Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa
File:                     86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa (raw, json)
Hash identifier:          ygQOgBQce6j+00FRMhE1FX5ONZOv1jGc782wn6fUVso=
Subject key identifier:   00:1D:A6:11:8C:6A:7B:E2:BE:19:DE:70:A7:EA:47:9A:22:40:AB:88
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       50C3C1C7FF6EBCC908CB8517EBCC3D8D93F2BA58
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa
Signing time:             Tue 04 Nov 2025 02:40:54 +0000
ROA not before:           Tue 04 Nov 2025 02:40:54 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.177.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:c3:c1:c7:ff:6e:bc:c9:08:cb:85:17:eb:cc:3d:8d:93:f2:ba:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 02:40:54 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=c8d6010d7860ea2e11616f2e031d142d76318530f7c79df3d1741f62ac66c716, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:33:c4:44:dd:99:61:3e:ca:bf:1d:73:9a:3e:
                    f0:5a:57:43:92:17:95:7c:24:e0:bb:c2:b6:d4:73:
                    30:66:6b:45:4b:94:0e:d1:4a:6f:90:41:dd:6c:69:
                    b9:84:23:6b:8f:70:44:af:ea:c4:07:5a:4f:72:98:
                    5c:9b:c3:7a:04:02:35:64:07:3b:61:64:47:c2:c2:
                    73:b5:1e:10:02:76:ee:63:75:e4:07:8e:a3:57:72:
                    7a:39:39:d2:03:41:d1:b9:76:cf:a5:e7:b5:ee:59:
                    59:8d:6f:5c:ac:28:96:ce:75:e0:6e:a9:ec:a9:13:
                    97:81:c9:dd:69:f9:ae:3a:34:35:fc:6c:b9:ba:55:
                    28:34:ba:cd:7b:10:aa:02:27:ca:ff:3e:ec:25:47:
                    c3:79:91:c2:f9:e0:82:90:54:08:0e:29:ef:de:11:
                    98:db:6c:cc:68:1d:49:cd:9a:9d:75:92:01:68:34:
                    d4:fc:33:b0:52:5e:22:73:46:ae:67:17:87:9a:76:
                    78:ec:a3:b2:5c:b6:c6:56:8c:be:7a:96:83:09:56:
                    22:1e:36:cb:d5:c7:ff:8b:5b:2a:f6:7b:33:f3:a8:
                    13:83:16:da:81:32:d9:fd:dd:9b:5b:ee:f5:9f:27:
                    73:db:89:da:4e:ff:cb:73:0b:0a:58:87:6e:61:e9:
                    e4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:1D:A6:11:8C:6A:7B:E2:BE:19:DE:70:A7:EA:47:9A:22:40:AB:88
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2c:82:ab:79:89:e8:84:2a:33:f7:2d:a8:bf:1f:f5:74:4b:c8:
         87:f9:a1:d4:1e:96:4c:a7:8a:d4:b1:8d:ef:e9:71:5f:2a:e7:
         a8:69:b3:a0:4e:01:cb:e1:41:cd:68:06:5a:d1:eb:24:d6:8d:
         e3:d8:af:ca:0b:ab:4a:ce:66:f5:7a:42:7a:80:7a:e5:1c:d8:
         0c:7e:9a:01:d3:3d:1f:7b:79:18:28:1d:ea:56:dc:bb:ba:66:
         2b:9d:1c:5b:32:91:fe:fa:28:d1:05:15:57:9e:c1:48:b6:3e:
         e6:aa:13:08:1b:5f:90:13:c8:d6:bb:33:df:91:5d:68:3c:58:
         c8:cc:5e:a7:1c:a8:89:b9:8c:23:56:8d:e5:c6:78:47:48:2f:
         26:e5:19:d6:57:a9:f4:59:61:f7:ab:9c:b3:d0:a7:f2:d3:fd:
         68:a7:fd:b3:c0:b4:5b:28:5f:5a:4e:e1:15:88:ef:be:04:41:
         8d:e7:40:92:28:6f:4b:33:2b:b1:bf:07:0f:81:89:0f:e3:5d:
         f3:b1:9e:78:75:4f:28:f5:ce:b5:7b:0b:2d:69:a1:e8:76:14:
         e2:3e:16:ac:04:73:4d:5e:ba:68:b4:c9:7a:1c:39:84:ba:0b:
         45:7c:d0:f5:8f:c5:6b:9b:f3:5f:84:e6:24:2b:f7:e8:49:ee:
         a7:c0:b9:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUMPBx/9uvMkIy4UX68w9jZPyulgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDI0MDU0WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOGQ2MDEwZDc4NjBlYTJlMTE2MTZmMmUwMzFkMTQyZDc2
MzE4NTMwZjdjNzlkZjNkMTc0MWY2MmFjNjZjNzE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQM8RE3ZlhPsq/HXOaPvBaV0OSF5V8JOC7wrbUczBma0VL
lA7RSm+QQd1sabmEI2uPcESv6sQHWk9ymFybw3oEAjVkBzthZEfCwnO1HhACdu5j
deQHjqNXcno5OdIDQdG5ds+l57XuWVmNb1ysKJbOdeBuqeypE5eByd1p+a46NDX8
bLm6VSg0us17EKoCJ8r/PuwlR8N5kcL54IKQVAgOKe/eEZjbbMxoHUnNmp11kgFo
NNT8M7BSXiJzRq5nF4eadnjso7JctsZWjL56loMJViIeNsvVx/+LWyr2ezPzqBOD
FtqBMtn93Ztb7vWfJ3PbidpO/8tzCwpYh25h6eT3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAB2mEYxqe+K+Gd5wp+pHmiJAq4gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg2Y2IxY2NkLWEzMDYtNGVkZS04YmY2LTY2MjMzNWRkNDFjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMPsRAwDQYJKoZIhvcNAQELBQADggEBACyCq3mJ6IQqM/ctqL8f9XRLyIf5
odQelkynitSxje/pcV8q56hps6BOAcvhQc1oBlrR6yTWjePYr8oLq0rOZvV6QnqA
euUc2Ax+mgHTPR97eRgoHepW3Lu6ZiudHFsykf76KNEFFVeewUi2PuaqEwgbX5AT
yNa7M9+RXWg8WMjMXqccqIm5jCNWjeXGeEdILyblGdZXqfRZYfernLPQp/LT/Win
/bPAtFsoX1pO4RWI774EQY3nQJIob0szK7G/Bw+BiQ/jXfOxnnh1Tyj1zrV7Cy1p
oeh2FOI+FqwEc01eumi0yXocOYS6C0V80PWPxWub81+E5iQr9+hJ7qfAucY=
-----END CERTIFICATE-----