Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/add830d3-7671-41f5-b602-3406f5d9de88.roa
File:                     add830d3-7671-41f5-b602-3406f5d9de88.roa (raw, json)
Hash identifier:          vEP0hKNA6/5dpBDuDYF4picA39w72ChIwly/ylUmW3k=
Subject key identifier:   18:C7:EA:40:11:06:10:51:59:5B:30:7D:A6:95:B5:57:CB:AA:69:01
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       11F66210AD7DB92247B43DE5A6CC5B81A7790AE6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/add830d3-7671-41f5-b602-3406f5d9de88.roa
Signing time:             Tue 20 May 2025 15:40:08 +0000
ROA not before:           Tue 20 May 2025 15:40:08 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.115.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:f6:62:10:ad:7d:b9:22:47:b4:3d:e5:a6:cc:5b:81:a7:79:0a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 15:40:08 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=00a59df623f61b92082f96631e6fcfbad2632bf65d9157bc30ed23a87548779e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3b:a6:50:68:ff:d0:e8:0b:03:20:05:d9:5c:
                    7c:5b:29:68:09:a4:33:2a:53:10:ee:45:e6:0c:78:
                    1b:1c:07:15:a8:9e:8f:da:87:b1:09:5f:6e:43:7e:
                    08:34:eb:8e:50:0c:65:4d:6a:c2:71:77:6d:9f:c4:
                    e2:c0:20:71:7f:9c:0c:e4:b7:31:b1:68:75:fc:61:
                    0c:f4:b1:38:f6:a3:af:bf:c7:78:eb:16:71:f8:1a:
                    34:93:20:58:01:79:21:96:71:4d:04:90:12:cb:4f:
                    9d:08:34:8d:64:df:33:70:e0:5b:4b:46:c0:ab:83:
                    6e:db:2a:b1:33:ae:e5:75:f6:df:ef:2a:87:26:a5:
                    7e:15:39:e9:9f:d6:fa:1e:2e:90:f3:97:db:f8:24:
                    49:e4:ac:5b:1c:cf:54:79:6f:07:4c:af:ec:aa:d3:
                    73:72:76:80:e3:d5:86:d4:b1:b4:d4:61:29:3e:f1:
                    82:32:40:20:7c:19:72:af:f9:2a:0f:a1:26:2a:c4:
                    fd:cb:19:94:4f:ac:67:a6:4d:60:8b:32:55:c5:eb:
                    43:99:fc:c2:00:28:18:29:6e:35:67:8b:22:2a:3e:
                    8b:bd:e6:9a:93:32:66:0b:7a:77:06:27:e1:b6:2d:
                    5b:24:e6:36:a7:74:24:7a:c1:90:5d:97:56:1f:25:
                    00:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:C7:EA:40:11:06:10:51:59:5B:30:7D:A6:95:B5:57:CB:AA:69:01
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/add830d3-7671-41f5-b602-3406f5d9de88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.115.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         90:75:86:27:ef:25:ba:13:71:84:ed:0c:5c:d7:c0:e1:ea:71:
         7c:a8:22:54:36:c9:04:b9:21:c7:9a:cf:11:b2:ab:e0:08:3a:
         ca:c2:12:f2:1b:d7:dd:14:6e:ff:e2:94:cc:a8:c8:c5:bd:a4:
         41:3d:87:3b:23:dd:01:c8:7d:7a:8a:e2:e3:3d:59:e9:11:27:
         b8:de:e5:ea:e8:93:42:23:be:78:a2:0d:17:53:90:83:8e:84:
         cd:b2:c0:56:3e:2d:4b:bf:12:e4:67:a3:6b:19:f2:ee:65:15:
         49:cb:2f:05:12:11:c8:75:ac:26:38:0d:6d:95:cd:25:11:2d:
         bd:78:5f:7f:fa:8e:0a:9a:6d:7d:2b:e5:76:51:72:2f:2f:b2:
         40:18:b0:14:74:cc:d8:34:d0:fd:80:04:b0:b4:f4:97:60:02:
         1b:67:a9:bb:04:de:c0:45:dc:8e:2c:ea:10:d3:fe:33:b5:63:
         a9:a3:bb:1e:44:6a:76:f5:bf:02:6a:5a:2d:c1:b7:26:3d:37:
         96:e2:7b:13:39:22:fa:1f:57:fc:49:f4:36:8e:69:c7:b7:42:
         cf:2d:bf:b0:33:ac:78:ef:57:b7:a3:c4:76:ce:9a:3b:56:5c:
         c7:1d:e3:75:f9:7a:0a:a7:26:d2:41:9c:6f:cc:e7:58:72:f0:
         58:f5:81:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEfZiEK19uSJHtD3lpsxbgad5CuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTU0MDA4WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMGE1OWRmNjIzZjYxYjkyMDgyZjk2NjMxZTZmY2ZiYWQy
NjMyYmY2NWQ5MTU3YmMzMGVkMjNhODc1NDg3NzllMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmO6ZQaP/Q6AsDIAXZXHxbKWgJpDMqUxDuReYMeBscBxWo
no/ah7EJX25Dfgg0645QDGVNasJxd22fxOLAIHF/nAzktzGxaHX8YQz0sTj2o6+/
x3jrFnH4GjSTIFgBeSGWcU0EkBLLT50INI1k3zNw4FtLRsCrg27bKrEzruV19t/v
KocmpX4VOemf1voeLpDzl9v4JEnkrFscz1R5bwdMr+yq03NydoDj1YbUsbTUYSk+
8YIyQCB8GXKv+SoPoSYqxP3LGZRPrGemTWCLMlXF60OZ/MIAKBgpbjVniyIqPou9
5pqTMmYLencGJ+G2LVsk5jandCR6wZBdl1YfJQDXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGMfqQBEGEFFZWzB9ppW1V8uqaQEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FkZDgzMGQzLTc2NzEtNDFmNS1iNjAyLTM0MDZmNWQ5ZGU4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNc8AwDQYJKoZIhvcNAQELBQADggEBAJB1hifvJboTcYTtDFzXwOHqcXyo
IlQ2yQS5IceazxGyq+AIOsrCEvIb190Ubv/ilMyoyMW9pEE9hzsj3QHIfXqK4uM9
WekRJ7je5erok0IjvniiDRdTkIOOhM2ywFY+LUu/EuRno2sZ8u5lFUnLLwUSEch1
rCY4DW2VzSURLb14X3/6jgqabX0r5XZRci8vskAYsBR0zNg00P2ABLC09JdgAhtn
qbsE3sBF3I4s6hDT/jO1Y6mjux5Eanb1vwJqWi3BtyY9N5biexM5IvofV/xJ9DaO
ace3Qs8tv7AzrHjvV7ejxHbOmjtWXMcd43X5egqnJtJBnG/M51hy8Fj1gfM=
-----END CERTIFICATE-----