Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b415600-e5c5-45af-b51d-800cb6b60664.roa
File:                     7b415600-e5c5-45af-b51d-800cb6b60664.roa (raw, json)
Hash identifier:          mKei3W/gOpqvE5TDz0NKPtjsz/olh8mo5/u5zwjToOE=
Subject key identifier:   3D:48:7C:7D:E4:21:35:2B:AC:10:18:33:24:96:2B:DA:0F:1B:20:7D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0B24521720B11DDD649EC795C298EF284EE226F6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b415600-e5c5-45af-b51d-800cb6b60664.roa
Signing time:             Tue 21 Oct 2025 11:33:51 +0000
ROA not before:           Tue 21 Oct 2025 11:33:51 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.156.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:24:52:17:20:b1:1d:dd:64:9e:c7:95:c2:98:ef:28:4e:e2:26:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 11:33:51 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=46701e56e9e441a9ce8dac87aef55b77387714c90897bd27346ce23f0e6b20ca, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9d:bc:49:7d:6c:96:46:e8:1a:ab:57:2b:a7:
                    87:bf:e7:60:99:78:c7:cf:13:dd:ec:11:fa:79:c9:
                    a3:f0:fc:ab:cd:a9:18:17:ff:2d:6c:ef:c4:53:56:
                    9e:63:d7:c3:99:0d:49:06:52:be:d7:2e:9c:31:78:
                    bb:b7:11:18:a4:a7:a5:80:81:dc:23:2c:e9:94:62:
                    77:b1:69:4e:ab:dc:b4:0f:44:3c:4e:55:7a:f9:72:
                    33:6a:b5:1c:a9:09:ed:a0:9b:39:15:41:b5:dd:15:
                    74:90:65:54:03:ce:21:e0:a2:49:64:ad:92:12:51:
                    1e:62:0c:5a:11:da:fa:8f:ae:0c:8b:d0:23:2d:10:
                    2f:a9:05:1f:57:2f:86:63:76:f1:96:05:38:f5:25:
                    22:fa:d6:ed:0e:76:91:bf:02:34:2d:ed:0b:3a:3f:
                    48:ee:b3:87:d5:ac:1f:47:31:2b:41:2d:2c:51:67:
                    ef:1a:7f:e3:80:02:f2:31:e6:6d:52:f2:2c:f6:3f:
                    ef:10:dd:88:a1:c3:84:19:4c:86:f9:1b:6f:c7:37:
                    af:62:5b:82:21:16:54:a3:05:8a:59:70:23:99:72:
                    e6:66:8e:85:91:69:ac:6c:2d:4d:07:43:13:00:b0:
                    4e:c3:27:76:46:34:5d:ca:78:30:92:cb:51:ce:12:
                    94:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:48:7C:7D:E4:21:35:2B:AC:10:18:33:24:96:2B:DA:0F:1B:20:7D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7b415600-e5c5-45af-b51d-800cb6b60664.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.156.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:91:63:6c:68:22:45:35:23:a9:4b:e5:9a:7a:f5:11:36:d0:
         bf:74:5f:6e:4e:cd:a8:33:a2:58:e9:a6:54:9b:05:e5:a0:34:
         60:81:04:dd:fe:49:c6:5a:a7:0c:59:7e:14:c2:55:13:d4:d3:
         1c:f7:c9:aa:01:1c:4b:88:db:82:61:12:1c:a3:aa:31:9d:8b:
         6d:21:78:c7:51:18:b7:8e:45:11:0e:39:c7:44:9d:9c:ad:96:
         bd:79:c3:95:87:ba:0a:c3:f1:4b:13:17:28:f9:12:66:94:32:
         25:6e:15:c9:18:91:3d:10:c8:45:b2:e7:8a:8e:ca:a0:97:9c:
         22:29:04:59:47:42:85:f8:38:6b:a0:85:e7:03:92:63:19:09:
         be:2a:88:08:0f:39:0f:07:36:a5:c1:b0:fc:35:20:c8:d3:ec:
         ca:f5:99:d9:94:00:8d:44:66:b3:47:66:6b:88:60:c1:4e:13:
         49:75:9d:61:57:8e:f4:12:cb:9b:87:71:71:77:cc:02:fc:d7:
         91:86:d6:64:ab:6e:0f:20:df:25:e8:e9:d5:a8:16:37:ce:ed:
         32:11:17:84:07:a7:0b:d1:6e:23:49:2c:29:36:12:32:67:e7:
         12:a1:a0:84:cf:1f:2c:ca:5c:eb:27:58:7f:9b:b4:f3:54:60:
         0b:67:53:bc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCyRSFyCxHd1knseVwpjvKE7iJvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMTEzMzUxWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NjcwMWU1NmU5ZTQ0MWE5Y2U4ZGFjODdhZWY1NWI3NzM4
NzcxNGM5MDg5N2JkMjczNDZjZTIzZjBlNmIyMGNhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqnbxJfWyWRugaq1crp4e/52CZeMfPE93sEfp5yaPw/KvN
qRgX/y1s78RTVp5j18OZDUkGUr7XLpwxeLu3ERikp6WAgdwjLOmUYnexaU6r3LQP
RDxOVXr5cjNqtRypCe2gmzkVQbXdFXSQZVQDziHgoklkrZISUR5iDFoR2vqPrgyL
0CMtEC+pBR9XL4ZjdvGWBTj1JSL61u0OdpG/AjQt7Qs6P0jus4fVrB9HMStBLSxR
Z+8af+OAAvIx5m1S8iz2P+8Q3Yihw4QZTIb5G2/HN69iW4IhFlSjBYpZcCOZcuZm
joWRaaxsLU0HQxMAsE7DJ3ZGNF3KeDCSy1HOEpSDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPUh8feQhNSusEBgzJJYr2g8bIH0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdiNDE1NjAwLWU1YzUtNDVhZi1iNTFkLTgwMGNiNmI2MDY2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIPnNQwDQYJKoZIhvcNAQELBQADggEBAEORY2xoIkU1I6lL5Zp69RE20L90
X25OzagzoljpplSbBeWgNGCBBN3+ScZapwxZfhTCVRPU0xz3yaoBHEuI24JhEhyj
qjGdi20heMdRGLeORREOOcdEnZytlr15w5WHugrD8UsTFyj5EmaUMiVuFckYkT0Q
yEWy54qOyqCXnCIpBFlHQoX4OGughecDkmMZCb4qiAgPOQ8HNqXBsPw1IMjT7Mr1
mdmUAI1EZrNHZmuIYMFOE0l1nWFXjvQSy5uHcXF3zAL815GG1mSrbg8g3yXo6dWo
FjfO7TIRF4QHpwvRbiNJLCk2EjJn5xKhoITPHyzKXOsnWH+btPNUYAtnU7w=
-----END CERTIFICATE-----