc1ODQ2ODdiZmMyNDU5ODY5ODcyNjI1MGUyNTk4MDM3
ZjU3ZmZmYmMzMTcwNzQ5NTdkMzlhNjU4ZDJlNzM3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZBK7qZ34B/Adg/vXm51/wp3L/Eyo6Hl+6aQzTfVYBeePa
JbPoMSpXCSrHq5wJdY34the/1reljiXf8z2YlAIyPrl7sw6mpGgfoQloLZiYMQd7
BCoiWexjBXpz8HkxGIWE6hFX/2S+zhizo7rdaXsv2t/azeAOEHUmACBBIS8j3rEq
NBEfgHVBsz9HrrR6i7kEmQsANsQnCmYAksGvSoToAQEZq8gf0k0O39RHon8mOM77
HBbD2zJdy4pBoKW8B55tWxN2KlMdNZ1CWFp3ZTfwsy1KA3/igBXrpj8D9rlHwlhW
2rV4JlBabWmo9JTXv14GIjR0yCzIhCGLoBZRKhYVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpTZgXzWMc85oIvK/83ADx6zCaDswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZhYWNlZmExLWNmNjAtNGZiMy1hMDZiLTQ0ZWU2YWJjY2NjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5vIwDQYJKoZIhvcNAQELBQADggEBAAFHPOMrO+DqnOsM8qDjSo2IzNsv
tFRPuXLLP5/FylXKCTpJqPJP8NIqhW9ht2PLPVP/iAJ0eawJKiMksPB6BfQTzeGr
lSNkgUIA0etwojnFGZcHsUynBB69ySwsgA12DUWFVZ/MnGYNDNkJAtSOQiChAMsR
Y1y9VhZ5BvVW0LAas2k5PXk1c6WUZChTq53UuIQuBQdJrewZj+zDqsC/D9KNcPh4
ll/vQZuIwWJW+cc/p6r/qqcMS0XQbimqrmkAXiH/sYbnRi/JjZjfZ3zgSiGx/Sk/
6bxuqso/tkjEWHFCzvbCWHbqbjeTxW9du1cIqT5gWlXnQj1vVGdsefQMWuc=
-----END CERTIFICATE-----