Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a74bdd9e-0e86-4280-9653-839c7cab021b.roa
File:                     a74bdd9e-0e86-4280-9653-839c7cab021b.roa (raw, json)
Hash identifier:          YBED/YcwRhYr3ZFETntmJXkvlre+vb5k/wOS3v4OeGM=
Subject key identifier:   43:86:5E:D1:31:08:AA:DF:D0:0A:CE:C3:0D:F0:CA:8B:37:BB:39:CE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A4051C90324DBE0E5C8FA8B6CABA6CC6DB9B7E1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a74bdd9e-0e86-4280-9653-839c7cab021b.roa
Signing time:             Tue 21 Oct 2025 06:02:32 +0000
ROA not before:           Tue 21 Oct 2025 06:02:32 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.140.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:40:51:c9:03:24:db:e0:e5:c8:fa:8b:6c:ab:a6:cc:6d:b9:b7:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 06:02:32 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=e21fed9ee705e55b97dc532d27eb913b41e08f8a93973f45670491d58dfa6154, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:64:d7:cd:1f:f6:a9:a8:4f:c9:e3:50:d7:de:
                    20:11:3c:f8:ef:82:42:69:fa:9a:98:0c:13:70:4f:
                    3a:cd:34:57:7c:ef:48:13:8e:69:26:96:40:67:83:
                    8b:83:4d:61:93:71:1c:2c:49:25:74:14:db:7e:75:
                    d6:16:11:0b:46:07:e4:0b:16:4d:8a:a1:9e:f1:54:
                    46:98:79:a8:4a:3e:4e:5a:10:ba:d1:be:83:23:ee:
                    62:ee:79:85:80:f2:22:77:23:60:85:0d:76:9d:d7:
                    e6:f9:fb:a1:d4:e5:5a:c3:61:7a:92:71:ad:26:fd:
                    29:b3:e0:fa:31:22:80:cf:25:07:34:c1:29:dd:01:
                    b6:08:ff:9f:df:a5:02:cc:0a:29:9d:db:c6:fb:d6:
                    b7:58:6c:bd:51:82:68:c2:d9:b8:10:7f:c2:94:b4:
                    a4:6e:31:10:05:6f:92:bc:44:03:ab:3b:15:58:90:
                    62:89:0e:ab:15:cc:56:2b:84:c8:c4:a4:52:57:cd:
                    26:8c:75:43:c5:85:56:a0:51:4a:a9:06:43:f3:e2:
                    43:97:3c:72:09:f1:2e:a7:4e:39:87:f8:73:5c:36:
                    87:76:7e:da:ca:52:40:4a:98:0a:0f:9b:bf:de:82:
                    a0:51:18:be:cb:c8:11:e2:f5:4e:3a:03:c1:6c:a0:
                    17:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:86:5E:D1:31:08:AA:DF:D0:0A:CE:C3:0D:F0:CA:8B:37:BB:39:CE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a74bdd9e-0e86-4280-9653-839c7cab021b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.140.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:8c:94:a7:ab:fc:db:76:8e:11:a0:f3:ff:c2:8a:10:b2:1d:
         19:47:c7:d5:a1:97:1b:39:03:7d:e4:25:15:a8:e9:15:aa:c6:
         17:3d:0a:88:83:ba:97:c7:4d:94:f5:38:dc:bf:c3:1e:2e:2b:
         76:21:2b:5d:d4:7e:83:8d:f9:6f:44:e0:eb:fa:23:e6:be:4c:
         72:55:2d:c8:c1:6a:8e:ee:25:3e:f9:9a:e1:e4:7a:fc:d6:72:
         e0:c7:88:31:c3:68:2a:b5:a9:2e:b3:ef:1d:a6:20:a0:9b:66:
         62:3d:2e:db:76:18:0d:f2:6d:09:52:b6:8d:e5:4b:6f:cd:d1:
         b3:0b:33:63:bb:da:ca:62:fa:82:cb:e4:e7:22:46:fd:2c:3b:
         e9:c5:2b:20:07:fd:9b:cb:7d:2b:65:fe:14:02:dd:33:28:77:
         10:e2:89:82:a5:d7:f3:88:94:ba:e0:77:6d:46:63:96:a9:93:
         47:b5:c4:c4:bc:74:4f:c9:9e:cd:ef:46:38:a9:3c:9a:cd:87:
         ee:05:81:ff:2e:09:dc:29:63:71:4d:b8:3e:cb:3a:7b:b1:59:
         15:41:96:3d:86:0a:8d:cd:9c:cf:23:94:e1:f7:42:bf:a9:9d:
         dd:72:82:0e:cb:c2:17:58:a8:ae:da:09:8c:fe:21:e8:c2:ce:
         26:b0:96:71
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUakBRyQMk2+DlyPqLbKumzG25t+EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDYwMjMyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjFmZWQ5ZWU3MDVlNTViOTdkYzUzMmQyN2ViOTEzYjQx
ZTA4ZjhhOTM5NzNmNDU2NzA0OTFkNThkZmE2MTU0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaZNfNH/apqE/J41DX3iARPPjvgkJp+pqYDBNwTzrNNFd8
70gTjmkmlkBng4uDTWGTcRwsSSV0FNt+ddYWEQtGB+QLFk2KoZ7xVEaYeahKPk5a
ELrRvoMj7mLueYWA8iJ3I2CFDXad1+b5+6HU5VrDYXqSca0m/Smz4PoxIoDPJQc0
wSndAbYI/5/fpQLMCimd28b71rdYbL1RgmjC2bgQf8KUtKRuMRAFb5K8RAOrOxVY
kGKJDqsVzFYrhMjEpFJXzSaMdUPFhVagUUqpBkPz4kOXPHIJ8S6nTjmH+HNcNod2
ftrKUkBKmAoPm7/egqBRGL7LyBHi9U46A8FsoBfHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQ4Ze0TEIqt/QCs7DDfDKize7Oc4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3NGJkZDllLTBlODYtNDI4MC05NjUzLTgzOWM3Y2FiMDIxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPjDANBgkqhkiG9w0BAQsFAAOCAQEAo4yUp6v823aOEaDz/8KKELIdGUfH
1aGXGzkDfeQlFajpFarGFz0KiIO6l8dNlPU43L/DHi4rdiErXdR+g435b0Tg6/oj
5r5MclUtyMFqju4lPvma4eR6/NZy4MeIMcNoKrWpLrPvHaYgoJtmYj0u23YYDfJt
CVK2jeVLb83RswszY7vaymL6gsvk5yJG/Sw76cUrIAf9m8t9K2X+FALdMyh3EOKJ
gqXX84iUuuB3bUZjlqmTR7XExLx0T8meze9GOKk8ms2H7gWB/y4J3CljcU24Pss6
e7FZFUGWPYYKjc2czyOU4fdCv6md3XKCDsvCF1iortoJjP4h6MLOJrCWcQ==
-----END CERTIFICATE-----