Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa
File:                     6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa (raw, json)
Hash identifier:          CfU6lz66BmY68OT4sVdKymb+BQz2iuO8NW+t6GwVWAw=
Subject key identifier:   A6:D9:84:1D:44:B1:95:5B:F3:D5:63:6D:78:75:A6:53:25:9B:F9:70
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       349AA73D6FEB69A3C4A3DA71245AC2AF9EBD691E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa
Signing time:             Sat 26 Jul 2025 00:30:18 +0000
ROA not before:           Sat 26 Jul 2025 00:30:18 +0000
ROA not after:            Sat 30 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:9a:a7:3d:6f:eb:69:a3:c4:a3:da:71:24:5a:c2:af:9e:bd:69:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 26 00:30:18 2025 GMT
            Not After : Aug 30 23:59:59 2025 GMT
        Subject: serialNumber=49921e009c90e314b5b682bfa3d9260ca029749b5a67303815e994c1de3c611b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:33:ed:92:ba:33:dd:04:04:32:81:9f:c9:66:
                    ba:ac:79:05:ee:26:80:a4:9b:3a:88:d9:98:9a:3a:
                    0f:2c:a9:d9:a6:8c:fb:61:9b:79:56:63:c8:5b:f5:
                    b5:4d:ca:f8:5c:85:e8:89:5b:39:39:d6:7e:e5:7a:
                    f9:4c:22:46:cf:57:31:e9:37:bb:9b:00:e2:4c:d7:
                    1d:2d:ca:4d:6a:4f:34:7b:f3:81:9f:1e:fe:67:15:
                    d9:45:99:ea:c5:75:52:13:c8:21:bd:95:77:8e:06:
                    8c:c7:35:70:6e:d3:7c:13:3d:84:cb:ae:4b:4d:ba:
                    31:43:d1:a8:05:e2:3e:8e:1a:7b:e8:a0:56:3b:b1:
                    99:ef:3b:2b:fd:82:ec:22:a4:11:cc:72:b6:05:29:
                    3f:06:8d:e7:ae:0b:64:ae:5b:09:b5:f8:dc:54:98:
                    87:24:c7:b8:c9:66:2f:3e:0d:67:e2:a5:b4:3d:87:
                    56:1a:ff:f2:54:3f:3d:38:b0:d2:16:85:e9:f6:1f:
                    92:7b:0a:41:f0:a9:15:43:74:f3:05:23:32:dc:43:
                    4c:18:b0:38:ea:8c:71:26:23:0e:21:b7:87:ff:74:
                    54:ac:83:cf:bf:c4:85:60:f7:6e:c6:82:96:26:92:
                    6e:e4:c8:8b:f7:72:b5:2b:47:ee:06:6d:0a:cc:40:
                    6b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D9:84:1D:44:B1:95:5B:F3:D5:63:6D:78:75:A6:53:25:9B:F9:70
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6aacefa1-cf60-4fb3-a06b-44ee6abcccc1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ab:b3:c3:5e:69:d9:d7:3d:3b:ec:a2:1f:6b:88:d0:01:4a:
         a5:8b:6f:e6:8f:8e:39:9f:44:ba:be:ac:2e:cf:31:d4:1c:e9:
         6b:91:2f:37:a3:ec:79:91:5f:f5:09:1f:0d:a8:6a:ba:c1:2b:
         25:54:62:96:0d:85:75:b6:36:ec:6f:2b:e1:1b:9f:5a:d7:da:
         de:b6:02:4d:97:ab:7b:3e:19:a9:07:7e:c8:bf:3f:f8:df:cb:
         55:66:22:3a:6f:45:78:c6:f4:7a:80:b3:33:8a:52:8d:5a:30:
         6d:42:f4:63:82:a7:5d:66:10:97:2b:54:17:28:6a:c9:bd:a5:
         90:b3:2f:79:4a:66:25:59:56:aa:60:6a:7d:ed:8a:49:12:cf:
         8b:d2:43:d4:ad:e3:73:fc:8b:a6:7f:6a:2a:89:9b:1b:7f:3f:
         5c:a0:a1:de:25:56:be:bb:27:79:86:3d:0e:a7:9f:03:39:93:
         34:e1:fe:95:c0:25:62:4c:6b:1d:f0:57:e2:ed:19:46:dc:70:
         0a:9f:f6:ad:33:b5:45:b2:74:e9:f3:74:9f:75:cc:0d:99:ee:
         44:ab:38:00:a4:37:cb:27:b4:2a:84:5f:88:2d:b6:0e:a8:ca:
         95:d0:92:27:19:35:5d:8a:f9:bb:3d:1f:d7:50:50:b8:fd:df:
         a7:6b:99:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNJqnPW/raaPEo9pxJFrCr569aR4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI2MDAzMDE4WhcNMjUwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTkyMWUwMDljOTBlMzE0YjViNjgyYmZhM2Q5MjYwY2Ew
Mjk3NDliNWE2NzMwMzgxNWU5OTRjMWRlM2M2MTFiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvM+2SujPdBAQygZ/JZrqseQXuJoCkmzqI2ZiaOg8sqdmm
jPthm3lWY8hb9bVNyvhcheiJWzk51n7levlMIkbPVzHpN7ubAOJM1x0tyk1qTzR7
84GfHv5nFdlFmerFdVITyCG9lXeOBozHNXBu03wTPYTLrktNujFD0agF4j6OGnvo
oFY7sZnvOyv9guwipBHMcrYFKT8GjeeuC2SuWwm1+NxUmIckx7jJZi8+DWfipbQ9
h1Ya//JUPz04sNIWhen2H5J7CkHwqRVDdPMFIzLcQ0wYsDjqjHEmIw4ht4f/dFSs
g8+/xIVg927GgpYmkm7kyIv3crUrR+4GbQrMQGuNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUptmEHUSxlVvz1WNteHWmUyWb+XAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZhYWNlZmExLWNmNjAtNGZiMy1hMDZiLTQ0ZWU2YWJjY2NjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5vIwDQYJKoZIhvcNAQELBQADggEBAIirs8NeadnXPTvsoh9riNABSqWL
b+aPjjmfRLq+rC7PMdQc6WuRLzej7HmRX/UJHw2oarrBKyVUYpYNhXW2NuxvK+Eb
n1rX2t62Ak2Xq3s+GakHfsi/P/jfy1VmIjpvRXjG9HqAszOKUo1aMG1C9GOCp11m
EJcrVBcoasm9pZCzL3lKZiVZVqpgan3tikkSz4vSQ9St43P8i6Z/aiqJmxt/P1yg
od4lVr67J3mGPQ6nnwM5kzTh/pXAJWJMax3wV+LtGUbccAqf9q0ztUWydOnzdJ91
zA2Z7kSrOACkN8sntCqEX4gttg6oypXQkicZNV2K+bs9H9dQULj936drmZk=
-----END CERTIFICATE-----