Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6dbd0812-c186-43dc-84c8-601c485a9246.roa
File:                     6dbd0812-c186-43dc-84c8-601c485a9246.roa (raw, json)
Hash identifier:          AvddiMg6Wzn4hl25s11Zc6qyQOKQMRySMlvdahH/o84=
Subject key identifier:   43:72:77:26:B5:0C:64:46:F5:A1:FE:67:82:B6:63:A5:8E:EB:DA:0B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       63E2B7C3AAACD7A0E9FE5FD99F40F158320927D9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6dbd0812-c186-43dc-84c8-601c485a9246.roa
Signing time:             Wed 16 Apr 2025 00:21:48 +0000
ROA not before:           Wed 16 Apr 2025 00:21:48 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:e2:b7:c3:aa:ac:d7:a0:e9:fe:5f:d9:9f:40:f1:58:32:09:27:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 16 00:21:48 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=2fe60e34a0542d84d504a312cd23582f0f37cf44dea0bdfbe9d645893a5b1c66, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:77:fe:f1:dc:92:11:d6:1e:39:d9:7e:80:e2:
                    c1:0a:d0:91:ff:25:55:97:9a:7a:a1:0f:b3:cc:e6:
                    46:f9:6a:3d:c9:64:6c:0f:02:91:df:00:42:e3:22:
                    56:47:d5:c8:0a:7b:3b:3b:bb:a6:00:11:0e:fc:2a:
                    1a:73:18:d4:96:80:e3:44:a0:80:e9:fc:0b:cb:63:
                    d5:c4:0a:e0:18:ee:42:97:02:39:0d:4e:97:90:5e:
                    f9:b5:cf:ef:40:fa:78:89:93:e0:a1:5c:43:48:2d:
                    95:65:52:7b:b9:d3:ad:08:eb:11:a3:ed:c6:0d:43:
                    03:dc:8f:ac:9f:0e:3e:84:91:87:fd:0e:76:a4:61:
                    eb:06:b6:0a:76:dc:1e:55:1b:8e:b9:4c:58:c3:96:
                    7d:13:93:dd:d0:2a:3d:42:5d:f4:30:ca:1d:9b:08:
                    1a:3a:37:f1:fa:8f:09:a3:8d:ee:78:ff:ff:fb:02:
                    a2:bb:03:65:90:da:8b:d3:28:5b:bc:15:72:a2:31:
                    4a:2e:51:2d:dc:db:9d:c9:95:c5:94:ce:f0:76:bc:
                    27:39:74:31:8d:4c:21:ee:cf:4e:f2:d3:7f:88:08:
                    d2:bf:38:fb:81:1c:11:85:07:ba:23:c9:3c:73:59:
                    4c:ae:b7:ac:c6:75:33:e0:c1:86:2d:81:78:fa:88:
                    e3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:72:77:26:B5:0C:64:46:F5:A1:FE:67:82:B6:63:A5:8E:EB:DA:0B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6dbd0812-c186-43dc-84c8-601c485a9246.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:80:50:6d:aa:fd:86:a4:f5:f0:cd:a5:4b:e4:63:5c:0e:ad:
         b6:79:e1:bd:64:08:f1:98:12:3a:b2:60:d7:e9:4d:c2:62:ed:
         39:e5:8c:c8:2d:d5:13:30:a3:1d:46:f6:7b:3d:e0:d8:41:65:
         51:a1:63:bf:14:de:ab:0a:fd:c7:7b:45:79:50:2c:59:37:87:
         ad:37:22:fd:bc:b3:50:11:8a:47:38:4f:43:e1:c6:bd:4b:ec:
         dc:ad:90:00:8f:82:e6:15:92:9d:bf:ee:11:3e:5a:8a:af:71:
         ac:46:5f:ca:f2:bb:e7:1a:ad:f1:59:ee:b6:61:40:6b:bc:b0:
         18:54:f7:8d:62:15:8c:2a:d4:77:66:04:36:6a:9b:a2:1f:8b:
         4e:a5:af:93:b3:6f:41:64:4a:14:3a:0e:3a:9f:52:e4:d1:32:
         12:83:02:c3:52:92:47:20:d4:e0:e6:bd:59:70:a2:14:23:79:
         10:f7:32:a4:e9:33:77:1a:90:b9:c3:56:10:f2:2a:dc:c8:34:
         c9:eb:7f:66:65:ed:5a:1b:b0:1d:bc:f5:d6:c7:46:58:51:43:
         44:10:6d:a3:7d:4c:3b:a5:dc:de:67:2d:d7:8f:90:de:d3:fd:
         ff:96:f0:21:31:c2:cc:17:cd:c2:8c:e6:3b:71:32:ae:da:b3:
         60:d3:25:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY+K3w6qs16Dp/l/Zn0DxWDIJJ9kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE2MDAyMTQ4WhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZmU2MGUzNGEwNTQyZDg0ZDUwNGEzMTJjZDIzNTgyZjBm
MzdjZjQ0ZGVhMGJkZmJlOWQ2NDU4OTNhNWIxYzY2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDed/7x3JIR1h452X6A4sEK0JH/JVWXmnqhD7PM5kb5aj3J
ZGwPApHfAELjIlZH1cgKezs7u6YAEQ78KhpzGNSWgONEoIDp/AvLY9XECuAY7kKX
AjkNTpeQXvm1z+9A+niJk+ChXENILZVlUnu5060I6xGj7cYNQwPcj6yfDj6EkYf9
DnakYesGtgp23B5VG465TFjDln0Tk93QKj1CXfQwyh2bCBo6N/H6jwmjje54///7
AqK7A2WQ2ovTKFu8FXKiMUouUS3c253JlcWUzvB2vCc5dDGNTCHuz07y03+ICNK/
OPuBHBGFB7ojyTxzWUyut6zGdTPgwYYtgXj6iONRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ3J3JrUMZEb1of5ngrZjpY7r2gswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZkYmQwODEyLWMxODYtNDNkYy04NGM4LTYwMWM0ODVhOTI0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3LAwDQYJKoZIhvcNAQELBQADggEBAG+AUG2q/Yak9fDNpUvkY1wOrbZ5
4b1kCPGYEjqyYNfpTcJi7TnljMgt1RMwox1G9ns94NhBZVGhY78U3qsK/cd7RXlQ
LFk3h603Iv28s1ARikc4T0Phxr1L7NytkACPguYVkp2/7hE+WoqvcaxGX8ryu+ca
rfFZ7rZhQGu8sBhU941iFYwq1HdmBDZqm6Ifi06lr5Ozb0FkShQ6DjqfUuTRMhKD
AsNSkkcg1ODmvVlwohQjeRD3MqTpM3cakLnDVhDyKtzINMnrf2Zl7VobsB289dbH
RlhRQ0QQbaN9TDul3N5nLdePkN7T/f+W8CExwswXzcKM5jtxMq7as2DTJcE=
-----END CERTIFICATE-----