Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a74bdd9e-0e86-4280-9653-839c7cab021b.roa
File:                     a74bdd9e-0e86-4280-9653-839c7cab021b.roa (raw, json)
Hash identifier:          uaIIFV65NJm2K7irLfbhTtGlNy1wm8r5RQ8DmLMGBvM=
Subject key identifier:   EC:F6:D9:E8:BD:84:05:66:84:43:95:6E:BC:00:15:A4:19:89:8A:D9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       569A70775069B31DF72FE96EE8B8FE17799C5D6B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a74bdd9e-0e86-4280-9653-839c7cab021b.roa
Signing time:             Fri 11 Jul 2025 15:11:11 +0000
ROA not before:           Fri 11 Jul 2025 15:11:11 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.140.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:9a:70:77:50:69:b3:1d:f7:2f:e9:6e:e8:b8:fe:17:79:9c:5d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 15:11:11 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=f4b4fc7e44688f363dc8f8e20fe84c6740394c018f8226d4404573c859527101, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:be:22:ca:48:b1:c3:4a:a6:8a:c6:76:47:0b:
                    88:63:b7:ef:2d:f0:ec:4f:44:c0:f4:45:92:37:38:
                    04:c3:e9:9b:4e:93:b5:bb:1d:82:1b:eb:fd:1d:16:
                    a4:b0:a6:90:df:39:21:be:51:92:59:7b:7a:56:c1:
                    89:99:36:8a:da:8d:ab:ab:a3:ae:2e:23:7b:b0:ba:
                    45:3b:b8:f2:79:bb:e3:7c:15:c3:03:16:81:9f:06:
                    29:fd:c1:97:b6:08:c2:15:e7:89:d8:50:10:ca:fe:
                    e7:8e:c7:61:f1:13:de:37:7d:55:51:bf:9f:67:75:
                    8e:a5:ee:64:29:6a:66:78:19:4f:ac:4c:67:64:dd:
                    f9:02:a5:1c:0b:79:a4:1b:35:47:3e:0a:4b:82:cf:
                    3e:bf:64:1e:bc:8a:65:54:e6:99:5e:ae:03:e2:65:
                    ac:62:12:30:4b:c5:5b:75:02:3e:02:cf:37:4c:ad:
                    fe:c4:99:55:85:b8:b3:e1:56:a8:1c:3c:10:04:b6:
                    ef:c1:08:ec:36:12:be:8c:cd:b5:81:f7:f1:54:ce:
                    d8:b5:ac:90:9b:a9:ba:7a:36:2e:4c:f9:ca:0c:f7:
                    92:db:d3:f8:cf:04:f4:d5:bf:3f:32:55:61:76:b4:
                    ac:59:30:e7:3d:e8:0e:c9:8b:2b:72:e7:b1:a3:67:
                    cb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F6:D9:E8:BD:84:05:66:84:43:95:6E:BC:00:15:A4:19:89:8A:D9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a74bdd9e-0e86-4280-9653-839c7cab021b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.140.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         35:8c:9e:91:19:8c:62:5e:43:05:88:c6:7d:09:19:54:9f:7a:
         f8:97:ca:da:4f:44:b8:96:1b:da:41:78:04:41:d5:fe:e8:ed:
         05:1a:e0:84:f6:9a:95:d0:e9:5f:e4:21:4e:c8:ef:c2:ef:46:
         21:22:f6:cf:ac:ec:99:60:b4:f9:af:e1:1b:9e:9f:9d:bb:ce:
         47:54:25:53:cb:07:b3:f8:e8:6e:2a:ab:91:fb:ea:90:9d:64:
         70:f3:6e:42:0a:54:97:39:14:d7:b1:49:77:e5:68:a1:5b:f9:
         c6:31:55:ab:b7:c5:59:fd:17:9b:0d:b8:6b:f8:c4:ff:c0:4a:
         99:48:5e:41:34:c8:6f:e2:12:84:03:b0:3a:5b:fe:5d:ee:93:
         14:89:a9:b0:1e:73:35:59:b0:8b:f3:2c:2d:3c:4f:44:ee:11:
         7b:84:6d:be:08:2a:5e:64:2c:b1:3a:5f:f4:7d:2c:29:64:78:
         d3:33:dd:d8:ef:2f:0e:32:d7:d3:be:48:1b:28:8b:3f:f9:5e:
         df:b8:c1:0d:6a:44:38:ee:34:65:dd:0d:f7:be:6e:b2:ce:43:
         f9:ce:29:c0:5a:43:b7:be:ce:42:67:44:67:e1:f9:bd:e4:03:
         d7:1e:e3:28:b0:df:e1:6e:e2:76:99:e7:70:bd:82:2d:e6:f9:
         12:65:89:c8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVppwd1Bpsx33L+lu6Lj+F3mcXWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTUxMTExWhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGI0ZmM3ZTQ0Njg4ZjM2M2RjOGY4ZTIwZmU4NGM2NzQw
Mzk0YzAxOGY4MjI2ZDQ0MDQ1NzNjODU5NTI3MTAxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgviLKSLHDSqaKxnZHC4hjt+8t8OxPRMD0RZI3OATD6ZtO
k7W7HYIb6/0dFqSwppDfOSG+UZJZe3pWwYmZNorajauro64uI3uwukU7uPJ5u+N8
FcMDFoGfBin9wZe2CMIV54nYUBDK/ueOx2HxE943fVVRv59ndY6l7mQpamZ4GU+s
TGdk3fkCpRwLeaQbNUc+CkuCzz6/ZB68imVU5plergPiZaxiEjBLxVt1Aj4CzzdM
rf7EmVWFuLPhVqgcPBAEtu/BCOw2Er6MzbWB9/FUzti1rJCbqbp6Ni5M+coM95Lb
0/jPBPTVvz8yVWF2tKxZMOc96A7Jiyty57GjZ8upAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7PbZ6L2EBWaEQ5VuvAAVpBmJitkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3NGJkZDllLTBlODYtNDI4MC05NjUzLTgzOWM3Y2FiMDIxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPjDANBgkqhkiG9w0BAQsFAAOCAQEANYyekRmMYl5DBYjGfQkZVJ96+JfK
2k9EuJYb2kF4BEHV/ujtBRrghPaaldDpX+QhTsjvwu9GISL2z6zsmWC0+a/hG56f
nbvOR1QlU8sHs/jobiqrkfvqkJ1kcPNuQgpUlzkU17FJd+VooVv5xjFVq7fFWf0X
mw24a/jE/8BKmUheQTTIb+IShAOwOlv+Xe6TFImpsB5zNVmwi/MsLTxPRO4Re4Rt
vggqXmQssTpf9H0sKWR40zPd2O8vDjLX075IGyiLP/le37jBDWpEOO40Zd0N975u
ss5D+c4pwFpDt77OQmdEZ+H5veQD1x7jKLDf4W7idpnncL2CLeb5EmWJyA==
-----END CERTIFICATE-----